[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Invalid Credentials error for a Bind DN with spl. character

To: ando@sys-net.it
Subject: Re: Invalid Credentials error for a Bind DN with spl. character
From: snsk <snsk@yahoo.com>
Date: Thu, 21 Jul 2005 06:38:48 -0700 (PDT)
Cc: Openldap-Software <openldap-software@OpenLDAP.org>
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=5kmY6+EiqhEivHZh9fncM7tNHaqlxDrf2423r92NTHy8xo6Gz+L9OyvdbVoZn+6GLcz1f6ZNN1bg/8Uk6QiD+1g2xCJoFLHPEY6zkUd2Q6TqnlyS2bfyM3QikEf/jL44dUYgA/V0IbiffcKCewzZS6h1X2pvL3HLUwNmmB8+3p8= ;
In-reply-to: <64654.81.72.89.40.1121890624.squirrel@81.72.89.40>

I am running openLDAP 2.2.26 in Windows XP.  I am using the build made by Lucas http://bergmans.us/list/openldap-windows/.  I have configured slapd.conf to use ldbm database (was wondering if the issue I saw has anything to do with the database in use :-)

Earlier, I was using 256 as debug level.  After your suggestion, I changed it to -1 (All debug).  

During startup, I could see openLDAP reading the suffix as "o=VeriSign\2C Inc.,c=US" but rootDN as "cn=Manager,o=VeriSign2C Inc.,c=US" (note there is no backslash in O value).  So I tried doing a ldapsearch w/o backslash for the bind DN and it worked.

Is this an expected behavior?  I don't know if I mentioned earlier, I have the following entries in slapd.conf for suffix and rootDN.

suffix  "O=VeriSign\2C Inc., C=US"
rootdn  "cn=Manager,O=VeriSign\2C Inc.,C=US"

Thanks

Pierangelo Masarati <ando@sys-net.it> wrote:
[I assume you intended to post to the list as well.]

> You can see what openLDAP is getting for anonymous search and bind dn
> request:
>
> conn=0 fd=1216 ACCEPT from IP=127.0.0.1:3390 (IP=0.0.0.0:389)
> conn=0 op=0 BIND dn="" method=128
> connection_input: conn=0 deferring operation: binding
> conn=0 op=0 RESULT tag=97 err=0 text=
> conn=0 op=1 SRCH base="o=VeriSign\2C Inc.,c=US" scope=2 deref=0
> filter="(objectClass=*)"
> conn=0 op=2 UNBIND
> conn=0 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=

^^^ err=32 (noSuchObject): no data exists with that DN

> conn=0 fd=1216 closed
> conn=1 fd=1216 ACCEPT from IP=127.0.0.1:3393 (IP=0.0.0.0:389)
> conn=1 op=0 BIND dn="cn=Manager,o=VeriSign\2C Inc.,c=US" method=128
> conn=1 op=0 RESULT tag=97 err=49 text=

^^^ err=49 (invalidCredentials): can be anything, from invalid credentials
(e.g. wrong password) to many other errors. In any case, it appears that
the DN is parsed correctly. I don't see any evidence of an error in
treating it. I suggest you use a more verbose log level, in an attempt to
find out what's really going on in there. An indication of the version of
OpenLDAP you're using may be of help.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

References:
- Re: Invalid Credentials error for a Bind DN with spl. character
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Structural objectclass modifications
Next by Date: Re: Structural objectclass modifications
Index(es):
- Chronological
- Thread