All geek questions in one place

Password entry LDAP continues to say ldap_bind: Invalid credentials (49)

I searched everywhere for a solution to my problem, but still could not find it. I have two simple files: sladp.conf and mytree.ldif, and when I try to add something to mytree.ldif, it keeps asking me about the password (which I think roopw is defined in slapd.conf), but it doesn't work, I really need help with this.

These are my files:

slapd.conf

database dbd suffix "dc=ers,dc=uminho,dc=pt" rootdn "cn=Manager,dc=ers,dc=uminho,dc=pt" rootpw ersadmin directory /usr/local/var/openldap-data

mytree.ldif

 dn: dc=ers, dc=uminho, dc=pt objectclass: dcObject objectclass: organization o: ERS dc: ers dn: cn=Manager,dc=ers,dc=uminho,dc=pt objectclass: organizationalRole cn: Manager

And here is what I am trying to do and my answer is:

 sudo ldapadd -x -D "cn=Manager,dc=ers,dc=uminho,dc=pt" -W -f /etc/ldap/mytree.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)

I already tried to encrypt the password using

 slappasswd -h {SHA} -s ersadmin

and modifying my slapd.conf file

 password-hash {SHA} rootpw {SHA}pLEBIPx4rW3eebpwACBGAZkNH4CVBRGW

but it didn’t work. Thanks in advance.

+6
source share
3 answers

This question may be better suited for http://serverfault.com .

It seems your problem is with the bind (authentication) phase, so you should test with ldapsearch and get this working before trying to modify the database. Try:

 ldapsearch -x -D cn=Manager,dc=ers,dc=uminho,dc=pt -w ersadmin

Assuming this gives you the same error, check your OpenLDAP log file (by default it is logged in syslog, although this is system dependent). See if even the connection connects to the server and it turns out why it rejects it. If the log file does not give you enough information, enable debug logging in slapd.conf (trace / acl).

If he does not even see the connection, you can authenticate with some other server, this is usually configured in ${prefix}/etc/ldap.conf .

Also, make sure slapd is actually using slapd.conf and not another configuration source (maybe it uses slapd.d or slapd.conf elsewhere).

In addition to the log file, please always indicate which version of OpenLDAP you are using, as there are big differences between 2.3 and 2.4 (and even between minor versions).

+12
source

I ran into a problem many times, and here checking the solution for rootpw in slapd.conf that you entered as shown below means that the space will be added randomly

just copy the below and restart the ldap service

 database bdb suffix "dc=ldaptest,dc=com" rootdn "cn=Manager,dc=ldaptest,dc=com" rootpw {SSHA}Bnrl4t23XQxT3uzlC9AxO+hm6DNpps`Hello`

the above in my case will change your Distinguished Name based on your case, please let me know that once it is allowed

0
source

For me it works like this

 slappasswd -h {SHA} -s ersadmin

and modifying my slapd.conf file (old encrypted)

 rootpw {SHA}pLEBIPx4rW3eebpwACBGAZkNH4CVBRGW
-1
source

Source: https://habr.com/ru/post/889649/

More articles:


All Articles