LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 07-06-2018, 09:08 AM   #1
dh2k
Member
 
Registered: Jan 2006
Distribution: Slackware 13.0 (KDE 3.5.10 from 12.2; Xfce 4.6; Fluxbox); Slackware 13.1 (KDE 4.5)
Posts: 211

Rep: Reputation: 52
openldap - ldap_bind: Invalid credentials (49)


I've been going round in circles for weeks - seems like the DIT has no admin user - or no admin user exists even though config file and dpkg-reconfigure has been followed as per dozens of guides from google search - seems this is a very, very widespread issue - probably a config issue no doubt - but this service does not really make the issue clear to remedy, any assistance appreciated Debian forum, TIA.

Some output below...
(also this environmnent is on a VPS with IPv4 public WAN IP - no NAT)



I've apt-get install slapd
[slapd is already the newest version (2.4.44+dfsg-5+deb9u1).]


Ive run dpkg-reconfigure slapd
and entered:
Code:
Omit OpenLDAP server config: No
DNS Domain: awesome.uk
Organization name: awesome
Administrator password: {plain text of same as my SHA1 below in config}
Database backend: HDB
Purge DB: No
Move DB: Yes

Config file looks like this:
(I'll harden this up with TLS and certs when basic config is working...)

Code:
root@unicorn03:/etc# cat /etc/ldap/slapd.d/slapd.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE    dc=awesome,dc=uk
URI     ldap://{WAN IP} ldap://{WAN IP}:666
rootdn  cn=ldapadmin,dc=awesome,dc=uk
rootpw  {SSHA}{RETRACTED}


root@unicorn03:~# ldapsearch -x -W -D 'cn=ldapadmin,dc=awesome,dc=uk' -b "" -s base
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
root@unicorn03:~#




Same error occurs with phpldapadmin webUi
i.e. "Invalid credentials (49)"




While ldapsearch -x output:

Code:
root@unicorn03:~# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
root@unicorn03:~#







Code:
root@unicorn03:~# systemctl status slapd
* slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
   Loaded: loaded (/etc/init.d/slapd; generated; vendor preset: enabled)
   Active: active (running) since Fri 2018-07-06 15:09:58 BST; 2min 23s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 14388 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)
    Tasks: 3 (limit: 4915)
   CGroup: /system.slice/slapd.service
           `-14394 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d

Jul 06 15:09:58 unicorn03 systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jul 06 15:09:58 unicorn03 slapd[14393]: @(#) $OpenLDAP: slapd  (Aug 10 2017 19:12:46) $
                                                Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
Jul 06 15:09:58 unicorn03 slapd[14394]: slapd starting
Jul 06 15:09:58 unicorn03 slapd[14388]: Starting OpenLDAP: slapd.
Jul 06 15:09:58 unicorn03 systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
root@unicorn03:~#













EDIT:
also tried with WAN IP on URI in /etc/default/slapd
and also localhost IP - to no avail but instead [Can't contact LDAP server (-1)]


Code:
root@unicorn03:~# grep -iC1 "ldap://" /etc/default/slapd
# Example usage:
# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
#SLAPD_SERVICES="ldap:/// ldapi:///"
SLAPD_SERVICES="ldap://WAN_IP_RETRACTED:389/ ldapi:///"

root@unicorn03:~# service slapd restart
root@unicorn03:~# ldapsearch -x -W -D 'cn=ldapadmin,dc=awesome,dc=uk' -b "" -s base
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
root@unicorn03:~# service slapd status
* slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
   Loaded: loaded (/etc/init.d/slapd; generated; vendor preset: enabled)
   Active: active (running) since Fri 2018-07-06 15:34:59 BST; 10s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 19181 ExecStop=/etc/init.d/slapd stop (code=exited, status=0/SUCCESS)
  Process: 19187 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)
    Tasks: 3 (limit: 4915)
   CGroup: /system.slice/slapd.service
           `-19194 /usr/sbin/slapd -h ldap://WAN_IP_RETRACTED:389/ ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d

Jul 06 15:34:59 unicorn03 slapd[19181]: Stopping OpenLDAP: slapd.
Jul 06 15:34:59 unicorn03 systemd[1]: Stopped LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Jul 06 15:34:59 unicorn03 systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jul 06 15:34:59 unicorn03 slapd[19193]: @(#) $OpenLDAP: slapd  (Aug 10 2017 19:12:46) $
                                                Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
Jul 06 15:34:59 unicorn03 slapd[19194]: slapd starting
Jul 06 15:34:59 unicorn03 slapd[19187]: Starting OpenLDAP: slapd.
Jul 06 15:34:59 unicorn03 systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
root@unicorn03:~#












With localhost IP:

Code:
root@unicorn03:~# service slapd status
* slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
   Loaded: loaded (/etc/init.d/slapd; generated; vendor preset: enabled)
   Active: active (running) since Fri 2018-07-06 15:37:23 BST; 3s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 19850 ExecStop=/etc/init.d/slapd stop (code=exited, status=0/SUCCESS)
  Process: 19856 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)
    Tasks: 3 (limit: 4915)
   CGroup: /system.slice/slapd.service
           `-19863 /usr/sbin/slapd -h ldap://127.0.0.1:389/ ldaps:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d

Jul 06 15:37:23 unicorn03 slapd[19850]: Stopping OpenLDAP: slapd.
Jul 06 15:37:23 unicorn03 systemd[1]: Stopped LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Jul 06 15:37:23 unicorn03 systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jul 06 15:37:23 unicorn03 slapd[19862]: @(#) $OpenLDAP: slapd  (Aug 10 2017 19:12:46) $
                                                Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
Jul 06 15:37:23 unicorn03 slapd[19863]: slapd starting
Jul 06 15:37:23 unicorn03 slapd[19856]: Starting OpenLDAP: slapd.
Jul 06 15:37:23 unicorn03 systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
root@unicorn03:~# ldapsearch -x -W -D 'cn=ldapadmin,dc=awesome,dc=uk' -b "" -s base
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
root@unicorn03:~#

Last edited by dh2k; 07-06-2018 at 10:39 AM.
 
Old 07-06-2018, 03:10 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Hi,

I'm not familiar with the Debian openldap package installation, but according to this, the correct admin dn is:
Code:
cn=admin, dc=awesome,dc=uk
.
Also note that in newer openldap versions the slapd.conf file is deprecated in favor of "cn=config" DIT

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] ldap_bind: Invalid credentials (49) when trying OpenLDAP query Sma11T0wnITGuy Linux - Server 19 08-17-2016 06:12 PM
OpenLdap v2.4.23 : ldap_bind: Invalid credentials (49) jonaskellens Linux - Newbie 42 02-19-2014 12:03 PM
[SOLVED] openldap ldap_bind: Invalid credentials (49) sanjaydelhi Linux - Newbie 9 03-16-2011 09:29 AM
ldap_bind: Invalid credentials (49) on OpenLDAP server gergaholic Linux - Server 7 11-08-2007 09:03 AM
ldap_bind: Invalid credentials (49) on OpenLDAP server gergaholic Fedora 2 11-05-2007 03:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 04:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration