hi Dan White,
I'm sorry to reply so late.
I read your email this morning,before that I still try to check the problem out.Last night I figure out a solution by rebuild "/etc/ldap/slapd.d/cn=config" directory:
rm -r /etc/ldap/slapd.d/cn=config /etc/init.d/slapd restart
and this problem(Invalid credentials) seem to gone,but another new problem arises.when I run step 5,it's show that:
# ldapsearch -x -D "cn=Manager,dc=cg,dc=scsio,dc=ac,dc=cn" -w "secret" ldap_bind: Invalid DN syntax (34) additional info: invalid DN
I google the solution and found someone said it must be the DN string format error (contain whitespace),but I check and check again,and it's seem to be OK in format.Maybe there are still somewhere went wrong?
Thank you for your help!
On 2011?01?05? 01:20, Dan White wrote:
On 04/01/11 19:30 +0800, cn_gd@126.com wrote:
hi all,
I 'm install slapd follow bellow steps in ubuntu 10.04 lucid strictly:
- apt-get install slapd
- slapd -V
@(#) $OpenLDAP: slapd 2.4.21 (Aug 10 2010 17:08:36) $
buildd@yellow:/build/buildd/openldap-2.4.21/debian/build/servers/slapd*
- dpkg-reconfigure slapd
3.edit /etc/ldap/slapd.d/cn=config.ldif
- cat /etc/ldap/slapd.d/cn=config.ldif
dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: none olcPidFile: /var/run/slapd/slapd.pid structuralObjectClass: olcGlobal
dn: olcDatabase=bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: bdb olcSuffix: "dc=cg,dc=scsio,dc=ac,dc=cn" olcDbDirectory: /home/az/openldap-data olcRootDN: "cn=Manager,dc=cg,dc=scsio,dc=ac,dc=cn" olcRootPW: secret
- /etc/init.d/slapd restart
All step're OK,then I run bellow to test it:
- ldapsearch -x -D "cn=Manager,dc=cg,dc=scsio,dc=ac,dc=cn" -w
"secret" -H ldap://cg.scsio.ac.cn
and it show that error: *ldap_bind: Invalid credentials (49)
You could increase your log level (olcLogLevel) to get trouble shooting details.
After having gone through this process myself recently (using slapd.d), and not being happy with the Debian default config, here's the process I'm using in a test environment for boot strapping an install, that might spark some ideas with your config.
My starting configuration is: http://web.olp.net/dwhite/openldap/slapd-new.conf
aptitude install slapd slapd-smbk5pwd
/etc/init.d/slapd stop mv /etc/ldap/slapd.d /etc/ldap/slapd.d.bak mv /var/lib/ldap /var/lib/ldap.bak mkdir /etc/ldap/slapd.d /var/lib/ldap chown openldap:openldap /etc/ldap/slapd.d /var/lib/ldap cat > /etc/ldap/ldap.conf << EOF BASE dc=example,dc=org URI ldapi:/// EOF
echo "SASL_MECH EXTERNAL" > /root/.ldaprc
sudo -u openldap slapadd << EOF dn: dc=example,dc=org objectClass: top objectClass: dcObject objectClass: organization o: Example dc: example
dn: ou=People,dc=example,dc=org objectClass: top objectClass: organizationalUnit ou: People
dn: ou=Groups,dc=example,dc=org objectClass: top objectClass: organizationalUnit ou: Groups
dn: ou=Aliases,dc=example,dc=org objectClass: top objectClass: organizationalUnit ou: Aliases
EOF
sudo -u openldap slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d /etc/init.d/slapd start