[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Invalid Credentials (49)



Ron Parker <sysop@scbbs.com> writes:

> the FAQ will put you in the right direction
> http://www.openldap.org/faq/data/cache/344.html
>
> I tried both of these:
>
> perl -e 'print("userPassword: {CRYPT}".crypt("secret","salt")."\n");'
> which gives me: userPassword: {CRYPT}saHW9GdxihkGQ
>
> perl -e 'use Crypt::PasswdMD5;print("userPassword: {CRYPT}".unix_md5_crypt("password","salt")."\n");'
> which gives me: userPassword: {CRYPT}$1$salt$qJH7.N4xYta3aEG/dfqo/0
>
> I modifified "cn=Ron,ou=Zimbra,dc=example,dc=com" with each.  Example:

[...]
> and tried to login as "Ron" using each:
>
> ldapsearch -v -H "ldap://example.com"; -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
>
> When prompted for the password, I enter either "secret" or "password" (depending upon the userPassword I modified user with) and still get "Invalid Credentials (49)".
>
> The rootdn password works just fine.  Why won't any of the user
> passwords work?

You probabely compiled openldap with-crypt and with-ssl, thus loading
libcrypt and libcrypto, which will put clients and server in an
unpredictable state.
The FAQ states that openldap and clients have to be build with the
same crypt library. On my system (SuSE Linux-9.3) perl has been build
with libcrypt, while openldap has been build with libcrypto. Please
check your system and refrain from using cryt password hashes if
possible.

-Dieter
 
-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6