Hi all!
An LDAP newbie posting for the first time.
I can't see why I get error 49 (bad credentials) trying to run ldapadd.
My guess is it's a "sasl" thingie....
I was following the tutorial at http://www.howtoforge.com/openldap_fedora7 but got nowhere.
The goal is to set up ldap-authentication on a net of FC 7 clients and an FC 7 server.
Config files:
/etc/ldap.conf:
HOST lb.labbnet.ne.keryx.se BASE dc=lb,dc=labbnet,dc=ne,dc=keryx.se
---------- /etc/slapd.conf:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database bdb
# Only three lines changed by me suffix "dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se" rootdn "uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se" rootpw {CRYPT}tecdIjhx8TVq. # Temporary password - I will change it later!
directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
------------- Output of "/usr/bin/ldapadd -x -D 'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx.se' -W -f /root/ibunk.ldif -d 1":
ldap_initialize( <DEFAULT> ) filter: (objectclass=*) requesting: All userApplication attributes # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
------------- Output of /usr/bin/ldapadd -x -D 'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx.se' -W -f /root/ibunk.ldif -d 1 ldap_create Enter LDAP Password: <entered correctly> ldap_bind ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP lb.labbnet.ne.keryx.se:389 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 4 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush: 62 bytes to sd 4 ldap_result ld 0x9631270 msgid 1 ldap_chkResponseList ld 0x9631270 msgid 1 all 1 ldap_chkResponseList returns ld 0x9631270 NULL wait4msg ld 0x9631270 msgid 1 (infinite timeout) wait4msg continue ld 0x9631270 msgid 1 all 1 ** ld 0x9631270 Connections: * host: lb.labbnet.ne.keryx.se port: 389 (default) refcnt: 2 status: Connected last used: Thu Sep 13 17:11:22 2007
** ld 0x9631270 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** ld 0x9631270 Response Queue: Empty ldap_chkResponseList ld 0x9631270 msgid 1 all 1 ldap_chkResponseList returns ld 0x9631270 NULL ldap_int_select read1msg: ld 0x9631270 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x9631270 msgid 1 message type bind ber_scanf fmt ({eaa) ber: read1msg: ld 0x9631270 0 new referrals read1msg: mark request completed, ld 0x9631270 msgid 1 request done: ld 0x9631270 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_err2string ldap_bind: Invalid credentials (49)
Keryx Info schrieb:
Hi all! # Only three lines changed by me suffix "dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se" rootdn "uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se"
^^^^^^^^^^^^^^^^
rootpw {CRYPT}tecdIjhx8TVq. # Temporary password - I will change it later!
directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
Output of /usr/bin/ldapadd -x -D 'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx.se' -W -f /root/ibunk.ldif -d 1
^^^^^^^^^^^^^^^^^^ See?
cheers Paul
Keryx Info schrieb:
rootdn "uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se" 'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx.se' -W -f /root/ibunk.ldif -d 1
^^^^^^^^^^^^^^^^^^
pkoelle@gmail.com skrev: (and Gavin Henry saw it too)
See?
Yes! Blargh! That mistake have caused me an hour of googling and staring at my slapd.conf and changing passwords, etc. Fresh eyeballs are a blessing!
Command: /usr/bin/ldapadd -x -D 'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se' -W -f /root/ibunk.ldif -H ldap://localhost
Output: Enter LDAP Password: adding new entry "dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se"
*Next hurdle*
Should I not see it now with an "ldapsearch -x"?
Also, I have added "loglevel any" to slapd.conf. What logfile should I check? /var/log/messages was my guess.
Output below.
Is this a problem or can I proceed? and if so, is this a good tutorial: http://www.howtoforge.com/linux_openldap_setup_server_client
Lars Gunther
PS Output of ldapsearch:
# extended LDIF # # LDAPv3 # base <> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
Keryx Info wrote:
Keryx Info schrieb:
rootdn "uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se" 'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx.se' -W -f /root/ibunk.ldif -d 1
^^^^^^^^^^^^^^^^^^pkoelle@gmail.com skrev: (and Gavin Henry saw it too)
See?
Yes! Blargh! That mistake have caused me an hour of googling and staring at my slapd.conf and changing passwords, etc. Fresh eyeballs are a blessing!
