On 03/29/14 09:41 -0500, Peng Yu wrote:
On Sat, Mar 29, 2014 at 8:32 AM, Dan White dwhite@olp.net wrote:
On 03/28/14 22:21 -0500, Peng Yu wrote:
I get the following error.
pengy@openldapserver:~$ ldapadd -x -D cn=admin,cn=config -W -f ~/sudoWork/cn=sudo.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)
This means that either 'cn=admin,cn=config' does not match your oldRootDN, or (/and) the password you are providing does not match your oldRootPW. You may get an idea of which is the case by viewing your config with:
slapcat -n0
I assume that this should be run on the server not the client. Here is what I get. But I have no idea what to look at. Would you please help me understand how it can be used for debugging my case.
Read the fine manual:
See the slapd-config(5) manpage, and http://www.openldap.org/doc/admin24/slapdconf2.html
pengy@openldapserver:~$ sudo slapcat -n0
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break structuralObjectClass: olcDatabaseConfig entryUUID: a3343a42-465f-1033-9540-f5ee9a20f09d creatorsName: cn=config createTimestamp: 20140322224706Z entryCSN: 20140322224706.118986Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20140322224706Z
You have no olcRootDN listed for your configuration database, which, as I understand it, means you have no capability to modify your config using ldapadd. For a solution, see:
http://www.openldap.org/lists/openldap-technical/201211/msg00195.html
You'll need to add olcRootDN and olcRootPW to the above entry, such as the ones you have listed below for your dc=yulab,dc=tamu suffix, assuming that you know what your original password is:
dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=yulab,dc=tamu olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou s auth by dn="cn=admin,dc=yulab,dc=tamu" write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by self write by dn="cn=admin,dc=yulab,dc=tamu" write by * read olcLastMod: TRUE olcRootDN: cn=admin,dc=yulab,dc=tamu olcRootPW:: e1NTSEF9QWk1Z280ZEo1Zy9UYTJEVEpBdWNLRkxoekh1c1kyN1A=