Hi,
I'm getting an error using the -y switch for the ldapsearch, ldapadd, and ldapmodify programs when specifying the password. I do, however, get positive results when using the -w switch.
Using ldapsearch, the exact command and error are:
$ ldapsearch -H ldap://10.0.0.2 -x -D 'cn=manager,dc=company,dc=com' -y passwdfile -b 'ou=people,dc=company,dc=com' '(uid=mark.par)' ldap_bind: Invalid credentials (49) $
$ ldapsearch -H ldap://10.0.0.2 -x -D 'cn=manager,dc=company,dc=com' -w PassWord -b 'ou=people,dc=company,dc=com' '(uid=mark.par)' # extended LDIF # # LDAPv3 # base <ou=people,dc=company,dc=com> with scope subtree # filter: (uid=mark.par) # requesting: ALL #
# mark.par, people, company.com dn: uid=mark.par,ou=people,dc=company,dc=com objectClass: top objectClass: account objectClass: posixAccount homeDirectory: /home/mark.par cn: mark par uid: mark.par loginShell: /bin/ksh userPassword:: aWFrem9rLkdyeW61 uidNumber: 1177 gidNumber: 1177
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1 $
I am using NetBSD 3.1.0_PATCH and OpenLDAP 2.3.32 compiled from the packages collection (pkgsrc). Could anyone provide some hints?
Thanks, Mark
On 5/11/07, Mark Par mrbpar@gmail.com wrote:
Hi,
I'm getting an error using the -y switch for the ldapsearch, ldapadd, and ldapmodify programs when specifying the password. I do, however, get positive results when using the -w switch.
Using ldapsearch, the exact command and error are:
$ ldapsearch -H ldap://10.0.0.2 -x -D 'cn=manager,dc=company,dc=com' -y passwdfile -b 'ou=people,dc=company,dc=com' '(uid=mark.par)' ldap_bind: Invalid credentials (49) $
$ ldapsearch -H ldap://10.0.0.2 -x -D 'cn=manager,dc=company,dc=com' -w PassWord -b 'ou=people,dc=company,dc=com' '(uid=mark.par)' # extended LDIF # # LDAPv3 # base <ou=people,dc=company,dc=com> with scope subtree # filter: (uid=mark.par) # requesting: ALL #
# mark.par, people, company.com dn: uid=mark.par,ou=people,dc=company,dc=com objectClass: top objectClass: account objectClass: posixAccount homeDirectory: /home/mark.par cn: mark par uid: mark.par loginShell: /bin/ksh userPassword:: aWFrem9rLkdyeW61 uidNumber: 1177 gidNumber: 1177
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1 $
I am using NetBSD 3.1.0_PATCH and OpenLDAP 2.3.32 compiled from the packages collection (pkgsrc). Could anyone provide some hints?
Here's what I had to do on solaris for -y to work: printf "PassWord" >> passwdfile
If you truss (ktruss on netbsd) you will see that ldapsearch doesn't chomp the \n from the passwdfile and the newline (Will show up as a $ at the end if you cat -vet passwdfile) is added to the password for the bind, thus the failure.
When you cat -vet your file, it should have no control characters at all.
Also make sure the permissions are correct.
_Matt
On 5/11/07, matthew sporleder msporleder@gmail.com wrote:
On 5/11/07, Mark Par mrbpar@gmail.com wrote:
I'm getting an error using the -y switch for the ldapsearch, ldapadd, and ldapmodify programs when specifying the password. I do, however, get positive results when using the -w switch.
[...]
I am using NetBSD 3.1.0_PATCH and OpenLDAP 2.3.32 compiled from the packages collection (pkgsrc). Could anyone provide some hints?
Here's what I had to do on solaris for -y to work: printf "PassWord" >> passwdfile
If you truss (ktruss on netbsd) you will see that ldapsearch doesn't chomp the \n from the passwdfile and the newline (Will show up as a $ at the end if you cat -vet passwdfile) is added to the password for the bind, thus the failure.
When you cat -vet your file, it should have no control characters at all.
Also make sure the permissions are correct.
The printf command solved my problem. Thank you for the wonderful tip. I'll keep that in mind.
Mark
openldap-software@openldap.org
-
Mark Par -
matthew sporleder