First off, thanks for all the help on the CentOS 5 nsswitch.conf thing I ran into. I meant to reply to the thread, but I unfortunately deleted it from my mail client. It appears that "bind_type soft" did fix it, but I'm not certain (I can't reboot the server again to verify right now).
However, I've run into an new weirdie. I've created a fairly simple shell script that creates an appropriate LDIF file to add users to my database. It then calls "ldapadd" to add the user:
RES=`ldapadd -U root -w $LDAPPWD -f $OUTFILE`
However, when the script runs, the ldapadd is rejected with:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
The EXACT SAME command (after the variables are expanded) run from the command line works fine. I suspect it's this "ldap_sasl_interactive_bind_s" that's wonky since the command is being launched from inside a shell script and isn't interactive at that point, but is there a way around this? ---------------------------------------------------------------------- - Rick Stevens, Unix Geek rps2@socal.rr.com - - - - The gene pool could use a little chlorine. - ----------------------------------------------------------------------
Rick Stevens wrote:
I've created a fairly simple shell script that creates an appropriate LDIF file to add users to my database. It then calls "ldapadd" to add the user:
RES=`ldapadd -U root -w $LDAPPWD -f $OUTFILE`However, when the script runs, the ldapadd is rejected with:
ldap_sasl_interactive_bind_s: Invalid credentials (49)The EXACT SAME command (after the variables are expanded) run from the command line works fine.
Could you please check that it's *exactly* the same line by adding a line with "echo $RES" as test output to your script?
Ciao, Michael.
Michael Ströder wrote:
Rick Stevens wrote:
I've created a fairly simple shell script that creates an appropriate LDIF file to add users to my database. It then calls "ldapadd" to add the user:
RES=`ldapadd -U root -w $LDAPPWD -f $OUTFILE`However, when the script runs, the ldapadd is rejected with:
ldap_sasl_interactive_bind_s: Invalid credentials (49)The EXACT SAME command (after the variables are expanded) run from the command line works fine.
Could you please check that it's *exactly* the same line by adding a line with "echo $RES" as test output to your script?
I actually had the script put the command into a variable and echoed the variable. I cut-and-pasted the output into another xterm and it worked. That's why I'm confused.
Here's an example:
From the script: -------------------------------------------------------------------- Adding user to LDAP database...Command is ldapadd -U root -w 'FuNkyP@sswd' -f /tmp/userdata.ldif SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: client response doesn't match what we generated --------------------------------------------------------------------
And if I cut-n-paste the command: -------------------------------------------------------------------- ldapadd -U root -w 'FuNkyP@sswd' -f /tmp/userdata.ldif SASL/DIGEST-MD5 authentication started SASL username: root SASL SSF: 128 SASL installing layers adding new entry "cn=testuser,ou=Group,dc=billing,dc=com"
adding new entry "uid=testuser,ou=People,dc=billing,dc=com" --------------------------------------------------------------------
Both script and command-line insertion executed as root. You see my dilemma.
---------------------------------------------------------------------- - Rick Stevens, Unix Geek rps2@socal.rr.com - - - - Veni, Vidi, VISA: I came, I saw, I did a little shopping. - ----------------------------------------------------------------------
Rick Stevens wrote:
From the script: ldapadd -U root -w 'FuNkyP@sswd' -f /tmp/userdata.ldif [..] ldapadd -U root -w 'FuNkyP@sswd' -f /tmp/userdata.ldif
Maybe different handling of the single quotes around the password in your user shell and the script's shell? Just a wild guess though.
Ciao, Michael.
Michael Ströder wrote:
Rick Stevens wrote:
From the script: ldapadd -U root -w 'FuNkyP@sswd' -f /tmp/userdata.ldif [..] ldapadd -U root -w 'FuNkyP@sswd' -f /tmp/userdata.ldif
Maybe different handling of the single quotes around the password in your user shell and the script's shell? Just a wild guess though.
Well, I'm doing the single quotes to hide any special characters (the actual password contains a bang ("!") in it). Both the command script and the command line shell are bash, so I can't see anything odd there.
---------------------------------------------------------------------- - Rick Stevens, Unix Geek rps2@socal.rr.com - - - - Any sufficiently advanced technology is indistinguishable from a - - rigged demo. - ----------------------------------------------------------------------
Rick Stevens wrote:
Michael Ströder wrote:
Rick Stevens wrote:
From the script: ldapadd -U root -w 'FuNkyP@sswd' -f /tmp/userdata.ldif [..] ldapadd -U root -w 'FuNkyP@sswd' -f /tmp/userdata.ldif
Maybe different handling of the single quotes around the password in your user shell and the script's shell? Just a wild guess though.
Well, I'm doing the single quotes to hide any special characters (the actual password contains a bang ("!") in it).
I vaguely remember that I had problems with ! even when quoted. How about setting and trying another password.
Those issues are exactly the reasons why I always recommend to use a decent scripting language like Perl, Python or others with a decent LDAP module instead of a shell-script which invokes the command-line tools. Escaping/quoting rules for strings and also error handling is much better there.
Ciao, Michael.
openldap-software@openldap.org
-
Michael Ströder -
Rick Stevens