Thanks for the response.  Step by step:

In most places below I've replaced my actual domain with "example.com".

I created the password "secret" like this:

[root@db workarea]# slappasswd -c crypt
New password:
Re-enter new password:
{CRYPT}crcCmS9I6zJVQ

Then, the ldif:

dn: cn=Ron,ou=Zimbra,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Ron
gn: Ron
sn: Jones
mail: ron@scbbs.com
postalAddress: PO Box 1000
l: El Segundo
st: California
ou: Zimbra
postalCode: 90222
telephoneNumber: +1-310.323.7033
mobile: +1-310.323.7033
homePhone: +1-310.323.7033
initials: RP
userPassword: {CRYPT}crcCmS9I6zJVQ

Then I added it to the database:

[root@db workarea]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f zimbra03.ldif
Enter LDAP Password:
adding new entry "cn=Ron,ou=Zimbra,dc=example,dc=com"

Next, I checked to make sure it was there:

ldapsearch -H "ldap://example.com" -D 'cn=Manager,dc=example,dc=com' -x -W

# Ron, Zimbra, example.com
dn: cn=Ron,ou=Zimbra,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Ron
givenName: Ron
sn: Jones
mail: ron@example.com
postalAddress: PO Box 1000
l: El Segundo
st: California
ou: Zimbra
postalCode: 90222
telephoneNumber: +1-310.323.7033
mobile: +1-310.323.7033
homePhone: +1-310.323.7033
initials: RP
userPassword:: e0NSWVBUfWNyY0NtUzlJNnpKVlE=

Finally, I try to log in as this user to do a search:

ldapsearch -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -x -W

Enter LDAP Password:
ldap_bind: Invalid credentials (49)

Here's the debug output (note that ber_flush: shows the actual domain I am using):

ldap_create
ldap_url_parse_ext(ldap://example.com)
Enter LDAP Password:
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP example.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying <my host ip>:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 58 bytes to sd 3
0000: 30 38 02 01 01 60 33 02 01 03 04 26 63 6e 3d 52 08...`3....&cn=R
0010: 6f 6e 2c 6f 75 3d 5a 69 6d 62 72 61 2c 64 63 3d on,ou=Zimbra,dc=
0020: 64 62 2c 64 63 3d 73 63 62 62 73 2c 64 63 3d 63 db,dc=scbbs,dc=c
0030: 6f 6d 80 06 73 65 63 72 65 74 om..secret
ldap_write: want=58, written=58
0000: 30 38 02 01 01 60 33 02 01 03 04 26 63 6e 3d 52 08...`3....&cn=R
0010: 6f 6e 2c 6f 75 3d 5a 69 6d 62 72 61 2c 64 63 3d on,ou=Zimbra,dc=
0020: 64 62 2c 64 63 3d 73 63 62 62 73 2c 64 63 3d 63 db,dc=scbbs,dc=c
0030: 6f 6d 80 06 73 65 63 72 65 74 om..secret
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: example.com port: 389 (default)
refcnt: 2 status: Connected
last used: Fri Jul 13 19:58:03 2007

** Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 61 07 0a 0....a..
ldap_read: want=6, got=6
0000: 01 31 04 00 04 00 .1....
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x08a58348 ptr=0x08a58348 end=0x08a58354 len=12
0000: 02 01 01 61 07 0a 01 31 04 00 04 00 ...a...1....
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08a58348 ptr=0x08a5834b end=0x08a58354 len=9
0000: 61 07 0a 01 31 04 00 04 00 a...1....
read1msg: 0 new referrals
read1msg: mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08a58348 ptr=0x08a5834b end=0x08a58354 len=9
0000: 61 07 0a 01 31 04 00 04 00 a...1....
ber_scanf fmt (}) ber:
ber_dump: buf=0x08a58348 ptr=0x08a58354 end=0x08a58354 len=0

ldap_msgfree
ldap_perror
ldap_bind: Invalid credentials (49)

Thanks!

-ron

matthew sporleder wrote:
On 7/13/07, Ron Parker <sysop@scbbs.com> wrote:
I have created a bdb database using openldap on a RH Linux server with
basically the default configuration.

I'm able to log in with an LDAP client using the root dn and password:
"cn=Manager, dc=example, dc=com" (using "example.com" here instead of my
actual domain)

I've created an Organizational Unit called "Zimbra", and under Zimbra, I
have inetOrgPerson "Ron"

com
example
organizationalUnit = Zimbra
inetOrgPerson = Ron

Using ldapmodify (logging in as rootdn) I gave inetOrgPerson Ron a
password (userPassword)

In slapd.conf, I've given Ron access to write to the Zimbra ou:

access to dn.base="ou=Zimbra,dc=example,dc=com"
by dn="cn=Ron,ou=Zimbra,dc=example,dc=com" write

When I then use the following settings to log in as Ron using an LDAP
client, I get "Invalid Credentials (49)" error:

Host: example.com
Port: 389
Protocol: LDAP v3
DSML Service:
Base DN: ou=Zimbra,dc=example,dc=com
Level: User+Password
User DN: cn=Ron,ou=Zimbra,dc=example,dc=com
Password: <the password I set for inetOrgPerson Ron in userPassword field>

I thought this might have been an issue with my LDAP client, so I also
tried logging in locally on the server, using only ldapsearch:

ldapsearch -v -H "ldap://example.com" -D
'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'

And still get same error. Again, I can log in using rootdn (i.e.,
"Manger"), but not as any other user.

Can someone point out to me what I'm missing? Thanks so much for any
assistance.


Can you show the ldif you used to add this user and the output of a
search for him?

__________ NOD32 2398 (20070714) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com





-- 
Ron Parker
Software Creations               http://www.scbbs.com
Self-Administration Web Site     http://saw.scbbs.com
SDSS Subscription Mgmt Service   http://sdss.scbbs.com
Central Ave Dance Ensemble       http://www.centralavedance.com
R & B Salsa                      http://www.randbsalsa.com