Hello list,
I've been halfway successful so far in setting up an ldap server, but have run into issues when setting passwords using ldappasswd. The server is RHEL 4, running openldap-2.2.13-7.4E (server and clients) provided by RedHat.
I've successfully gotten the server listening, and have added entries to the database, and can even access it from my outlook installation (browsing of course).
When I run the following command on my ldap server, I get the following output:
[root@TESTBED002 sbin]# ldappasswd -WS -D 'cn=root,ou=users,dc=remitpro,dc=local' jdoe -d 300 New password: Re-enter new password: Enter LDAP Password: request 1 done SASL/DIGEST-MD5 authentication started request 2 done Please enter your password: request 3 done ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-13): user not found: no secret in database
The first two prompts seem pretty straightforward, in that it seems to be asking for the user's new password. The second and third have me stumped. Is the second password (LDAP Password) the bind password for the root user? If so, by entering that, the result is being sent straight to the final error message. If I hit enter (blank) at that prompt, I'm sent to the 'MD5' prompt, and which point anything I enter gets me the final error message.
I know this is probably something obvious I'm missing, and I'm sure it's a nube issue, but a day of banging my head against the wall (and searching google, and the list archives) hasn't given me an answer I can use, or make sense of.
Thanks in advance...
Danno
P.S. - here's what I think is the relevant part of my conf file, and a listing from slapcat.
database bdb suffix "dc=remitpro,dc=local" rootdn "cn=root,dc=remitpro,dc=local" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret #rootpw {MD5}OT6nyd+82+aATLn5z2BfwQ==
dn: dc=remitpro,dc=local objectClass: dcObject objectClass: organization o: Test Company dc: remitpro structuralObjectClass: organization entryUUID: a4a2b22a-070d-102c-9eb8-90018c9f14f8 creatorsName: cn=root,dc=remitpro,dc=local createTimestamp: 20071004213642Z entryCSN: 20071004213642Z#000001#00#000000 modifiersName: cn=root,dc=remitpro,dc=local modifyTimestamp: 20071004213642Z
dn: cn=root,dc=remitpro,dc=local objectClass: organizationalRole cn: root structuralObjectClass: organizationalRole entryUUID: a4ab3d28-070d-102c-9eb9-90018c9f14f8 creatorsName: cn=root,dc=remitpro,dc=local createTimestamp: 20071004213642Z entryCSN: 20071004213642Z#000002#00#000000 modifiersName: cn=root,dc=remitpro,dc=local modifyTimestamp: 20071004213642Z
dn: ou=users,dc=remitpro,dc=local objectClass: organizationalUnit ou: users structuralObjectClass: organizationalUnit entryUUID: c8b22af6-070d-102c-9eba-90018c9f14f8 creatorsName: cn=root,dc=remitpro,dc=local createTimestamp: 20071004213743Z entryCSN: 20071004213743Z#000001#00#000000 modifiersName: cn=root,dc=remitpro,dc=local modifyTimestamp: 20071004213743Z
dn: cn=jdoe,ou=users,dc=remitpro,dc=local structuralObjectClass: organizationalPerson entryUUID: b40f9524-070e-102c-9ebd-90018c9f14f8 creatorsName: cn=root,dc=remitpro,dc=local createTimestamp: 20071004214418Z objectClass: organizationalPerson cn: jdoe sn: Doe userPassword:: c2VjcmV0 entryCSN: 20071004215535Z#000001#00#000000 modifiersName: cn=root,dc=remitpro,dc=local modifyTimestamp: 20071004215535Z
dn: cn=bsmith,ou=users,dc=remitpro,dc=local structuralObjectClass: organizationalPerson entryUUID: fa14e16e-070e-102c-9ebe-90018c9f14f8 creatorsName: cn=root,dc=remitpro,dc=local createTimestamp: 20071004214615Z objectClass: person objectClass: organizationalPerson cn: bsmith cn: Bob Smith sn: Smith userPassword:: c2VjcmV0 title: Lackey telephoneNumber: 4028610005 entryCSN: 20071005144910Z#000001#00#000000 modifiersName: cn=root,dc=remitpro,dc=local modifyTimestamp: 20071005144910Z
dn: cn=jjohnson,ou=users,dc=remitpro,dc=local structuralObjectClass: inetOrgPerson entryUUID: 6173c7e6-079e-102c-9ec4-90018c9f14f8 creatorsName: cn=root,dc=remitpro,dc=local createTimestamp: 20071005145247Z objectClass: person objectClass: inetOrgPerson objectClass: posixAccount cn: jjohnson cn: Jim Johnson sn: Johnson uid: jjohnson userPassword:: c2VjcmV0 uidNumber: 513 gidNumber: 513 title: Lackey mail: ddenton@remitpro.com givenName: Jim displayName: Jim Johnson initials: JJ roomNumber: IT physicalDeliveryOfficeName: IT homeDirectory: /home/jjohnson entryCSN: 20071005151734Z#000001#00#000000 modifiersName: cn=root,dc=remitpro,dc=local modifyTimestamp: 20071005151734Z
On Friday 05 October 2007 18:21:29 Dan Denton wrote:
Hello list,
I've been halfway successful so far in setting up an ldap server, but have run into issues when setting passwords using ldappasswd. The server is RHEL 4, running openldap-2.2.13-7.4E (server and clients) provided by RedHat.
If you're just starting ... you may want to reconsider using an ancient version of openldap that is no longer supported.
There are alternatives: http://staff.telkomsa.net/packages/rhel4/openldap/
I've successfully gotten the server listening, and have added entries to the database, and can even access it from my outlook installation (browsing of course).
When I run the following command on my ldap server, I get the following output:
[root@TESTBED002 sbin]# ldappasswd -WS -D 'cn=root,ou=users,dc=remitpro,dc=local' jdoe -d 300 New password: Re-enter new password: Enter LDAP Password: request 1 done SASL/DIGEST-MD5 authentication started request 2 done Please enter your password: request 3 done ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-13): user not found: no secret in database
The first two prompts seem pretty straightforward, in that it seems to be asking for the user's new password. The second and third have me stumped. Is the second password (LDAP Password) the bind password for the root user? If so, by entering that, the result is being sent straight to the final error message. If I hit enter (blank) at that prompt, I'm sent to the 'MD5' prompt, and which point anything I enter gets me the final error message.
Assuming you haven't configured SASL, and you have rootpw set in slapd.conf, you probably: 1)Need to use the -x flag to not use SASL 2)instead of providing jdoe, you may want to provide the DN of the user. 3)Use the correct rootdn
So, you may have more success with:
# ldappasswd -x -D cn=root,dc=remitpro,dc=local -W -S cn=jdoe,ou=users,dc=remitpro,dc=local
rootdn "cn=root,dc=remitpro,dc=local" rootpw secret
dn: cn=jdoe,ou=users,dc=remitpro,dc=local
You may want to consult the man pages ...
Regards, Buchan
openldap-software@openldap.org
-
Buchan Milne -
Dan Denton