[Date Prev][Date Next] [Chronological] [Thread] [Top]

re: Invalid Credentials (49)

To: openldap-software@openldap.org
Subject: re: Invalid Credentials (49)
From: Ron Parker <sysop@scbbs.com>
Date: Mon, 16 Jul 2007 11:25:52 -0700
Organization: Software Creations
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)

Ron Parker <sysop@scbbs.com> writes:

> the FAQ will put you in the right direction
> http://www.openldap.org/faq/data/cache/344.html
>
> I tried both of these:
>
> perl -e 'print("userPassword: {CRYPT}".crypt("secret","salt")."\n");'
> which gives me: userPassword: {CRYPT}saHW9GdxihkGQ
>
> perl -e 'use Crypt::PasswdMD5;print("userPassword: {CRYPT}".unix_md5_crypt("password","salt")."\n");'
> which gives me: userPassword: {CRYPT}$1$salt$qJH7.N4xYta3aEG/dfqo/0
>
> I modifified "cn=Ron,ou=Zimbra,dc=example,dc=com" with each.  Example:


[...]

> and tried to login as "Ron" using each:
>
> ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
>
> When prompted for the password, I enter either "secret" or "password" (depending upon the userPassword I modified user with) and still get "Invalid Credentials (49)".
>
> The rootdn password works just fine.  Why won't any of the user
> passwords work?


Dieter wrote:

"You probabely compiled openldap with-crypt and with-ssl, thus loading
libcrypt and libcrypto, which will put clients and server in an
unpredictable state."

On my RHEL 4 system I have the following rpms installed:

openldap-2.2.13-7.4E
openldap-clients-2.2.13-7.4E
openldap-devel-2.2.13-7.4E
openldap-servers-2.2.13-7.4E
compat-openldap-2.1.30-7.4E

I'm using the openldap-server and trying to log in using the openldap-client.

"The FAQ states that openldap and clients have to be build with the
same crypt library. On my system (SuSE Linux-9.3) perl has been build
with libcrypt, while openldap has been build with libcrypto. Please
check your system and refrain from using cryt password hashes if
possible."

I'm not sure what the above means, or rather, what I need to do.

I tried using different schemes for the userPassword:

[root@db workarea]# slappasswd -h {SHA}
New password:
Re-enter new password:
{SHA}5en6G6MezRroT3XKqkdPOmY/BfQ=

and

[root@db workarea]# slappasswd -h {MD5}
New password:
Re-enter new password:
{MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==

I ran ldapmodify for user for each password. I ran ldapsearch as the user:

ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'

Each time I enter password, login fails with "Invalid Credentials (49)".

Is there some configuration change I need to make to openldap itself?

Help!

-ron

-- 
Ron Parker
Software Creations               http://www.scbbs.com
Self-Administration Web Site     http://saw.scbbs.com
SDSS Subscription Mgmt Service   http://sdss.scbbs.com
Central Ave Dance Ensemble       http://www.centralavedance.com
R & B Salsa                      http://www.randbsalsa.com

Follow-Ups:
- re: Invalid Credentials (49)
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: How to now if smbk5pwd is working?
Next by Date: Meta configuration
Index(es):
- Chronological
- Thread