Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-08-2011, 07:37 PM
|
#1
|
LQ Newbie
Registered: Feb 2011
Posts: 13
Rep:
|
openldap 2.3.43 directory read only user
I am very new to openldap but got users added into the People ou and have authentication working over TLS. I have no ACLs in place yet but want to use a user called ldap-auth-user to bind to the ldap servers directory from the client servers. However I keep on getting ldap_bind: Invalid credentials (49). Error. I know the UserPassword is correct because I can log into a server using that id and password through the LDAP directory. I am guessing it has something to do with the way I created the account.
This Works:
ldapsearch -D 'cn=Manager,dc=test,dc=com' -x 'uid=testuser' -W
This Doesn't:
ldapsearch -D 'cn=ldap-auth-user,dc=test,dc=com' -x 'uid=testuser' -W
Here is the ldap-auth-users entry in the directory
[root@ldap-build-01 ~]# ldapsearch -D 'cn=Manager,dc=test,dc=com' -x 'uid=ldap-auth-user' -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=ldap-auth-user
# requesting: ALL
#
# ldap-auth-user, People, glbb.jp
dn: uid=ldap-auth-user,ou=People,dc=test,dc=com
uid:: bGRhcC1hdXRoLXVzZXIg
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e1NTSEF9VVU4eWQ1WDZkbGc5U2JOc21JSHR5YzkzazBwTzdOWjA=
shadowLastChange: 15008
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 503
gidNumber: 1000
homeDirectory: /home/ldap-auth-user
cn: ldap-auth-user
gecos: ldap-auth-user
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@ldap-build-01 ~]#
|
|
|
03-08-2011, 10:24 PM
|
#2
|
Member
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724
Rep:
|
The binddn you use from command line is different the dn from ldif content:
Code:
This Doesn't:
ldapsearch -D 'cn=ldap-auth-user,dc=test,dc=com' -x 'uid=testuser' -W
Code:
# ldap-auth-user, People, glbb.jp
dn: uid=ldap-auth-user,ou=People,dc=test,dc=com
uid:: bGRhcC1hdXRoLXVzZXIg
Which attribute you want to use to authenticate: cn or uid?
Try this:
Code:
ldapsearch -D 'uid=ldap-auth-user,ou=People,dc=test,dc=com' -x 'uid=testuser' -W
Remember input the password of ldap-auth-user, not rootdn.
|
|
|
03-09-2011, 02:27 AM
|
#3
|
LQ Newbie
Registered: Feb 2011
Posts: 13
Original Poster
Rep:
|
thank you. didn't realize you needed to specify the OU also. Kind of curious why I cannot bind with the cn though. the cn is ldap-auth-user just like the uid.
|
|
|
03-09-2011, 02:43 AM
|
#4
|
Member
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724
Rep:
|
Quote:
Originally Posted by craigmyster
Kind of curious why I cannot bind with the cn though. the cn is ldap-auth-user just like the uid.
|
Because there is no dn which has name 'cn=ldap-auth-user,ou=People,dc=test,dc=com' in your LDAP directory.
|
|
|
All times are GMT -5. The time now is 02:34 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|