I am attempting to setup an LDAP server under CentOS 5.4.
However I am unable to search my ldap directory even tho I am supplying the proper credentials for the Manager account:
[root@ldap openldap]# ldapsearch -x -h ldap -D 'cn=Manager,dc=example,dc=net' -W -b 'dc=example,dc=net' Enter LDAP Password: ldap_bind: Invalid credentials (49)
Anonymous searches do work however:
ldapsearch -x -h ldap -b "dc=example,dc=net" -s sub "objectclass=*"
[root@ldap openldap]# ldapsearch -x -h ldap -b "dc=example,dc=net" -s sub "objectclass=*" # extended LDIF # # LDAPv3 # base <dc=example,dc=net> with scope subtree # filter: objectclass=* # requesting: ALL #
# search result search: 2 result: 32 No such object
I am currently attempting to use the actual word 'secret' to authenticate the Manager account:
database bdb suffix "dc=example,dc=net" rootdn "cn=Manager,dc=example,dc=net" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # rootpw {CRYPT}secret
And I am getting error 49's in my openldap logs with loglevel set to 296
/var/log/openldap.log
Nov 2 15:45:58 ldap slapd[3522]: slapd starting Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:44552 (IP=0.0.0.0:389) Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=net" method=128 Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 RESULT tag=97 err=49 text= Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 closed (connection lost)
this is how I have configured my ldap.conf
BASE dc=example,dc=net HOST localhost URI ldap://ldap.example.net
and for some reason slapd is listening on port 3774 even tho I haven't told it to:
[root@ldap network-scripts]# netstat -tulnp | grep 389 tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 3774/slapd [root@ldap network-scripts]# netstat -tulnp | grep slapd tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 3774/slapd
I haven't specified port 3774 _anywhere_ in my ldap config:
[root@ldap network-scripts]# grep 3774 /etc/ldap
thanks in advance for your help
On Tue, 2010-11-02 at 16:28 -0400, Tim Dunphy wrote:
I am attempting to setup an LDAP server under CentOS 5.4.
However I am unable to search my ldap directory even tho I am supplying the proper credentials for the Manager account:
[root@ldap openldap]# ldapsearch -x -h ldap -D 'cn=Manager,dc=example,dc=net' -W -b 'dc=example,dc=net' Enter LDAP Password: ldap_bind: Invalid credentials (49)
Anonymous searches do work however:
ldapsearch -x -h ldap -b "dc=example,dc=net" -s sub "objectclass=*"
[root@ldap openldap]# ldapsearch -x -h ldap -b "dc=example,dc=net" -s sub "objectclass=*" # extended LDIF # # LDAPv3 # base <dc=example,dc=net> with scope subtree # filter: objectclass=* # requesting: ALL #
# search result search: 2 result: 32 No such object
I am currently attempting to use the actual word 'secret' to authenticate the Manager account:
database bdb suffix "dc=example,dc=net" rootdn "cn=Manager,dc=example,dc=net" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # rootpw {CRYPT}secret
And I am getting error 49's in my openldap logs with loglevel set to 296
/var/log/openldap.log
Nov 2 15:45:58 ldap slapd[3522]: slapd starting Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:44552 (IP=0.0.0.0:389) Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 BIND dn="cn=Manager,dc=example,dc=net" method=128 Nov 2 15:46:14 ldap slapd[3522]: conn=0 op=0 RESULT tag=97 err=49 text= Nov 2 15:46:14 ldap slapd[3522]: conn=0 fd=11 closed (connection lost)
this is how I have configured my ldap.conf
BASE dc=example,dc=net HOST localhost URI ldap://ldap.example.net
and for some reason slapd is listening on port 3774 even tho I haven't told it to:
[root@ldap network-scripts]# netstat -tulnp | grep 389 tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 3774/slapd [root@ldap network-scripts]# netstat -tulnp | grep slapd tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 3774/slapd
I haven't specified port 3774 _anywhere_ in my ldap config:
[root@ldap network-scripts]# grep 3774 /etc/ldap
thanks in advance for your help
---- that is process id 3774 and not a port - the port is clearly 389
I would suggest that you not have both HOST and URI, choose one or the other.
In the above configuration, it would appear that 'secret' is the password for rootbinddn of "cn=Manager,dc=example,dc=net"
the error 49 does indeed mean what it says, invalid credentials meaning the user/password combination isn't working.
try ldapsearch -x -h localhost -b "dc=example,dc=net" \ -s sub "objectclass=*" -W -D 'cn=Manager,dc=example,dc=net'
Craig
-
Craig White -
Tim Dunphy