[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unable to run ldapsearch



I just removed all the db files, and did ldapadd again for both Manger and testuser ldif files.
But, I still have problem running ldapsearch on testuser. (I don't see any difference between two while inserting the data) 
 
 
/opt/etc/openldap]$ /opt/bin/ldapsearch -Z -x -W -D "uid=testuser,ou=People,dc=myorg,dc=com" "(objectclass=*)"
ldap_start_tls: Protocol error (2)
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
/opt/etc/openldap]$ /opt/bin/ldapsearch -Z -x -W -D "cn=Manager,dc=myorg,dc=com" "(objectclass=*)"
ldap_start_tls: Protocol error (2)
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=myorg,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# myorg.com
dn: dc=myorg,dc=com
objectClass: top
objectClass: dcObject
objectClass: nisDomainObject
objectClass: organization
dc: myorg
o: My Organization
nisDomain:: bXlvcmcuY29tIA==
# Manager, myorg.com
dn: cn=Manager,dc=myorg,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
# NonAnon, myorg.com
dn: cn=NonAnon,dc=myorg,dc=com
objectClass: account
objectClass: posixAccount
description: Non-anonymous ldap binds
cn: NonAnon
uid: nonanon
uidNumber: 1005
gidNumber: 105
homeDirectory: /var/empty
userPassword:: e0NSWVBUfWp6YkFUQWNhb3guIA==
loginShell:: L2Jpbi9mYWxzZSA=
host:: bXlsZGFwaG9zdC5teW9yZy5jb20g
# People, myorg.com
dn: ou=People,dc=myorg,dc=com
objectClass: organizationalUnit
ou: People
description: User Accounts
# Group, myorg.com
dn: ou=Group,dc=myorg,dc=com
objectClass: organizationalUnit
ou: Group
description: System Groups
# testuser, People, myorg.com
dn: uid=testuser,ou=People,dc=myorg,dc=com
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetLocalMailRecipient
cn: Test User
uid: testuser
userPassword:: e2NyeXB0fXM1OFROaXVML3RjTS4=
loginShell: /usr/bin/bash
uidNumber: 1001
gidNumber: 500
homeDirectory: /home/admin/testuser
mailLocalAddress: testuser@myorg.com
mailRoutingAddress: testuser@mailhost.myorg.com
host: somehost.myorg.com
host: someotherhost.myorg.com
host: anotherhost.myorg.com
shadowLastChange: 12193
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowInactive: 1
shadowExpire: 12999
gecos: Test User
# search result
search: 3
result: 0 Success
# numResponses: 7
# numEntries: 6
 
 
 
 
 
 
 
Is something wrong with my acl?
 
this is my acl:
access  to attrs=userPassword
        by self         write
        by *            auth
access  to *
        by *            read
 
 
 
Thanks,



 
On Tue, Mar 18, 2008 at 4:45 PM, Kevin Kim <surelybless@gmail.com> wrote:
Yes, that worked, but crypt library is same..
ldd /opt/libexec/slapd | grep crypt

        libcrypto.so.0.9.8 =>    /usr/local/ssl/lib/libcrypto.so.0.9.8
[16:36:19][root@bai-qadev-mw1:/usr/local/ssl/certs]$ ldd /opt/sbin/slappasswd | grep crypt

        libcrypto.so.0.9.8 =>    /usr/local/ssl/lib/libcrypto.so.0.9.8
 
 
Following error is output using -Z option:
/opt/bin/ldapsearch -x -Z -W -D "uid=testuser,ou=People,dc=myorg,dc=com" "(objectclass=*)"
ldap_start_tls: Protocol error (2)

Enter LDAP Password:
ldap_bind: Invalid credentials (49)

On Tue, Mar 18, 2008 at 4:19 PM, Patrick Shinpaugh <shpatric@vt.edu> wrote:
Try running the ldapsearch with the cn=Manager and its password - if
that works then take a look at the response from Dieter Kluenter
concerning the  crypt library used... could be that when slapd is
hashing your password it isn't matching.


