Ron Parker sysop@scbbs.com writes:
the FAQ will put you in the right direction http://www.openldap.org/faq/data/cache/344.html
I tried both of these:
perl -e 'print("userPassword: {CRYPT}".crypt("secret","salt")."\n");' which gives me: userPassword: {CRYPT}saHW9GdxihkGQ
perl -e 'use Crypt::PasswdMD5;print("userPassword: {CRYPT}".unix_md5_crypt("password","salt")."\n");' which gives me: userPassword: {CRYPT}$1$salt$qJH7.N4xYta3aEG/dfqo/0
I modifified "cn=Ron,ou=Zimbra,dc=example,dc=com" with each. Example:
[...]
and tried to login as "Ron" using each:
ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
When prompted for the password, I enter either "secret" or "password" (depending upon the userPassword I modified user with) and still get "Invalid Credentials (49)".
The rootdn password works just fine. Why won't any of the user passwords work?
Dieter wrote:
"You probabely compiled openldap with-crypt and with-ssl, thus loading libcrypt and libcrypto, which will put clients and server in an unpredictable state."
On my RHEL 4 system I have the following rpms installed:
openldap-2.2.13-7.4E openldap-clients-2.2.13-7.4E openldap-devel-2.2.13-7.4E openldap-servers-2.2.13-7.4E compat-openldap-2.1.30-7.4E
I'm using the openldap-server and trying to log in using the openldap-client.
"The FAQ states that openldap and clients have to be build with the same crypt library. On my system (SuSE Linux-9.3) perl has been build with libcrypt, while openldap has been build with libcrypto. Please check your system and refrain from using cryt password hashes if possible."
I'm not sure what the above means, or rather, what I need to do.
I tried using different schemes for the userPassword:
[root@db workarea]# slappasswd -h {SHA} New password: Re-enter new password: {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ=
and
[root@db workarea]# slappasswd -h {MD5} New password: Re-enter new password: {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
I ran ldapmodify for user for each password. I ran ldapsearch as the user:
ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
Each time I enter password, login fails with "Invalid Credentials (49)".
Is there some configuration change I need to make to openldap itself?
Help!
-ron
--On July 16, 2007 11:25:52 AM -0700 Ron Parker sysop@scbbs.com wrote:
Ron Parker sysop@scbbs.com writes:
I ran ldapmodify for user for each password. I ran ldapsearch as the user:
ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
Each time I enter password, login fails with "Invalid Credentials (49)".
Is there some configuration change I need to make to openldap itself?
Do you allow anonymous auth access to userPassword?
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
Ron Parker sysop@scbbs.com writes:
I ran ldapmodify for user for each password. I ran ldapsearch as the
user:
ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
Each time I enter password, login fails with "Invalid Credentials (49)".
Do you allow anonymous auth access to userPassword?
How do I do that? Thanks so much!
--On July 16, 2007 2:24:26 PM -0700 Ron Parker sysop@scbbs.com wrote:
Quanah Gibson-Mount wrote:
Ron Parker sysop@scbbs.com writes:
I ran ldapmodify for user for each password. I ran ldapsearch as the
user:
ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
Each time I enter password, login fails with "Invalid Credentials (49)".
Do you allow anonymous auth access to userPassword?
How do I do that? Thanks so much!
In your slapd.conf file, something like:
access to userPassword by anonymous auth by * none
You may need more by <xxx> lines of course, for replication and such.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
This did the trick! Thank you, thank you, thank you!
-ron
Quanah Gibson-Mount wrote:
--On July 16, 2007 2:24:26 PM -0700 Ron Parker sysop@scbbs.com wrote:
Quanah Gibson-Mount wrote:
Ron Parker sysop@scbbs.com writes:
I ran ldapmodify for user for each password. I ran ldapsearch as the
user:
ldapsearch -v -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -W -x -b 'ou=Zimbra,dc=example,dc=com'
Each time I enter password, login fails with "Invalid Credentials (49)".
Do you allow anonymous auth access to userPassword?
How do I do that? Thanks so much!
In your slapd.conf file, something like:
access to userPassword by anonymous auth by * none
You may need more by <xxx> lines of course, for replication and such.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
__________ NOD32 2400 (20070716) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
openldap-software@openldap.org
-
Quanah Gibson-Mount -
Ron Parker