[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Invalid Credentials
- To: Boris Shpungin <bshpungin@d2k.com>
- Subject: RE: Invalid Credentials
- From: Ken Ingram <kingram@sdl.org>
- Date: Tue, 11 Dec 2001 23:59:41 -0800 (PST)
- Cc: openldap-software@OpenLDAP.org
- Content-id: <Pine.LNX.4.41.0112112359400.1478@gemini.sdl.org>
- In-reply-to: <439E6A26989CD5119456006097B5349A0232A9@imail.d2k.com>
Thanks Boris. I think that's a step forward. Obviously I'm not clear
on some elements of the ldap records.
I did this based on the quick start docs, so I'll re-read them.
They really aren't very helpful for me. Maybe the list will help me
get this problem settled.
I attached some output of what happened after I followed your suggestion.
Hopefully I did it properly.
On Tue, 11 Dec 2001, Boris Shpungin wrote:
> If you declared "cn=root,o=Solution Design Laboratory,dc=sdl,dc=org" to be
> your root DN, then you also have to provide the same information in your
> initial LDIF. E.g.:
>
> dn: o=Solution Design Laboratory,dc=sdk,dc=org
> objectclass: organization
> o: "Solution Design Laboratory"
>
> dn: cn=root,o=Solution Design Laboratory,dc=sdl,dc=org
> objectclass: organizationalRole
> cn: root
>
> Note that all the components of the DN have to be specified, and initialized
> in descending (hierarchically) order within your LDIF. Note that you might
> also want to make "dc=sdk,dc=org" your suffix instead (so that you could
> potentially support several "organization" entries under it. In that case,
> you would need to add another entry to the top of your LDIF:
>
> dn: dc=sdl,dc=org
> objectclass: dcobject
> dc: sdl
>
> Basically, your current problem is that the info specified in your
> slapd.conf doesn't correspond to the info you initialized your database
> with.
>
> -Boris
>
>
> -----Original Message-----
> From: Ken Ingram [mailto:kingram@sdl.org]
> Sent: Tuesday, December 11, 2001 9:27 PM
> To: openldap-software@OpenLDAP.org
> Subject: Invalid Credentials
>
>
> I've explored FAQ's and list Archives considerably, and actual
> practical answers seem to be sparse and uninformative.
>
> Why is LDAP balking with "Invalid Credentials"?
>
> Some practical and pragmatic assistance would be greatly appreciated.
>
> Yes. I restarted the server.
>
>
>
> Here is the pertinent (I think) information:
>
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
>
> include /usr/local/etc/openldap/schema/core.schema
> pidfile /var/run/slapd.pid
> argsfile /var/run/slapd.args
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> #access to attr=userPassword
> # by self write
> # by * compare
>
>
> database ldbm
> suffix "o=Solution Design Laboratory,dc=sdl,dc=org"
> rootdn "cn=root,o=Solution Design Laboratory,dc=sdl,dc=org"
> rootpw secret
> directory /usr/local/var/openldap-ldbm
> #index objectClass eq
>
> results of redirecting debug output:
>
> daemon: socket() failed errno=22 (Invalid argument)
> reading config file /usr/local/etc/openldap/slapd.conf
> line 5 (include /usr/local/etc/openldap/schema/core.schema)
> reading config file /usr/local/etc/openldap/schema/core.schema
> *************************
> [snipped for readability]
> *************************
> line 6 (pidfile /var/run/slapd.pid)
> line 7 (argsfile /var/run/slapd.args)
> line 18 (database ldbm)
> line 19 (suffix "o=Solution Design Laboratory,dc=sdl,dc=org")
> line 20 (rootdn "cn=root,o=Solution Design
> Laboratory,dc=sdl,dc=org")
> line 21 (rootpw secret)
> line 22 (directory /usr/local/var/openldap-ldbm)
> slapd starting
> daemon: conn=0 fd=9 connection from IP=192.168.1.1:2046 (IP=0.0.0.0:389)
> accepted.
> ber_dump: buf=0x080e5610 ptr=0x080e5610 end=0x080e563a len=42
> 0000: 02 01 01 60 25 02 01 03 04 18 63 6e 3d 4d 61 6e
> ...`%.....cn=Man
> 0010: 61 67 65 72 2c 64 63 3d 73 64 6c 2c 64 63 3d 6f
> ager,dc=sdl,dc=o
> 0020: 72 67 80 06 73 65 63 72 65 74 rg..secret
> ber_dump: buf=0x080e5610 ptr=0x080e5613 end=0x080e563a len=39
> 0000: 60 25 02 01 03 04 18 63 6e 3d 4d 61 6e 61 67 65
> `%.....cn=Manage
> 0010: 72 2c 64 63 3d 73 64 6c 2c 64 63 3d 6f 72 67 80
> r,dc=sdl,dc=org.
