On Tue, 2010-11-02 at 16:28 -0400, Tim Dunphy wrote:> I am attempting to setup an LDAP server under CentOS 5.4.
>
>
> However I am unable to search my ldap directory even tho I am
> supplying the proper credentials for the Manager account:
>
>
> [root at ldap openldap]# ldapsearch -x -h ldap -D
> 'cn=Manager,dc=example,dc=net' -W -b 'dc=example,dc=net'
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> Anonymous searches do work however:
>
> ldapsearch -x -h ldap -b "dc=example,dc=net" -s sub
"objectclass=*"
>
> [root at ldap openldap]# ldapsearch -x -h ldap -b
"dc=example,dc=net" -s
> sub "objectclass=*"
> # extended LDIF
> #
> # LDAPv3
> # base <dc=example,dc=net> with scope subtree
> # filter: objectclass=*
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
>
> I am currently attempting to use the actual word 'secret' to
> authenticate the Manager account:
>
> database bdb
> suffix "dc=example,dc=net"
> rootdn "cn=Manager,dc=example,dc=net"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw secret
> # rootpw {CRYPT}secret
>
>
> And I am getting error 49's in my openldap logs with loglevel set to
296
>
> /var/log/openldap.log
>
> Nov 2 15:45:58 ldap slapd[3522]: slapd starting
> Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 ACCEPT from
> IP=127.0.0.1:44552 (IP=0.0.0.0:389)
> Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 BIND
> dn="cn=Manager,dc=example,dc=net" method=128
> Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 RESULT tag=97 err=49 text>
Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 closed (connection lost)
>
>
> this is how I have configured my ldap.conf
>
> BASE dc=example,dc=net
> HOST localhost
> URI ldap://ldap.example.net
>
> and for some reason slapd is listening on port 3774 even tho I haven't
> told it to:
>
> [root at ldap network-scripts]# netstat -tulnp | grep 389
> tcp 0 0 0.0.0.0:389 0.0.0.0:*
> LISTEN 3774/slapd
> [root at ldap network-scripts]# netstat -tulnp | grep slapd
> tcp 0 0 0.0.0.0:389 0.0.0.0:*
> LISTEN 3774/slapd
>
> I haven't specified port 3774 _anywhere_ in my ldap config:
>
>
> [root at ldap network-scripts]# grep 3774 /etc/ldap
>
>
> thanks in advance for your help
----
that is process id 3774 and not a port - the port is clearly 389
I would suggest that you not have both HOST and URI, choose one or the
other.
In the above configuration, it would appear that 'secret' is the
password for rootbinddn of "cn=Manager,dc=example,dc=net"
the error 49 does indeed mean what it says, invalid credentials meaning
the user/password combination isn't working.
try ldapsearch -x -h localhost -b "dc=example,dc=net" \
-s sub "objectclass=*" -W -D 'cn=Manager,dc=example,dc=net'
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.