Ldap Server Problem: ldap_bind: Invalid credentials (49)
144 views
Skip to first unread message
vivek mishra
Jul 23, 2011, 3:02:30 AM7/23/11
to live-into-linux
Hi all
My I have configured ldap server in Rhel5.4 32 bit. When I start the
service # service ldap start it is running.
But when I run the # ldapadd command to add ldif in database it is
showing error ldap_bind: Invalid credentials (49)
Hostname-rhel5server
Ip-192.168.20.195
Domain-test.com
I am sending my /etc/hosts,/etc/openldap/slapd.conf file.
Pl suggest.
[root@rhel5server ldap]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.20.195 rhel5server.test.com rhel5server
[root@rhel5server ldap]#
[root@rhel5server ldap]# cat /etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/dnszone.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath /usr/lib/openldap
# modules available in openldap-servers-overlays RPM package:
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload denyop.la
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload lastmod.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload smbk5pwd.la
# moduleload syncprov.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la
# modules available in openldap-servers-sql RPM package:
# moduleload back_sql.la
# The next three lines allow use of TLS for encrypting connections
using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions
on
# slapd.pem so that the ldap user or group can read it. Your client
software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=test,dc=com"
rootdn "cn=Manager,dc=test,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {SSHA}ZoJJS+t6ikKb457XDbn6yi3p5xhEidTD
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/test.com
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master...@EXAMPLE.COM
regards
vivek
My I have configured ldap server in Rhel5.4 32 bit. When I start the
service # service ldap start it is running.
But when I run the # ldapadd command to add ldif in database it is
showing error ldap_bind: Invalid credentials (49)
Hostname-rhel5server
Ip-192.168.20.195
Domain-test.com
I am sending my /etc/hosts,/etc/openldap/slapd.conf file.
Pl suggest.
[root@rhel5server ldap]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.20.195 rhel5server.test.com rhel5server
[root@rhel5server ldap]#
[root@rhel5server ldap]# cat /etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/dnszone.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath /usr/lib/openldap
# modules available in openldap-servers-overlays RPM package:
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload denyop.la
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload lastmod.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload smbk5pwd.la
# moduleload syncprov.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la
# modules available in openldap-servers-sql RPM package:
# moduleload back_sql.la
# The next three lines allow use of TLS for encrypting connections
using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions
on
# slapd.pem so that the ldap user or group can read it. Your client
software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=test,dc=com"
rootdn "cn=Manager,dc=test,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {SSHA}ZoJJS+t6ikKb457XDbn6yi3p5xhEidTD
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/test.com
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master...@EXAMPLE.COM
regards
vivek
me4u
Jul 29, 2011, 3:49:51 AM7/29/11
to live-into-linux
error shows that the credentials you passwd with the command ldapadd
are not correct. BTW what command you used to add the users. Please
send that too.
> # authcId=host/ldap-master.example....@EXAMPLE.COM
>
> regards
> vivek
are not correct. BTW what command you used to add the users. Please
send that too.
>
> regards
> vivek
vivek mishra
Jul 29, 2011, 11:17:30 AM7/29/11
to live-in...@googlegroups.com
Hi I have done this configuration-
Domain Name : test.com
Host Name : rhel5server
IP Address : 192.168.20.195
Installed RPMs for LDAP server
a. Openldap
b. Openldap-devel
c. Openldap-clients
d. Openldap-servers
e. Nss_ldap
# mkdir /var/lib/ldap/test.com
# chown ldap:ldap /var/lib/ldap/test.com
#slappasswd
# vi /etc/openldap/slapd.conf ( mentioned in above)
# service ldap start
Note-It is started successfully
# useradd -g users ldaptest
# passwd ldaptest
#grep ldaptest /etc/passwd /etc/openldap/passwd.ldaptest
#grep root /etc/passwd > /etc/openldap/passwd.root
# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.ldaptest /etc/openldap/ldaptest.ldif
# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
# vi /etc/openldap/ldaptest.ldif
dn: uid=ldaptest,ou=People,dc=test,dc=com
uid: ldaptest
cn: ldaptest
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$Z2XOYyLu$QNCNnYWqL1hh9.7S3HWEv.
shadowLastChange: 14771
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 503
gidNumber: 100
homeDirectory: /home/ldaptest
#vi /etc/openldap/root.ldif
dn: uid=root,ou=People,dc=test,dc=com
uid: root
cn: Manager
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$RyAMPQs9$LejMX5ACSu2Qe4Os6fzFa/
shadowLastChange: 14766
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root
dn: uid=operator,ou=People,dc=test,dc=com
uid: operator
cn: operator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}*
shadowLastChange: 14711
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 11
gidNumber: 0
homeDirectory: /root
gecos: operator
#vi /etc/openldap/test.com.ldif
dn: dc=test,dc=com
dc: test
description: Root LDAP entry for tech.in
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=People,dc=test,dc=com
ou: People
description: All people in organisation
objectClass: organizationalUnit
# ldapadd -x -D "cn=Manager,dc=test,dc=com" -W -f /etc/openldap/test.com.ldif
enterldap password after giving passwd it is giving below error
ldap_bind: Invalid credentials (49)
regards
vivek
>
> regards
> vivek
--
You received this message because you are subscribed to the Google Groups "live-into-linux" group.
To post to this group, send email to live-in...@googlegroups.com.
To unsubscribe from this group, send email to live-into-lin...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/live-into-linux?hl=en.
Reply all
Reply to author
Forward
0 new messages