[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Invalid Credentials



Thanks Boris. I think that's a step forward. Obviously I'm not clear
on some elements of the ldap records.

I did this based on the quick start docs, so I'll re-read them.
They really aren't very helpful for me. Maybe the list will help me
get this problem settled.

I attached some output of what happened after I followed your suggestion.
Hopefully I did it properly.


On Tue, 11 Dec 2001, Boris Shpungin wrote:

> If you declared "cn=root,o=Solution Design Laboratory,dc=sdl,dc=org" to be
> your root DN, then you also have to provide the same information in your
> initial LDIF.  E.g.:
>
> dn: o=Solution Design Laboratory,dc=sdk,dc=org
> objectclass: organization
> o: "Solution Design Laboratory"
>
> dn: cn=root,o=Solution Design Laboratory,dc=sdl,dc=org
> objectclass: organizationalRole
> cn: root
>
> Note that all the components of the DN have to be specified, and initialized
> in descending (hierarchically) order within your LDIF.  Note that you might
> also want to make "dc=sdk,dc=org" your suffix instead (so that you could
> potentially support several "organization" entries under it.  In that case,
> you would need to add another entry to the top of your LDIF:
>
> dn: dc=sdl,dc=org
> objectclass: dcobject
> dc: sdl
>
> Basically, your current problem is that the info specified in your
> slapd.conf doesn't correspond to the info you initialized your database
> with.
>
> -Boris
>
>
> -----Original Message-----
> From: Ken Ingram [mailto:kingram@sdl.org]
> Sent: Tuesday, December 11, 2001 9:27 PM
> To: openldap-software@OpenLDAP.org
> Subject: Invalid Credentials
>
>
> I've explored FAQ's and list Archives considerably, and actual
> practical answers seem to be sparse and uninformative.
>
> Why is LDAP balking with "Invalid Credentials"?
>
> Some practical and pragmatic assistance would be greatly appreciated.
>
> Yes. I restarted the server.
>
>
>
> Here is the pertinent (I think) information:
>
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
>
> include		/usr/local/etc/openldap/schema/core.schema
> pidfile		/var/run/slapd.pid
> argsfile	/var/run/slapd.args
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> #access to attr=userPassword
> #        by self write
> #        by * compare
>
>
> database	ldbm
> suffix		"o=Solution Design Laboratory,dc=sdl,dc=org"
> rootdn		"cn=root,o=Solution Design Laboratory,dc=sdl,dc=org"
> rootpw		secret
> directory	/usr/local/var/openldap-ldbm
> #index		objectClass	eq
>
> results of redirecting debug output:
>
> daemon: socket() failed errno=22 (Invalid argument)
> reading config file /usr/local/etc/openldap/slapd.conf
> line 5 (include		/usr/local/etc/openldap/schema/core.schema)
> reading config file /usr/local/etc/openldap/schema/core.schema
> *************************
> [snipped for readability]
> *************************
> line 6 (pidfile		/var/run/slapd.pid)
> line 7 (argsfile	/var/run/slapd.args)
> line 18 (database	ldbm)
> line 19 (suffix		"o=Solution Design Laboratory,dc=sdl,dc=org")
> line 20 (rootdn		"cn=root,o=Solution Design
> Laboratory,dc=sdl,dc=org")
> line 21 (rootpw		secret)
> line 22 (directory	/usr/local/var/openldap-ldbm)
> slapd starting
> daemon: conn=0 fd=9 connection from IP=192.168.1.1:2046 (IP=0.0.0.0:389)
> accepted.
> ber_dump: buf=0x080e5610 ptr=0x080e5610 end=0x080e563a len=42
>   0000:  02 01 01 60 25 02 01 03  04 18 63 6e 3d 4d 61 6e
> ...`%.....cn=Man
>   0010:  61 67 65 72 2c 64 63 3d  73 64 6c 2c 64 63 3d 6f
> ager,dc=sdl,dc=o
>   0020:  72 67 80 06 73 65 63 72  65 74                     rg..secret
> ber_dump: buf=0x080e5610 ptr=0x080e5613 end=0x080e563a len=39
>   0000:  60 25 02 01 03 04 18 63  6e 3d 4d 61 6e 61 67 65
> `%.....cn=Manage
>   0010:  72 2c 64 63 3d 73 64 6c  2c 64 63 3d 6f 72 67 80
> r,dc=sdl,dc=org.
>   0020:  06 73 65 63 72 65 74                               .secret
> ber_dump: buf=0x080e5610 ptr=0x080e5632 end=0x080e563a len=8
>   0000:  80 06 73 65 63 72 65 74                            ..secret
> conn=0 op=0 BIND dn="CN=MANAGER,DC=SDL,DC=ORG" method=128
> ber_flush: 14 bytes to sd 9
> conn=0 op=0 RESULT tag=97 err=49 text=
> conn=-1 fd=9 closed
>
> I attempted to follow the instructions in the Quick Start, which is where
> this has failed.
>
> [1598] ldapadd -x -D "cn=Manager,dc=sdl,dc=org" -f ldifs/ken.ldif -W 2>&1
> >> helpme.doc
> Enter LDAP Password:
> ldap_bind: Invalid credentials
>
> So, why is ldapadd regarding my credentials as invalid?
>
>
>
> ken.ldif contains:
> dn: dc=sdl, dc=org
> objectclass: dcObject
> objectclass: organization
> o: "Solution Design Laboratory"
> dc: sdl
> dn: cn=Manager,dc=sdl, dc=org
> objectclass: organizationalRole
> cn: Manager
>
>
>
>

