[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldapadd "ldap_bind: Invalid credentials (49)"




-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] 
Sent: Thursday, August 29, 2013 3:10 PM
To: Clint Petty
Subject: RE: ldapadd "ldap_bind: Invalid credentials (49)"

--On Thursday, August 29, 2013 10:06 PM +0000 Clint Petty 
<cpetty@luthresearch.com> wrote:

>> # /etc/init.d/slapd debug -1 -u ldap -F /usr/local/etc/openldap/slapd.d
>> # -H ldapi:///
>> slapd: [INFO] Using /etc/default/slapd for configuration
>> slapd: [INFO] Halting OpenLDAP...
>> slapd: [INFO] Can't read PID file, to stop OpenLDAP try:
>> /etc/init.d/slapd forcestop slapd: [INFO] No db_recover done
>> slapd: [INFO] Launching OpenLDAP...
>> slapd: [OK] File descriptor limit set to 1024
>> 521fc4a1 @(#) $OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54) $
>>	clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.36/
>>	servers/slapd 521fc4a1 /usr/local/openldap/etc/openldap/slapd.conf: line
>> 5: unknown directive <dn:> >outside backend info and database
>> definitions. 521fc4a1 slapd stopped.
>> 521fc4a1 connections_destroy: nothing to destroy.

> Hi Clint,

> The point is to use a ">" with the text *I* wrote, not the text you write. 
> That's standard quoting of replies (as you will see my email client does 
> automatically).

> In the above, you used /etc/init.d/slapd, rather than the slapd *binary*. 
> The above indicates you are using an invalid slapd.conf file localted in 
> /usr/local/openldap/etc/openldap.  I thought you used cn=config?

> You may need to examine /etc/default/slapd to see how to fix it to use 
> cn=config?  etc.  At this point, you may want to ask the LTB project for 
> guidance on configuring their servers correctly.

> --Quanah

_________________________________________________________________

# /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:///
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /usr/local/openldap/etc/openldap/ldap.conf
ldap_init: using /usr/local/openldap/etc/openldap/ldap.conf
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
521fc7d9 @(#) $OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54) $
	clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.36/servers/slapd
ldap_pvt_gethostbyname_a: host=ip-10-15-2-169, r=0
521fc7d9 daemon_init: ldapi:///
521fc7d9 daemon_init: listen on ldapi:///
521fc7d9 daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldapi:///)
521fc7d9 daemon: listener initialized ldapi:///
521fc7d9 daemon_init: 1 listeners opened
ldap_create
521fc7d9 slapd init: initiated server.
521fc7d9 slap_sasl_init: initialized!
521fc7d9 bdb_back_initialize: initialize BDB backend
521fc7d9 bdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007)
521fc7d9 hdb_back_initialize: initialize HDB backend
521fc7d9 hdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007)
521fc7d9 mdb_back_initialize: initialize MDB backend
521fc7d9 mdb_back_initialize: MDB 0.9.7: (January 10, 2013)
521fc7d9 ==> translucent_initialize
521fc7d9 backend_startup_one: starting "cn=config"
521fc7d9 ldif_read_file: Permission denied for "/usr/local/etc/openldap/slapd.d/cn=config.ldif"
521fc7d9 send_ldap_result: conn=-1 op=0 p=0
521fc7d9 send_ldap_result: err=80 matched="" text="internal error (cannot read some entry file)"
521fc7d9 slapd destroy: freeing system resources.
521fc7d9 slapd stopped.
521fc7d9 connections_destroy: nothing to destroy.
#

My /etc/default/slapd file looks like this:

#====================================================================
# Configuration example of OpenLDAP's init script
#====================================================================

# IP and port to listen
IP="*"
SSLIP="*"
PORT="389"
SSLPORT="636"

# OpenLDAP directory and files
SLAPD_PATH="/usr/local/openldap"
SLAPD_PID_FILE="$SLAPD_PATH/var/run/slapd.pid"
SLAPD_CONF="$SLAPD_PATH/etc/openldap/slapd.conf"
SLAPD_CONF_DIR=""
SLAPD_SERVICES="ldap://$IP:$PORT ldaps://$SSLIP:$SSLPORT"
SLAPD_PARAMS=""
SLAPD_BIN="$SLAPD_PATH/libexec/slapd"
SLAPD_USER="ldap"
SLAPD_GROUP="ldap"
SLAPD_SYSLOG_LOCAL_USER="local4"

DATA_PATH="auto"

SLAPADD_BIN="$SLAPD_PATH/sbin/slapadd"
SLAPADD_PARAMS="-q"
SLAPCAT_BIN="$SLAPD_PATH/sbin/slapcat"
SLAPINDEX_BIN="$SLAPD_PATH/sbin/slapindex"
SLAPTEST_BIN="$SLAPD_PATH/sbin/slaptest"

SLURPD_PID_FILE="$SLAPD_PATH/var/run/slurpd.pid"
SLURPD_PARAMS=""
SLURPD_BIN="$SLAPD_PATH/libexec/slurpd"

# BerkeleyDB directory and files
BDB_PATH="/usr/local/berkeleydb"
DB_ARCHIVE_BIN="$BDB_PATH/bin/db_archive"
DB_RECOVER_BIN="$BDB_PATH/bin/db_recover"
RECOVER_AT_STARTUP="0"

# Backup
BACKUP_AT_SHUTDOWN="0"
BACKUP_PATH="/var/backups/openldap"
BACKUP_SUFFIX="`date +%Y%m%d%H%M%S`.ldif"
BACKUP_COMPRESS_EXT="" # gz, bz2, ...
BACKUP_COMPRESS_BIN="" # /bin/gzip, /bin/bzip2, ...
BACKUP_UNCOMPRESS_BIN="" # /bin/gunzip, /bin/bunzip2, ...

# Other
TIMEOUT="30" # Max time to stop process
FD_LIMIT="1024" # Max file descriptor
DEBUG_LEVEL="256" # Debug loglevel
SPECIAL_QUOTE="1" # Quote some command line parameters (eg: LDAP filters)


Clint