Kevin Kim wrote:
> When I try running it with -Z option, I got
>
> Enter LDAP Password:
> connection_get(11): got connid=5
> connection_read(11): checking for input on id=5
> ber_get_next
> ber_get_next: tag 0x30 len 58 contents:
> ber_get_next
> conn=5 op=1 do_bind
> ber_scanf fmt ({imt) ber:
> ber_scanf fmt (m}) ber:
> >>> dnPrettyNormal: <uid=testuser,ou=People,dc=myorg,dc=com>
> <<< dnPrettyNormal: <uid=testuser,ou=People,dc=myorg,dc=com>,
> <uid=testuser,ou=people,dc=myorg,dc=com>
> do_bind: version=3 dn="uid=testuser,ou=People,dc=myorg,dc=com" method=128
> bdb_dn2entry("uid=testuser,ou=people,dc=myorg,dc=com")
> send_ldap_result: conn=5 op=1 p=3
> send_ldap_response: msgid=2 tag=97 err=49
> ber_flush2: 14 bytes to sd 11
> ldap_bind: Invalid credentials (49)
>
> Is ldapsearch requires special secuirity module compared to ldapadd?
>
>
>
> On Tue, Mar 18, 2008 at 1:26 PM, Patrick Shinpaugh <shpatric@vt.edu
> <mailto:shpatric@vt.edu>> wrote:
>
>     The error from your ldapsearch may give a clue...
>
>     ldap_bind: Confidentiality required (13)
>            additional info: TLS confidentiality required
>
>     Try adding the -Z option to your ldapsearch
>
>
>
>     Kevin Kim wrote:
>     > I also did
>     >
>     > $ /opt/bin/ldapadd -Z -x -W -D "cn=Manager,dc=myorg,dc=com" -v -f
>     > person.ldif
>     > ldap_initialize( <DEFAULT> )
>     > Enter LDAP Password:
>     > add objectclass:
>     >         account
>     >         posixAccount
>     >         shadowAccount
>     >         inetLocalMailRecipient
>     > add cn:
>     >         Test User
>     > add uid:
>     >         testuser
>     > add userPassword:
>     >         {crypt}s58TNiuL/tcM.
>     > add loginShell:
>     >         /usr/bin/bash
>     > add uidnumber:
>     >         1001
>     > add gidnumber:
>     >         500
>     > add homeDirectory:
>     >         /home/admin/testuser
>     > add mailLocalAddress:
>     >         testuser@myorg.com <mailto:testuser@myorg.com>
>     <mailto:testuser@myorg.com <mailto:testuser@myorg.com>>
>     > add mailRoutingAddress:
>     >         testuser@mailhost.myorg.com
>     <mailto:testuser@mailhost.myorg.com>
>     <mailto:testuser@mailhost.myorg.com
>     <mailto:testuser@mailhost.myorg.com>>
>     > add host:
>     >         somehost.myorg.com <http://somehost.myorg.com/>
>     <http://somehost.myorg.com <http://somehost.myorg.com/>>
>     >         someotherhost.myorg.com
>     <http://someotherhost.myorg.com/> <http://someotherhost.myorg.com
>     <http://someotherhost.myorg.com/>>
>     >         anotherhost.myorg.com <http://anotherhost.myorg.com/>
>     <http://anotherhost.myorg.com <http://anotherhost.myorg.com/>>
>     > add shadowLastChange:
>     >         12193
>     > add shadowMin:
>     >         0
>     > add shadowMax:
>     >         99999
>     > add shadowWarning:
>     >         7
>     > add shadowInactive:
>     >         1
>     > add shadowExpire:
>     >         12999
>     > add gecos:
>     >         Test User
>     > adding new entry "uid=testuser,ou=People,dc=myorg,dc=com"
>     > modify complete
>     >
>     > then,
>     >
>     > $ /opt/bin/ldapsearch -x -W -D
>     > "uid=testuser,ou=People,dc=myorg,dc=com" "(objectclass=*)"
>     > Enter LDAP Password:
>     > ldap_bind: Confidentiality required (13)
>     >         additional info: TLS confidentiality required
>     >
>     > any help will be appreciated.
>     >
>     > On Tue, Mar 18, 2008 at 11:50 AM, Kevin Kim
>     <surelybless@gmail.com <mailto:surelybless@gmail.com>
>     > <mailto:surelybless@gmail.com <mailto:surelybless@gmail.com>>>
>     wrote:
>     >
>     >     Correction: I did ran with
>     >     /opt/bin/ldapsearch -x -W -D
>     "uid=testuser,ou=People,dc=myorg,dc=com"
>     >     and I am still getting same error.
>     >     On Tue, Mar 18, 2008 at 11:44 AM, Kevin Kim
>     <surelybless@gmail.com <mailto:surelybless@gmail.com>
>     >     <mailto:surelybless@gmail.com
>     <mailto:surelybless@gmail.com>>> wrote:
>     >
>     >         Can someone help me find the problem with ldapsearch?
>     >
>     >         I can insert the data using ldapadd:
>     >         /opt/bin/ldapadd -Z -x -W -D "cn=Manager,dc=myorg,dc=com" -v
>     >         -f toplevel.ldif
>     >         ldap_initialize( <DEFAULT> )
>     >         Enter LDAP Password:
>     >          ...........
>     >         modify complete
>     >         but I am not able to run ldapsearch:
>     >         /opt/etc/openldap/ldif_files]$ /opt/bin/ldapsearch -x -W -D
>     >         "uid=testuser,ou=People,dc=scivantage,dc=com"
>     "(objectclass=*)"
>     >         Enter LDAP Password:
>     >         ldap_bind: Invalid credentials (49)
>     >
>     >         my slapd.conf files:
>     >         defaultsearchbase dc=myorg,dc=com
>     >
>     >         access  to attrs=userPassword
>     >                 by self         write
>     >                 by anonymous    auth
>     >                 by *            none
>     >         access  to *
>     >                 by self         write
>     >                 by users        read
>     >                 by *            none
>     >
>     >         database        bdb
>     >         suffix          "dc=myorg,dc=com"
>     >         rootdn          "cn=Manager,dc=myorg,dc=com"
>     >
>     >         Also, if run ldapwhoami:
>     >         /opt/bin/ldapwhoami
>     >         ldap_sasl_interactive_bind_s: Confidentiality required (13)
>     >
>     >         I will be appreciated,
>     >
>     >         Kevin
>     >
>     >
>     >
>
>     --
>     Patrick Shinpaugh
>     Virginia Tech
>     UVAG System Administrator/Programmer
>     540-231-2054
>
>

--
Patrick Shinpaugh
Virginia Tech
UVAG System Administrator/Programmer
540-231-2054