My opinons aren't fit for public consumption
[1643] ldapadd -x -D "cn=root,o=Solution Design Laboratory,dc=sdl,dc=org" -f ldifs/root.ldif -w secret
adding new entry "dc=sdl,dc=org"
ldap_add: No such object

ldif_record() = 32

--------------------------------------------------------------------------
slapd.conf

# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#

include		/usr/local/etc/openldap/schema/core.schema
pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args

#######################################################################
# ldbm database definitions
#######################################################################

#access to attr=userPassword
#        by self write
#        by * compare


database	ldbm
suffix		"o=Solution Design Laboratory,dc=sdl,dc=org"
rootdn		"cn=root,o=Solution Design Laboratory,dc=sdl,dc=org"
rootpw		secret
directory	/usr/local/var/openldap-ldbm
#index		objectClass	eq
--------------------------------------------------------------------------
root.ldif


dn: dc=sdl,dc=org
objectclass: dcobject 
dc: sdl

dn: o=Solution Design Laboratory,dc=sdl,dc=org
objectclass: top 
objectclass: organization 
o: "Solution Design Laboratory"

dn: cn=root,o=Solution Design Laboratory,dc=sdl,dc=org
objectclass: organizationalRole
cn: root
--------------------------------------------------------------------------
debug.log

@(#) $OpenLDAP: slapd 2.0.7-Release (Tue Mar 20 16:22:56 PST 2001) $
	kingram@gemini:/usr/src/openldap-2.0.7/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse(ldap:///)
daemon: socket() failed errno=22 (Invalid argument)
daemon: initialized ldap:///
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
==>backsql_initialize()
<==backsql_initialize()
slapd startup: initiated.
slapd starting
daemon: added 6r
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 9
ldap_pvt_gethostbyname_a: host=gemini, r=0
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0                 
ldap_read: want=1, got=1
  0000:  44                                                 D                 
ldap_read: want=68, got=68
  0000:  02 01 01 60 3f 02 01 03  04 32 63 6e 3d 72 6f 6f   ...`?....2cn=roo  
  0010:  74 2c 6f 3d 53 6f 6c 75  74 69 6f 6e 20 44 65 73   t,o=Solution Des  
  0020:  69 67 6e 20 4c 61 62 6f  72 61 74 6f 72 79 2c 64   ign Laboratory,d  
  0030:  63 3d 73 64 6c 2c 64 63  3d 6f 72 67 80 06 73 65   c=sdl,dc=org..se  
  0040:  63 72 65 74                                        cret              
ber_get_next: tag 0x30 len 68 contents:
ber_dump: buf=0x080e5610 ptr=0x080e5610 end=0x080e5654 len=68
  0000:  02 01 01 60 3f 02 01 03  04 32 63 6e 3d 72 6f 6f   ...`?....2cn=roo  
  0010:  74 2c 6f 3d 53 6f 6c 75  74 69 6f 6e 20 44 65 73   t,o=Solution Des  
  0020:  69 67 6e 20 4c 61 62 6f  72 61 74 6f 72 79 2c 64   ign Laboratory,d  
  0030:  63 3d 73 64 6c 2c 64 63  3d 6f 72 67 80 06 73 65   c=sdl,dc=org..se  
  0040:  63 72 65 74                                        cret              
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
do_bind
ber_scanf fmt ({iat) ber:
ber_dump: buf=0x080e5610 ptr=0x080e5613 end=0x080e5654 len=65
  0000:  60 3f 02 01 03 04 32 63  6e 3d 72 6f 6f 74 2c 6f   `?....2cn=root,o  
  0010:  3d 53 6f 6c 75 74 69 6f  6e 20 44 65 73 69 67 6e   =Solution Design  
  0020:  20 4c 61 62 6f 72 61 74  6f 72 79 2c 64 63 3d 73    Laboratory,dc=s  
  0030:  64 6c 2c 64 63 3d 6f 72  67 80 06 73 65 63 72 65   dl,dc=org..secre  
  0040:  74                                                 t                 
ber_scanf fmt (o}) ber:
ber_dump: buf=0x080e5610 ptr=0x080e564c end=0x080e5654 len=8
  0000:  80 06 73 65 63 72 65 74                            ..secret          
do_bind: version=3 dn="cn=root,o=Solution Design Laboratory,dc=sdl,dc=org" method=128
==> ldbm_back_bind: dn: cn=root,o=Solution Design Laboratory,dc=sdl,dc=org
dn2entry_r: dn: "CN=ROOT,O=SOLUTION DESIGN LABORATORY,DC=SDL,DC=ORG"
