Full_Name: Fabrice Ducos Version: 2.4.48 OS: OSX 10.14.6 Mojave URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (90.110.219.170)
I have installed OpenLDAP 2.4.48 from sources with SASL support.
For the moment, I am not using SASL. I have created a small toy directory with a few records. I have got no problem reading it with the local utilities (slap cat, etc). Now I am in the course of playing with the client tools.
In my ldap.conf, I have got the following directives:
URI ldap://localhost BASE dc=myrealm,dc=mydomain,dc=org BINDDN cn=root,ou=users,dc=myrealm,dc=mydomain,dc=org
(root is the name I gave to my the rootdn account in slapd.conf)
The ldap.conf file has been put at the right place under /usr/local/etc/openldap
When I perform the following command: ldapsearch -x -W -D 'cn=root,ou=users,dc=myrealm,dc=mydomain,dc=org' (with -x to force a simple binding) I get the results I expect from the directory, starting from BASE (no need for a -b option).
However, when I test: ldapsearch -x -W (with -D), I would expect to get the same result, the binding DN being set up from ldap.conf BINDDN. However, it fails: Enter LDAP Password: ldap_bind: Invalid credentials (49) (this is not a problem of password, otherwise it would also fail in the first test; I use the same password in both).
I put the example files under incoming/binddn_2019-08-18 on your ftp server. The passwords are unencrypted in these sample files (encryption of passwords in another topic), but it doesn't explain why the root password from slapd.conf is recognised with -W -D and not with -W alone.
Thank for your assistance.