[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Invalid credentials again :///
Hi,
I'm getting "ldap_bind: Invalid credentials" errors when I try to do
ldapsearch, and I'm at my wits end after going thru google and mailing
lists... (openldap 2.0.15 on Mandrake 8.1 from source)
----------------------------------------------------
ldapsearch -x -D "uid=hennessy,ou=people,o=foobar.net" -W uid=hennessy
Enter LDAP Password:
ldap_bind: Invalid credentials
----------------------------------------------------
and then I try the rootdn + secret
----------------------------------------------------
ldapsearch -x -D "cn=root,o=foobar.com" -W uid=hennessy
Enter LDAP Password:
version: 2
#
# filter: uid=hennessy
# requesting: ALL
#
# hennessy, people, foobar.com
(etc etc etc)
----------------------------------------------------
here's my slapd.conf:
----------------------------------------------------
cat /usr/local/etc/openldap/slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27
20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/samba.schema
#include /usr/local/etc/openldap/schema/mail-routing.schema
include /usr/local/etc/openldap/schema/phpgwaccount.schema
include /usr/local/etc/openldap/schema/phpgwcontact.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
password-hash {CRYPT}
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
#######################################################################
# ldbm database definitions
#######################################################################
#############
## foobar ##
#############
database ldbm
suffix "o=foobar.com"
rootdn "cn=root, o=foobar.com"
rootpw secret
directory /var/ldap/foobar-ldbm
sasl-secprops none
#loglevel 384
### TLS info
TLSCertificateFile /usr/share/ssl/certs/ldaps.pem
TLSCertificateKeyFile /usr/share/ssl/certs/ldaps.pem
# Indices to maintain
index primaryGroupID,rid,uid,mail,uidNumber,gidNumber eq
index objectClass eq
index default sub
access to attr=userPassword,ntPassword,lmPassword
by self write
by * read
by sockname=127.0.0.1 read
by peername="IP=127\.0\.0\.1" read
by anonymous auth
by * auth
access to *
by users read
by * read
----------------------------------------------------
I just can't see what's broken.. When configured to rootbind, I can use
the password for 'hennessy', but I can't use 'hennessy' to query
itself... This LDAP works in our infrastructure, where everything that
uses it gets the rootdn + secret, but there's some software that needs
to use user binding..
Anything obviously broken?
Cheers,
- Matt