[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Invalid Credentials Error
Hey All,
We used to run 2.0, but are now upgrading to 2.1.21. We first
slapcatted the directory to a file, then tried moved over the old
config files, replaced the old schema with 2.1's schema, changed the
ldbm to bdb in the config file then ran:
slapadd -l /root/dump_new -f slapd.conf -c
The old dump is then imported (what appears to be successfully). I am
able to slapcat the directory at this point to confirm that the slapadd
was successful.
The problem is that when I run ldapsearch (the exact same command i run
on our old server sucessfully), i get a :
"ldap_bind: Invalid credentials (49)" error.
Im binding as manager, which is in the directory (i saw it in the
slapcat) and in the slapd.conf file. The dn and ssha hashed password
listed for Manager slapd.conf is exactly the same as the old directory.
Any ideas?
Thanks,
Lee
-------------------------------------
Here is the compile flag for both the old and new directory:
./configure --prefix=/usr/local/encap/openldap-2.1.21
--enable-multimaster --with-cyrus-sasl --with-tls
SASL is installed.
Here is the ldapsearch command I used:
ldapsearch -d10 -h localhost -LLL -b
"ou=publicLists,dc=organization,dc=com" -s sub -x -D
"cn=Manager,ou=software,dc=organization,dc=com" -W "objectclass=*"
Here is slapd.conf:
include /export/openldap/etc/schema/core.schema
include /export/openldap/etc/schema/misc.schema
include /export/openldap/etc/schema/cosine.schema
include /export/openldap/etc/schema/inetorgperson.schema
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
access to dn.base="" by * none
access to * by self read
by * auth
database bdb
suffix "dc=organization,dc=com"
rootdn "cn=Manager,ou=software,dc=organization,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}DSFfjhksldf2389dDFs^&jfklsfjklDZg7y+q5fm8Y7
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /export/openldap/var/openldap-bdb
# Indices to maintain
index default pres,eq
index objectClass,uid,cn
loglevel -1
# TLS / SSL
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /export/openldap/etc/ldapcert.pem
TLSCertificateKeyFile /export/openldap/etc/ldapkey.pem
TLSCACertificateFile /export/openldap/etc/demoCA/cacert.pem