=> dn2id( "CN=ROOT,O=SOLUTION DESIGN LABORATORY,DC=SDL,DC=ORG" )
=> ldbm_cache_open( "/usr/local/var/openldap-ldbm/dn2id.dbb", 7, 600 )
ldbm_cache_open (blksize 4096) (maxids 1022) (maxindirect 9)
<= ldbm_cache_open (opened 0)
<= dn2id NOID
dn2entry_r: dn: "O=SOLUTION DESIGN LABORATORY,DC=SDL,DC=ORG"
=> dn2id( "O=SOLUTION DESIGN LABORATORY,DC=SDL,DC=ORG" )
=> ldbm_cache_open( "/usr/local/var/openldap-ldbm/dn2id.dbb", 7, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
do_bind: v3 bind: "cn=root,o=Solution Design Laboratory,dc=sdl,dc=org" to "cn=root,o=Solution Design Laboratory,dc=sdl,dc=org"
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: 0::
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 9
  0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00         0....a........    
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00         0....a........    
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0                 
ldap_read: want=1, got=1
  0000:  3f                                                 ?                 
ldap_read: want=63, got=63
  0000:  02 01 02 68 3a 04 0d 64  63 3d 73 64 6c 2c 64 63   ...h:..dc=sdl,dc  
  0010:  3d 6f 72 67 30 29 30 1a  04 0b 6f 62 6a 65 63 74   =org0)0...object  
  0020:  63 6c 61 73 73 31 0b 04  09 64 63 6f 62 6a 65 63   class1...dcobjec  
  0030:  74 20 30 0b 04 02 64 63  31 05 04 03 73 64 6c      t 0...dc1...sdl   
ber_get_next: tag 0x30 len 63 contents:
ber_dump: buf=0x080e5770 ptr=0x080e5770 end=0x080e57af len=63
  0000:  02 01 02 68 3a 04 0d 64  63 3d 73 64 6c 2c 64 63   ...h:..dc=sdl,dc  
  0010:  3d 6f 72 67 30 29 30 1a  04 0b 6f 62 6a 65 63 74   =org0)0...object  
  0020:  63 6c 61 73 73 31 0b 04  09 64 63 6f 62 6a 65 63   class1...dcobjec  
  0030:  74 20 30 0b 04 02 64 63  31 05 04 03 73 64 6c      t 0...dc1...sdl   
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
do_add
ber_scanf fmt ({a) ber:
ber_dump: buf=0x080e5770 ptr=0x080e5773 end=0x080e57af len=60
  0000:  68 3a 04 0d 64 63 3d 73  64 6c 2c 64 63 3d 6f 72   h:..dc=sdl,dc=or  
  0010:  67 30 29 30 1a 04 0b 6f  62 6a 65 63 74 63 6c 61   g0)0...objectcla  
  0020:  73 73 31 0b 04 09 64 63  6f 62 6a 65 63 74 20 30   ss1...dcobject 0  
  0030:  0b 04 02 64 63 31 05 04  03 73 64 6c               ...dc1...sdl      
do_add: ndn (DC=SDL,DC=ORG)
ber_scanf fmt ({a{V}}) ber:
ber_dump: buf=0x080e5770 ptr=0x080e5786 end=0x080e57af len=41
  0000:  30 1a 04 0b 6f 62 6a 65  63 74 63 6c 61 73 73 31   0...objectclass1  
  0010:  0b 04 09 64 63 6f 62 6a  65 63 74 20 30 0b 04 02   ...dcobject 0...  
  0020:  64 63 31 05 04 03 73 64  6c                        dc1...sdl         
ber_scanf fmt ({a{V}}) ber:
ber_dump: buf=0x080e5770 ptr=0x080e57a2 end=0x080e57af len=13
  0000:  30 0b 04 02 64 63 31 05  04 03 73 64 6c            0...dc1...sdl     
ber_scanf fmt (}) ber:
ber_dump: buf=0x080e5770 ptr=0x080e57af end=0x080e57af len=0

send_ldap_result: conn=0 op=1 p=3
send_ldap_result: 10::
send_ldap_response: msgid=2 tag=105 err=32
ber_flush: 14 bytes to sd 9
  0000:  30 0c 02 01 02 69 07 0a  01 20 04 00 04 00         0....i... ....    
ldap_write: want=14, written=14
  0000:  30 0c 02 01 02 69 07 0a  01 20 04 00 04 00         0....i... ....    
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0                 
ldap_read: want=1, got=1
  0000:  05                                                 .                 
ldap_read: want=5, got=5
  0000:  02 01 03 42 00                                     ...B.             
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x080e5a20 ptr=0x080e5a20 end=0x080e5a25 len=5
  0000:  02 01 03 42 00                                     ...B.             
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
do_unbind
connection_closing: readying conn=0 sd=9 for close
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
connection_resched: attempting closing conn=0 sd=9
connection_close: conn=0 sd=9
daemon: removing 9