Hi,
I can not figure out why my AIX box does not want to authenticate with my ldap server. I think I have a problem with the ldap setup so I can only bind to ldap with anonymous bind or with olcRoot.
Checking password for cn=admin,dc=axi,dc=intra (my LDAP manager account): root@ldap1:/etc # ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=admin,dc=axi,dc=intra SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <cn=admin,dc=axi,dc=intra> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# admin, axi.intra dn: cn=admin,dc=axi,dc=intra cn: admin objectClass: simpleSecurityObject objectClass: organizationalRole description: LDAP administrator userPassword:: e1NTSEF9UkJXSitCZy92V2ZLNlJ5Rzdwa1pvOStpQUh5aSt4NG0=
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Changing password: root@ldap1:/etc # ldappasswd -Y EXTERNAL -H ldapi:/// -s secret cn=admin,dc=axi,dc=intra SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
Checking that the password is changed: root@ldap1:/etc # ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=admin,dc=axi,dc=intra SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <cn=admin,dc=axi,dc=intra> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# admin, axi.intra dn: cn=admin,dc=axi,dc=intra cn: admin objectClass: simpleSecurityObject objectClass: organizationalRole description: LDAP administrator userPassword:: e1NTSEF9TnBIK0hBN2JpWEczb0FSU1YwQm5HWmZSVll3S0NaTms=
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Using the password: root@ldap1:/etc # ldapsearch -D "cn=admin,dc=axi,dc=intra" -w secret ldap_bind: Invalid credentials (49)
So I change the password but I can not use it ?
Stef
______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________