[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slurpd -d9 --- Invalid credentials
- To: Aaron Richton <richton@nbcs.rutgers.edu>
- Subject: Re: slurpd -d9 --- Invalid credentials
- From: Steven Wong <slqwong@yahoo.com>
- Date: Tue, 18 Jul 2006 14:38:00 -0700 (PDT)
- Cc: openLDAP software <openldap-software@OpenLDAP.org>
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=I94PiJ68RIQGOhGMpQLgkrzj58xtNL9qtV4im9YBJCQwX3PrXdtjSOrJnncLmMyqJ+lzjlyJsGVAcwQ8OaRf4BLUzHAOy5IowzLdXuPE5u6P8mBys+ZyUyxHzJ6HiW2zBkrgm6evU+Htr0qGkNA1WXmGOYRpYKZ8wD6lGyI2rWk= ;
- In-reply-to: <Pine.SOC.4.64.0607151246590.27187@toolbox.rutgers.edu>
Thanks Aaron, Buchan, and Erich,
using clear text passwd. the replication to the slaves work now.
I will look at using SASL, so that I can have an encyrpted passwd for it.
Just curious, anyway I can use encrypted passwd for the proxyuser also? This passwd is currently in /etc/ldap.secret with perm 0600 in clear text. I've read that this has to be on every system (ldap server or client).
Thanks,
Steven
----- Original Message ----
From: Aaron Richton <richton@nbcs.rutgers.edu>
To: Steven Wong <slqwong@yahoo.com>
Cc: openLDAP software <openldap-software@OpenLDAP.org>
Sent: Saturday, July 15, 2006 9:59:15 AM
Subject: Re: slurpd -d9 --- Invalid credentials
Given
> replica host=<server3>:389
> credentials={MD5}$1$ghofW1$RazQvsgWa/7dtiphrRRPe0
you'll get
> Error: ldap_simple_bind_s for <server3>:389 failed: Invalid credentials
because the argument to "credentials=" must be (to use the term of
slapd.conf(5)) a "simple password," unhashed. That is, do not put
"{MD5}blah," but rather put "secret" itself (which hashes to {MD5}*).
If this bothers you, switch to a SASL mechanism. You have the same issue
with <server2>, by the way.