John Nietzsche wrote:
Dear gentleman,
i have installed openldap with sasl and ssl support. I am facing a strange scenario:
Although i can do every operation with the rootdn/rootpwd in /etc/ldap/slapd.conf i cannot log in with another DN. I does not matter how i tried, using SASL or even simple bind on a dn.
What have realized that userPassword attribute type is changed from what i feed ldapadd with my lidf file.
For instance: the entry from a ldif was:
dn: uid=sioux,ou=people,dc=ufv,dc=br objectClass: account objectClass: posixAccount objectClass: top cn: sioux uid: sioux uidNumber: 1000 gidNumber: 1000 homeDirectory: /home/sioux userPassword: {SSHA}zK8OHcZn/Jz9Dj2ssRo4P8zY3uAD+5Ua loginShell: /bin/sh gecos: The root of all evil
But when i perform a command like:
sioux@centauro:~$ ldapsearch -x -LLL -D 'cn=admin,dc=ufv,dc=br' -W '(uid=sioux)' Enter LDAP Password: dn: uid=sioux,ou=people,dc=ufv,dc=br objectClass: account objectClass: posixAccount objectClass: top cn: sioux uid: sioux uidNumber: 1000 gidNumber: 1000 homeDirectory: /home/sioux userPassword:: e1NTSEF9eks4T0hjWm4vSno5RGoyc3NSbzRQOHpZM3VBRCs1VWE= loginShell: /bin/sh gecos: The root of all evil
sioux@centauro:~$
Realize that userPassword is totally diiferent from what is in the ldif file.
When i try to log:
sioux@centauro:~$ ldapsearch -x -LLL -D 'cn=sioux,ou=people,dc=ufv,dc=br' -W '(uid=sioux)' Enter LDAP Password: ldap_bind: Invalid credentials (49) sioux@centauro:~$
May some one help me?
What you see is your userPassword base64-encoded. Invalid credentials does not necessarily means incorrect password. It means invalid DN/userPassword pair. How can you bind as "uid=sioux,ou=people,dc=ufv,dc=br" when you pass "cn=sioux,ou=people,dc=ufv,dc=br" to ldapsearch?
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------