In most places below I've replaced my actual domain with "example.com".
I created the password "secret" like this:
[root@db workarea]# slappasswd -c crypt
New password:
Re-enter new password:
{CRYPT}crcCmS9I6zJVQ
Then, the ldif:
dn: cn=Ron,ou=Zimbra,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Ron
gn: Ron
sn: Jones
mail: ron@scbbs.com
postalAddress: PO Box 1000
l: El Segundo
st: California
ou: Zimbra
postalCode: 90222
telephoneNumber: +1-310.323.7033
mobile: +1-310.323.7033
homePhone: +1-310.323.7033
initials: RP
userPassword: {CRYPT}crcCmS9I6zJVQ
Then I added it to the database:
[root@db workarea]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f zimbra03.ldif
Enter LDAP Password:
adding new entry "cn=Ron,ou=Zimbra,dc=example,dc=com"
Next, I checked to make sure it was there:
ldapsearch -H "ldap://example.com" -D 'cn=Manager,dc=example,dc=com' -x -W
# Ron, Zimbra, example.com
dn: cn=Ron,ou=Zimbra,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Ron
givenName: Ron
sn: Jones
mail: ron@example.com
postalAddress: PO Box 1000
l: El Segundo
st: California
ou: Zimbra
postalCode: 90222
telephoneNumber: +1-310.323.7033
mobile: +1-310.323.7033
homePhone: +1-310.323.7033
initials: RP
userPassword:: e0NSWVBUfWNyY0NtUzlJNnpKVlE=
Finally, I try to log in as this user to do a search:
ldapsearch -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -x -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Here's the debug output (note that ber_flush: shows the actual domain I am using):
ldap_createOn 7/13/07, Ron Parker <sysop@scbbs.com> wrote:
I have created a bdb database using openldap on a RH Linux server with
basically the default configuration.
I'm able to log in with an LDAP client using the root dn and password:
"cn=Manager, dc=example, dc=com" (using "example.com" here instead of my
actual domain)
I've created an Organizational Unit called "Zimbra", and under Zimbra, I
have inetOrgPerson "Ron"
com
example
organizationalUnit = Zimbra
inetOrgPerson = Ron
Using ldapmodify (logging in as rootdn) I gave inetOrgPerson Ron a
password (userPassword)
In slapd.conf, I've given Ron access to write to the Zimbra ou:
access to dn.base="ou=Zimbra,dc=example,dc=com"
by dn="cn=Ron,ou=Zimbra,dc=example,dc=com" write
When I then use the following settings to log in as Ron using an LDAP
client, I get "Invalid Credentials (49)" error:
Host: example.com
Port: 389
Protocol: LDAP v3
DSML Service:
Base DN: ou=Zimbra,dc=example,dc=com
Level: User+Password
User DN: cn=Ron,ou=Zimbra,dc=example,dc=com
Password: <the password I set for inetOrgPerson Ron in userPassword field>
I thought this might have been an issue with my LDAP client, so I also
tried logging in locally on the server, using only ldapsearch:
ldapsearch -v -H "ldap://example.com" -D
'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
And still get same error. Again, I can log in using rootdn (i.e.,
"Manger"), but not as any other user.
Can someone point out to me what I'm missing? Thanks so much for any
assistance.
Can you show the ldif you used to add this user and the output of a
search for him?
__________ NOD32 2398 (20070714) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
-- Ron Parker Software Creations http://www.scbbs.com Self-Administration Web Site http://saw.scbbs.com SDSS Subscription Mgmt Service http://sdss.scbbs.com Central Ave Dance Ensemble http://www.centralavedance.com R & B Salsa http://www.randbsalsa.com