> 0020: 06 73 65 63 72 65 74 .secret
> ber_dump: buf=0x080e5610 ptr=0x080e5632 end=0x080e563a len=8
> 0000: 80 06 73 65 63 72 65 74 ..secret
> conn=0 op=0 BIND dn="CN=MANAGER,DC=SDL,DC=ORG" method=128
> ber_flush: 14 bytes to sd 9
> conn=0 op=0 RESULT tag=97 err=49 text=
> conn=-1 fd=9 closed
>
> I attempted to follow the instructions in the Quick Start, which is where
> this has failed.
>
> [1598] ldapadd -x -D "cn=Manager,dc=sdl,dc=org" -f ldifs/ken.ldif -W 2>&1
> >> helpme.doc
> Enter LDAP Password:
> ldap_bind: Invalid credentials
>
> So, why is ldapadd regarding my credentials as invalid?
>
>
>
> ken.ldif contains:
> dn: dc=sdl, dc=org
> objectclass: dcObject
> objectclass: organization
> o: "Solution Design Laboratory"
> dc: sdl
> dn: cn=Manager,dc=sdl, dc=org
> objectclass: organizationalRole
> cn: Manager
>
>
>
>
My opinons aren't fit for public consumption
[1643] ldapadd -x -D "cn=root,o=Solution Design Laboratory,dc=sdl,dc=org" -f ldifs/root.ldif -w secret
adding new entry "dc=sdl,dc=org"
ldap_add: No such object
ldif_record() = 32
--------------------------------------------------------------------------
slapd.conf
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
#######################################################################
# ldbm database definitions
#######################################################################
#access to attr=userPassword
# by self write
# by * compare
database ldbm
suffix "o=Solution Design Laboratory,dc=sdl,dc=org"
rootdn "cn=root,o=Solution Design Laboratory,dc=sdl,dc=org"
rootpw secret
directory /usr/local/var/openldap-ldbm
#index objectClass eq
--------------------------------------------------------------------------
root.ldif
dn: dc=sdl,dc=org
objectclass: dcobject
dc: sdl
dn: o=Solution Design Laboratory,dc=sdl,dc=org
objectclass: top
objectclass: organization
o: "Solution Design Laboratory"
dn: cn=root,o=Solution Design Laboratory,dc=sdl,dc=org
objectclass: organizationalRole
cn: root
--------------------------------------------------------------------------
debug.log
@(#) $OpenLDAP: slapd 2.0.7-Release (Tue Mar 20 16:22:56 PST 2001) $
kingram@gemini:/usr/src/openldap-2.0.7/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse(ldap:///)
daemon: socket() failed errno=22 (Invalid argument)
daemon: initialized ldap:///
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
==>backsql_initialize()
<==backsql_initialize()
slapd startup: initiated.
slapd starting
daemon: added 6r
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 9
ldap_pvt_gethostbyname_a: host=gemini, r=0
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=1, got=1
0000: 44 D
ldap_read: want=68, got=68
0000: 02 01 01 60 3f 02 01 03 04 32 63 6e 3d 72 6f 6f ...`?....2cn=roo
0010: 74 2c 6f 3d 53 6f 6c 75 74 69 6f 6e 20 44 65 73 t,o=Solution Des
0020: 69 67 6e 20 4c 61 62 6f 72 61 74 6f 72 79 2c 64 ign Laboratory,d
0030: 63 3d 73 64 6c 2c 64 63 3d 6f 72 67 80 06 73 65 c=sdl,dc=org..se
0040: 63 72 65 74 cret
ber_get_next: tag 0x30 len 68 contents:
ber_dump: buf=0x080e5610 ptr=0x080e5610 end=0x080e5654 len=68
0000: 02 01 01 60 3f 02 01 03 04 32 63 6e 3d 72 6f 6f ...`?....2cn=roo
0010: 74 2c 6f 3d 53 6f 6c 75 74 69 6f 6e 20 44 65 73 t,o=Solution Des
0020: 69 67 6e 20 4c 61 62 6f 72 61 74 6f 72 79 2c 64 ign Laboratory,d
0030: 63 3d 73 64 6c 2c 64 63 3d 6f 72 67 80 06 73 65 c=sdl,dc=org..se
0040: 63 72 65 74 cret
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
do_bind
ber_scanf fmt ({iat) ber:
ber_dump: buf=0x080e5610 ptr=0x080e5613 end=0x080e5654 len=65
0000: 60 3f 02 01 03 04 32 63 6e 3d 72 6f 6f 74 2c 6f `?....2cn=root,o
0010: 3d 53 6f 6c 75 74 69 6f 6e 20 44 65 73 69 67 6e =Solution Design
0020: 20 4c 61 62 6f 72 61 74 6f 72 79 2c 64 63 3d 73 Laboratory,dc=s
0030: 64 6c 2c 64 63 3d 6f 72 67 80 06 73 65 63 72 65 dl,dc=org..secre
0040: 74 t
ber_scanf fmt (o}) ber:
ber_dump: buf=0x080e5610 ptr=0x080e564c end=0x080e5654 len=8
0000: 80 06 73 65 63 72 65 74 ..secret
do_bind: version=3 dn="cn=root,o=Solution Design Laboratory,dc=sdl,dc=org" method=128
==> ldbm_back_bind: dn: cn=root,o=Solution Design Laboratory,dc=sdl,dc=org
dn2entry_r: dn: "CN=ROOT,O=SOLUTION DESIGN LABORATORY,DC=SDL,DC=ORG"
=> dn2id( "CN=ROOT,O=SOLUTION DESIGN LABORATORY,DC=SDL,DC=ORG" )
=> ldbm_cache_open( "/usr/local/var/openldap-ldbm/dn2id.dbb", 7, 600 )
ldbm_cache_open (blksize 4096) (maxids 1022) (maxindirect 9)
<= ldbm_cache_open (opened 0)
<= dn2id NOID
dn2entry_r: dn: "O=SOLUTION DESIGN LABORATORY,DC=SDL,DC=ORG"
=> dn2id( "O=SOLUTION DESIGN LABORATORY,DC=SDL,DC=ORG" )
=> ldbm_cache_open( "/usr/local/var/openldap-ldbm/dn2id.dbb", 7, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
do_bind: v3 bind: "cn=root,o=Solution Design Laboratory,dc=sdl,dc=org" to "cn=root,o=Solution Design Laboratory,dc=sdl,dc=org"
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: 0::
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 9
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=1, got=1
0000: 3f ?