Command: /usr/bin/ldapadd -x -D 'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se' -W -f /root/ibunk.ldif -H ldap://localhost
Output: Enter LDAP Password: adding new entry "dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se"
*Next hurdle*
Should I not see it now with an "ldapsearch -x"?
Didn't you have the same typo in ldap.conf?
Also, I have added "loglevel any" to slapd.conf. What logfile should I check? /var/log/messages was my guess.
what ever is set in syslog.conf
See our FAQ for how to set this
Keryx Info skrev, on 13-09-2007 21:37:
[...]
*Next hurdle*
Should I not see it now with an "ldapsearch -x"?
Also, I have added "loglevel any" to slapd.conf. What logfile should I check? /var/log/messages was my guess.
Output below.
Is this a problem or can I proceed? and if so, is this a good tutorial: http://www.howtoforge.com/linux_openldap_setup_server_client
Lars Gunther
PS Output of ldapsearch:
# extended LDIF # # LDAPv3 # base <> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
Probably because you still have the same, incorrect, search base in ldap.conf and haven't given a new search base in your ldapsearch command. "result: 32 No such object" is a dead giveaway.
/etc/ldap.conf:
HOST lb.labbnet.ne.keryx.se BASE dc=lb,dc=labbnet,dc=ne,dc=keryx.se
Also, take a look at section 5.3.5. Access Control Examples in the admin guide; that's going to be your next hurdle.
--Tonni
<quote who="Keryx Info">
Hi all!
An LDAP newbie posting for the first time.
I can't see why I get error 49 (bad credentials) trying to run ldapadd.
My guess is it's a "sasl" thingie....
Nope, typo:
'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx.se'
should be:
'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se'
Try that.
Also wrong in your /etc/ldap.conf file
I was following the tutorial at http://www.howtoforge.com/openldap_fedora7 but got nowhere.
The goal is to set up ldap-authentication on a net of FC 7 clients and an FC 7 server.
Config files:
/etc/ldap.conf:
HOST lb.labbnet.ne.keryx.se BASE dc=lb,dc=labbnet,dc=ne,dc=keryx.se
/etc/slapd.conf:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database bdb
# Only three lines changed by me suffix "dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se" rootdn "uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se" rootpw {CRYPT}tecdIjhx8TVq. # Temporary password - I will change it later!
directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
Output of "/usr/bin/ldapadd -x -D 'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx.se' -W -f /root/ibunk.ldif -d 1":
ldap_initialize( <DEFAULT> ) filter: (objectclass=*) requesting: All userApplication attributes # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
Output of /usr/bin/ldapadd -x -D 'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx.se' -W -f /root/ibunk.ldif -d 1 ldap_create Enter LDAP Password: <entered correctly> ldap_bind ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP lb.labbnet.ne.keryx.se:389 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 4 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush: 62 bytes to sd 4 ldap_result ld 0x9631270 msgid 1 ldap_chkResponseList ld 0x9631270 msgid 1 all 1 ldap_chkResponseList returns ld 0x9631270 NULL wait4msg ld 0x9631270 msgid 1 (infinite timeout) wait4msg continue ld 0x9631270 msgid 1 all 1 ** ld 0x9631270 Connections:
- host: lb.labbnet.ne.keryx.se port: 389 (default) refcnt: 2 status: Connected last used: Thu Sep 13 17:11:22 2007
** ld 0x9631270 Outstanding Requests:
- msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0
** ld 0x9631270 Response Queue: Empty ldap_chkResponseList ld 0x9631270 msgid 1 all 1 ldap_chkResponseList returns ld 0x9631270 NULL ldap_int_select read1msg: ld 0x9631270 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x9631270 msgid 1 message type bind ber_scanf fmt ({eaa) ber: read1msg: ld 0x9631270 0 new referrals read1msg: mark request completed, ld 0x9631270 msgid 1 request done: ld 0x9631270 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_err2string ldap_bind: Invalid credentials (49)
openldap-software@openldap.org
-
Gavin Henry -
Gavin Henry -
Keryx Info -
pkoelle@gmail.com -
Tony Earnshaw