-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/03/2011 08:35 AM, Razvan Deaconescu wrote:
On 02/03/2011 12:39 AM, John Espiro wrote:
Seems that this might be the solution... http://stackoverflow.com/questions/3057257/ubuntu-10-04-lucid-openldap-inval...
Actually, it seems that that wasn't the solution...
So when I run:
ldapsearch -x -H ldap://127.0.0.1 -b 'cn=config' -D 'cn=config' -s
base -LLL -W olcLoglevel
I get: Enter LDAP Password: ldap_bind: Invalid credentials (49)
Funny thing is, I never had any problems configuring ldap until I switched to Ubuntu.
Hi, John!
I described a similar issue a few days ago[1] (reported for Debian). I found the only solution was manually editing the olcDatabase={0}config.ldif file (adding an olcRootPW line).
I've posted a message on the debian-user mailing list[2] but found not solution until now.
Răzvan
[1] http://www.openldap.org/lists/openldap-technical/201101/msg00307.html [2] http://lists.debian.org/debian-user/2011/02/msg00115.html
If you are running Ubuntu or Debian, they both AFAIK set up the server so that the root user has (if connecting properly) manage privileges. So there is no need to edit the ldif by hand.
To check, try connecting as root to the UNIX socket OpenLDAP should be listening on:
ldapwhoami -H ldapi:// -Y EXTERNAL
should return: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
This identity should be allowed to do pretty much as it pleases at least within the cn=config db.
Ondra
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.