[Date Prev][Date Next] [Chronological] [Thread] [Top]

Invalid credentials again :///



Hi,
I'm getting "ldap_bind: Invalid credentials" errors when I try to do ldapsearch, and I'm at my wits end after going thru google and mailing lists... (openldap 2.0.15 on Mandrake 8.1 from source)


----------------------------------------------------
ldapsearch -x -D "uid=hennessy,ou=people,o=foobar.net" -W uid=hennessy
Enter LDAP Password:
ldap_bind: Invalid credentials
----------------------------------------------------

and then I try the rootdn + secret

----------------------------------------------------
ldapsearch -x -D "cn=root,o=foobar.com" -W uid=hennessy
Enter LDAP Password:
version: 2

#
# filter: uid=hennessy
# requesting: ALL
#

# hennessy, people, foobar.com
(etc etc etc)
----------------------------------------------------

here's my slapd.conf:

----------------------------------------------------
cat /usr/local/etc/openldap/slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/samba.schema
#include /usr/local/etc/openldap/schema/mail-routing.schema
include /usr/local/etc/openldap/schema/phpgwaccount.schema
include /usr/local/etc/openldap/schema/phpgwcontact.schema


# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args

password-hash	{CRYPT}

# Load dynamic backend modules:
# modulepath	/usr/local/libexec/openldap
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

#
# Sample Access Control
#	Allow read access of root DSE
#	Allow self write access
#	Allow authenticated users read access
#	Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default is:
#	Allow read by all
#
# rootdn can always write!

#######################################################################
# ldbm database definitions
#######################################################################

#############
## foobar ##
#############
database	ldbm
suffix		"o=foobar.com"
rootdn		"cn=root, o=foobar.com"
rootpw		secret
directory 	/var/ldap/foobar-ldbm
sasl-secprops	none

#loglevel	384

### TLS info
TLSCertificateFile	/usr/share/ssl/certs/ldaps.pem
TLSCertificateKeyFile	/usr/share/ssl/certs/ldaps.pem

# Indices to maintain
index	primaryGroupID,rid,uid,mail,uidNumber,gidNumber	eq
index	objectClass	eq
index	default		sub

access to attr=userPassword,ntPassword,lmPassword
	by self write
	by * read
	by sockname=127.0.0.1 read
	by peername="IP=127\.0\.0\.1" read
	by anonymous auth
	by * auth

access to *
	by users read
	by * read
----------------------------------------------------

I just can't see what's broken.. When configured to rootbind, I can use the password for 'hennessy', but I can't use 'hennessy' to query itself... This LDAP works in our infrastructure, where everything that uses it gets the rootdn + secret, but there's some software that needs to use user binding..

Anything obviously broken?

Cheers,
- Matt