ldap_read: want=63, got=63
0000: 02 01 02 68 3a 04 0d 64 63 3d 73 64 6c 2c 64 63 ...h:..dc=sdl,dc
0010: 3d 6f 72 67 30 29 30 1a 04 0b 6f 62 6a 65 63 74 =org0)0...object
0020: 63 6c 61 73 73 31 0b 04 09 64 63 6f 62 6a 65 63 class1...dcobjec
0030: 74 20 30 0b 04 02 64 63 31 05 04 03 73 64 6c t 0...dc1...sdl
ber_get_next: tag 0x30 len 63 contents:
ber_dump: buf=0x080e5770 ptr=0x080e5770 end=0x080e57af len=63
0000: 02 01 02 68 3a 04 0d 64 63 3d 73 64 6c 2c 64 63 ...h:..dc=sdl,dc
0010: 3d 6f 72 67 30 29 30 1a 04 0b 6f 62 6a 65 63 74 =org0)0...object
0020: 63 6c 61 73 73 31 0b 04 09 64 63 6f 62 6a 65 63 class1...dcobjec
0030: 74 20 30 0b 04 02 64 63 31 05 04 03 73 64 6c t 0...dc1...sdl
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
do_add
ber_scanf fmt ({a) ber:
ber_dump: buf=0x080e5770 ptr=0x080e5773 end=0x080e57af len=60
0000: 68 3a 04 0d 64 63 3d 73 64 6c 2c 64 63 3d 6f 72 h:..dc=sdl,dc=or
0010: 67 30 29 30 1a 04 0b 6f 62 6a 65 63 74 63 6c 61 g0)0...objectcla
0020: 73 73 31 0b 04 09 64 63 6f 62 6a 65 63 74 20 30 ss1...dcobject 0
0030: 0b 04 02 64 63 31 05 04 03 73 64 6c ...dc1...sdl
do_add: ndn (DC=SDL,DC=ORG)
ber_scanf fmt ({a{V}}) ber:
ber_dump: buf=0x080e5770 ptr=0x080e5786 end=0x080e57af len=41
0000: 30 1a 04 0b 6f 62 6a 65 63 74 63 6c 61 73 73 31 0...objectclass1
0010: 0b 04 09 64 63 6f 62 6a 65 63 74 20 30 0b 04 02 ...dcobject 0...
0020: 64 63 31 05 04 03 73 64 6c dc1...sdl
ber_scanf fmt ({a{V}}) ber:
ber_dump: buf=0x080e5770 ptr=0x080e57a2 end=0x080e57af len=13
0000: 30 0b 04 02 64 63 31 05 04 03 73 64 6c 0...dc1...sdl
ber_scanf fmt (}) ber:
ber_dump: buf=0x080e5770 ptr=0x080e57af end=0x080e57af len=0
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: 10::
send_ldap_response: msgid=2 tag=105 err=32
ber_flush: 14 bytes to sd 9
0000: 30 0c 02 01 02 69 07 0a 01 20 04 00 04 00 0....i... ....
ldap_write: want=14, written=14
0000: 30 0c 02 01 02 69 07 0a 01 20 04 00 04 00 0....i... ....
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=1, got=1
0000: 05 .
ldap_read: want=5, got=5
0000: 02 01 03 42 00 ...B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x080e5a20 ptr=0x080e5a20 end=0x080e5a25 len=5
0000: 02 01 03 42 00 ...B.
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
do_unbind
connection_closing: readying conn=0 sd=9 for close
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
connection_resched: attempting closing conn=0 sd=9
connection_close: conn=0 sd=9
daemon: removing 9