[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch: invalid credentials



Hello everyone,

I am very new to LDAP and have read through most of O'Reilly's LDAP book. I am
having significant trouble trying to do an ldap seach on a specific person in my
LDAP database. Here is what I am trying to do:

$ ldapsearch -v -x -W -b "dc=domain,dc=com" -D
"uid=myuser,ou=people,dc=domain,dc=com" "(objectclass=*)"
ldap_initialize( ldap://ldap.domain.com )
Enter LDAP Password:
ldap_bind: Invalid credentials

This is the LDIF that was created for the person (password masked):

dn: uid=myuser,ou=people,dc=domain,dc=com
uid: myuser
cn: myuser
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$XXXXXXXX/XXXXXXXXX/
shadowLastChange: 13003
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 100
homeDirectory: /home/myuser

Here is the slapd.cof (I allowed world access for testing purposes):

## slapd.conf
include         /path/to/schema/core.schema
include         /path/to/schema/cosine.schema
include         /path/to/schema/nis.schema
include         /path/to/schema/inetorgperson.schema

loglevel        any
pidfile         /path/to/slapd.pid
argsfile        /path/to/slapd.args

TLSCipherSuite          HIGH
TLSCertificateFile      /path/to/tls.cert
TLSCertificateKeyFile   /path/to/tls.key

password-hash   {SSHA}

database        bdb
suffix          "dc=domain,dc=com"
rootdn          "cn=Manager,dc=domain,dc=com"
rootpw          {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
directory       /path/to/openldap-data
mode            0600
index   objectClass     eq
index   cn,uid          eq
index   uidNumber       eq
#index  guidNumber      eq

# ACL
access to *
    by * read

Here is the log that gets generated:

slapd[14927]: <= entry_decode(uid=myuser,ou=people,dc=domain,dc=com)
slapd[14927]: => access_allowed: auth access to
"uid=myuser,ou=people,dc=domain,dc=com" "userPassword" requested
slapd[14927]: => acl_get: [1] attr userPassword
slapd[14927]: access_allowed: no res from state (userPassword)
slapd[14927]: => acl_mask: access to entry
"uid=myuser,ou=people,dc=domain,dc=com", attr "userPassword" requested
slapd[14927]: => acl_mask: to value by "", (=0)
slapd[14927]: <= check a_dn_pat: *
slapd[14927]: <= acl_mask: [1] applying read(=rscxd) (stop)
slapd[14927]: <= acl_mask: [1] mask: read(=rscxd)
slapd[14927]: => access_allowed: auth access granted by read(=rscxd)
slapd[14927]: send_ldap_result: conn=0 op=0 p=3
slapd[14927]: send_ldap_result: err=49 matched="" text=""
slapd[14927]: send_ldap_response: msgid=1 tag=97 err=49
slapd[14899]: daemon: activity on 1 descriptors
slapd[14899]: daemon: activity on:
orion slapd[14899]:  13r
slapd[14899]:
slapd[14899]: daemon: read activity on 13
slapd[14899]: connection_get(13)
slapd[14899]: connection_get(13): got connid=0
slapd[14899]: connection_read(13): checking for input on id=0
slapd[14899]: ber_get_next on fd 13 failed errno=0 (Success)
slapd[14899]: connection_read(13): input error=-2 id=0, closing.
slapd[14899]: connection_closing: readying conn=0 sd=13 for close
slapd[14899]: connection_close: deferring conn=0 sd=13
slapd[14899]: daemon: select: listen=6 active_threads=0 tvp=NULL
slapd[14899]: daemon: select: listen=7 active_threads=0 tvp=NULL
slapd[14899]: daemon: activity on 1 descriptors
slapd[14899]: daemon: select: listen=6 active_threads=0 tvp=NULL
slapd[14899]: daemon: select: listen=7 active_threads=0 tvp=NULL
slapd[14927]: conn=0 op=0 RESULT tag=97 err=49 text=
slapd[14927]: connection_resched: attempting closing conn=0 sd=13
slapd[14927]: connection_close: conn=0 sd=13
slapd[14927]: daemon: removing 13
slapd[14927]: conn=0 fd=13 closed

Thanks for your help, it is much appreciated.

Sincerely,
~~K