FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 11-02-2010, 02:32 PM
Craig White
 
Default openldap fails to authenticate

On Tue, 2010-11-02 at 16:28 -0400, Tim Dunphy wrote:
> I am attempting to setup an LDAP server under CentOS 5.4.
>
>
> However I am unable to search my ldap directory even tho I am
> supplying the proper credentials for the Manager account:
>
>
> [root@ldap openldap]# ldapsearch -x -h ldap -D
> 'cn=Manager,dc=example,dc=net' -W -b 'dc=example,dc=net'
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> Anonymous searches do work however:
>
> ldapsearch -x -h ldap -b "dc=example,dc=net" -s sub "objectclass=*"
>
> [root@ldap openldap]# ldapsearch -x -h ldap -b "dc=example,dc=net" -s
> sub "objectclass=*"
> # extended LDIF
> #
> # LDAPv3
> # base <dc=example,dc=net> with scope subtree
> # filter: objectclass=*
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
>
> I am currently attempting to use the actual word 'secret' to
> authenticate the Manager account:
>
> database bdb
> suffix "dc=example,dc=net"
> rootdn "cn=Manager,dc=example,dc=net"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw secret
> # rootpw {CRYPT}secret
>
>
> And I am getting error 49's in my openldap logs with loglevel set to 296
>
> /var/log/openldap.log
>
> Nov 2 15:45:58 ldap slapd[3522]: slapd starting
> Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 ACCEPT from
> IP=127.0.0.1:44552 (IP=0.0.0.0:389)
> Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 BIND
> dn="cn=Manager,dc=example,dc=net" method=128
> Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 RESULT tag=97 err=49 text=
> Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 closed (connection lost)
>
>
> this is how I have configured my ldap.conf
>
> BASE dc=example,dc=net
> HOST localhost
> URI ldap://ldap.example.net
>
> and for some reason slapd is listening on port 3774 even tho I haven't
> told it to:
>
> [root@ldap network-scripts]# netstat -tulnp | grep 389
> tcp 0 0 0.0.0.0:389 0.0.0.0:*
> LISTEN 3774/slapd
> [root@ldap network-scripts]# netstat -tulnp | grep slapd
> tcp 0 0 0.0.0.0:389 0.0.0.0:*
> LISTEN 3774/slapd
>
> I haven't specified port 3774 _anywhere_ in my ldap config:
>
>
> [root@ldap network-scripts]# grep 3774 /etc/ldap
>
>
> thanks in advance for your help
----
that is process id 3774 and not a port - the port is clearly 389

I would suggest that you not have both HOST and URI, choose one or the
other.

In the above configuration, it would appear that 'secret' is the
password for rootbinddn of "cn=Manager,dc=example,dc=net"

the error 49 does indeed mean what it says, invalid credentials meaning
the user/password combination isn't working.

try ldapsearch -x -h localhost -b "dc=example,dc=net"
-s sub "objectclass=*" -W -D 'cn=Manager,dc=example,dc=net'

Craig



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-02-2010, 07:28 PM
Tim Dunphy
 
Default openldap fails to authenticate

I am attempting to setup an LDAP server under CentOS 5.4.


However I am unable to search my ldap directory even tho I am
supplying the proper credentials for the Manager account:


[root@ldap openldap]# ldapsearch -x -h ldap -D
'cn=Manager,dc=example,dc=net' -W -b 'dc=example,dc=net'
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

Anonymous searches do work however:

ldapsearch -x -h ldap -b "dc=example,dc=net" -s sub "objectclass=*"

[root@ldap openldap]# ldapsearch -x -h ldap -b "dc=example,dc=net" -s
sub "objectclass=*"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=net> with scope subtree
# filter: objectclass=*
# requesting: ALL
#

# search result
search: 2
result: 32 No such object


I am currently attempting to use the actual word 'secret' to
authenticate the Manager account:

database bdb
suffix "dc=example,dc=net"
rootdn "cn=Manager,dc=example,dc=net"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw {CRYPT}secret


And I am getting error 49's in my openldap logs with loglevel set to 296

/var/log/openldap.log

Nov 2 15:45:58 ldap slapd[3522]: slapd starting
Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 ACCEPT from
IP=127.0.0.1:44552 (IP=0.0.0.0:389)
Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 BIND
dn="cn=Manager,dc=example,dc=net" method=128
Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 RESULT tag=97 err=49 text=
Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 closed (connection lost)


this is how I have configured my ldap.conf

BASE dc=example,dc=net
HOST localhost
URI ldap://ldap.example.net

and for some reason slapd is listening on port 3774 even tho I haven't
told it to:

[root@ldap network-scripts]# netstat -tulnp | grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:*
LISTEN 3774/slapd
[root@ldap network-scripts]# netstat -tulnp | grep slapd
tcp 0 0 0.0.0.0:389 0.0.0.0:*
LISTEN 3774/slapd

I haven't specified port 3774 _anywhere_ in my ldap config:


[root@ldap network-scripts]# grep 3774 /etc/ldap


thanks in advance for your help







--
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 04:58 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org