Dan Burkland wrote:
-----Original Message----- From: openldap-software-bounces+dburklan=nmdp.org@OpenLDAP.org [mailto:openldap-software-bounces+dburklan=nmdp.org@OpenLDAP.org] On Behalf Of Joshua Lim Sent: Monday, May 17, 2010 12:21 PM To: openldap-software@openldap.org Subject: Re: do_bind: invalid dn
Any thoughts? I tried the following, entered the correct password 'password' and got: ldap_bind: Invalid credentials (49)
ldapsearch -x -D cn=wael,dc=click,dc=com -h localhost -W -b '' namingContexts
Log shows:
slap_listener_activate(2):
slap_listener(ldap://JOSHUAPC:389)
connection_get(10): got connid=0 connection_read(10): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 47 contents: op tag 0x60, time 1273506428 ber_get_next conn=0 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber:
dnPrettyNormal: <cn=wael,dc=click,dc=com>
<<< dnPrettyNormal: <cn=wael,dc=click,dc=com>, <cn=wael,dc=click,dc=com> do_bind: version=3 dn="cn=wael,dc=click,dc=com" method=128 send_ldap_result: conn=0 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=49 ber_flush2: 22 bytes to sd 2140 connection_get(10): got connid=0 connection_read(10): checking for input on id=0 ber_get_next ber_get_next on fd 10 failed errno=0 (unknown WSA error) connection_close: conn=0 sd=10
My slapd.conf (i basically used the default, only suffix, rootdn and rootpw is changed):
database bdb suffix "dc=click,dc=com" rootdn "cn=wael,dc=click,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw password # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory ./data dirtyread searchstack 20 # Indices to maintain index mail pres,eq index objectclass pres index default eq,sub index sn eq,sub,subinitial index telephonenumber index cn
I may be wrong but I believe your rootpw value needs to be a hash value. Use slappasswd to generate one and then replace password with it. Restart the service and let me know if you experience the same issue.
Regards,
Dan
Thanks Dan, yes, that was the reason. :)