[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: unable to perform authenticated binds
- To: Tim Dunphy <bluethundr@gmail.com>
- Subject: Re: unable to perform authenticated binds
- From: Benjamin Griese <der.darude@gmail.com>
- Date: Tue, 2 Nov 2010 23:07:32 +0100
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=EjILjWJ/EGixDFq/Fao+Ji0x/G4HqppJ4pNplu/OT/U=; b=F0k/bvp8PJ7R6eoc2LbtDNblC4YHn5uUDcF7cPunr8o/nCisqKhyU6zf/E7pfil2Im 9KBe4EX1I1/I5VjVVu1k3Kf+p06rSFzHOd62sGe3t0NKIKmTOTXWnLs6Vifcx3xSZRgj DoLbZwLPWMQuAiUd7x9eFqaqwcVFbPAuFJD2Y=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=HHb2Er+AZzRKdIgurKQ6CHpJMMfAk/oIQqKqOAI7oITQnhxP1rwfzh0RvU2YGtU96D I+W9R4It0nDi4PVodQL0tZpeMCZyFZmKHegZHGW+C7e380K0KEA7xn+OajMKR1EpuaHI KLoHaeF7rf8Uwey6Gra+UbYaG8cbOKojUqqEY=
- In-reply-to: <AANLkTikAnaETNKxnCf6+yELEekKp+kvRm_VK2piO32=n@mail.gmail.com>
- References: <AANLkTikAnaETNKxnCf6+yELEekKp+kvRm_VK2piO32=n@mail.gmail.com>
Hello Tim,
the "password" you supply won't work, as it is not encoded in base64.
Try to generate a password hash + base64-enc with "slappasswd" and set
this string as your password hash for rootpw.
http://linux.die.net/man/8/slappasswd
Bye, Benjamin.
On Tue, Nov 2, 2010 at 22:50, Tim Dunphy <bluethundr@gmail.com> wrote:
> I am attempting to setup an LDAP server under CentOS 5.4.
>
>
> However I am unable to search my ldap directory even tho I am
> supplying the proper credentials for the Manager account:
>
>
> [root@ldap openldap]# ldapsearch -x -h ldap -D
> 'cn=Manager,dc=example,dc=net' -W -b 'dc=example,dc=net'
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> Anonymous searches do work however:
>
> ldapsearch -x -h ldap -b "dc=example,dc=net" -s sub "objectclass=*"
>
> [root@ldap openldap]# ldapsearch -x -h ldap -b "dc=example,dc=net" -s
> sub "objectclass=*"
> # extended LDIF
> #
> # LDAPv3
> # base <dc=example,dc=net> with scope subtree
> # filter: objectclass=*
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
>
> I am currently attempting to use the actual word 'secret' to
> authenticate the Manager account:
>
> database bdb
> suffix "dc=example,dc=net"
> rootdn "cn=Manager,dc=example,dc=net"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw secret
> # rootpw {CRYPT}secret
>
>
> And yet I am still getting error 49's in my openldap logs with
> loglevel set to 296
>
> /var/log/openldap.log
>
> Nov 2 15:45:58 ldap slapd[3522]: slapd starting
> Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 ACCEPT from
> IP=127.0.0.1:44552 (IP=0.0.0.0:389)
> Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 BIND
> dn="cn=Manager,dc=example,dc=net" method=128
> Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 RESULT tag=97 err=49 text=
> Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 closed (connection lost)
>
>
> this is how I have configured my ldap.conf
>
> BASE dc=example,dc=net
> HOST localhost
> URI ldap://ldap.example.net
>
>
>
>
> thanks in advance for your help
>
>
>
>
>
>
> --
> Here's my RSA Public key:
> gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9
>
> Share and enjoy!!
>
--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra