I am setting up a simple LDAP server. I have a few entries that I am playing with for user authentication. I have phpldapadmin set up and I can verify that the passwords are correct.
However, when I test authentication usign ldapwhoami or ldapsearch (anonymous) it always fails with invalid credentials or no records found.
Can anyone provide any clues on what might be going on?
yan@NewMoon:/etc$ ldapwhoami -x -W -D uid=yan,ou=People,dc=seiner,dc=lan -H ldap://eluonhea1.seiner.lan/ -d 255 ldap_url_parse_ext(ldap://eluonhea1.seiner.lan/) ldap_create ldap_url_parse_ext(ldap://eluonhea1.seiner.lan:389/??base) Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP eluonhea1.seiner.lan:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 192.168.128.21:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x7f567246c800 ptr=0x7f567246c800 end=0x7f567246c83c len=60 0000: 30 3a 02 01 01 60 35 02 01 03 04 22 75 69 64 3d 0:...`5...."uid= 0010: 79 61 6e 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 yan,ou=People,dc 0020: 3d 73 65 69 6e 65 72 2c 64 63 3d 6c 61 6e 80 0c =seiner,dc=lan.. 0030: xx (password deleted) ber_scanf fmt ({i) ber: ber_dump: buf=0x7f567246c800 ptr=0x7f567246c805 end=0x7f567246c83c len=55 0000: 60 35 02 01 03 04 22 75 69 64 3d 79 61 6e 2c 6f `5...."uid=yan,o 0010: 75 3d 50 65 6f 70 6c 65 2c 64 63 3d 73 65 69 6e u=People,dc=sein xx (password deleted) ber_flush2: 60 bytes to sd 3 0000: 30 3a 02 01 01 60 35 02 01 03 04 22 75 69 64 3d 0:...`5...."uid= 0010: 79 61 6e 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 yan,ou=People,dc 0020: 3d 73 65 69 6e 65 72 2c 64 63 3d 6c 61 6e 80 0c =seiner,dc=lan.. xx (password deleted) ldap_write: want=60, written=60 0000: 30 3a 02 01 01 60 35 02 01 03 04 22 75 69 64 3d 0:...`5...."uid= 0010: 79 61 6e 2c 6f 75 3d 50 65 6f 70 6c 65 2c 64 63 yan,ou=People,dc 0020: 3d 73 65 69 6e 65 72 2c 64 63 3d 6c 61 6e 80 0c =seiner,dc=lan.. xx (password deleted) ldap_result ld 0x7f5672464250 msgid 1 wait4msg ld 0x7f5672464250 msgid 1 (infinite timeout) wait4msg continue ld 0x7f5672464250 msgid 1 all 1 ** ld 0x7f5672464250 Connections: * host: eluonhea1.seiner.lan port: 389 (default) refcnt: 2 status: Connected last used: Thu Oct 31 09:42:03 2013
** ld 0x7f5672464250 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x7f5672464250 request count 1 (abandoned 0) ** ld 0x7f5672464250 Response Queue: Empty ld 0x7f5672464250 response count 0 ldap_chkResponseList ld 0x7f5672464250 msgid 1 all 1 ldap_chkResponseList returns ld 0x7f5672464250 NULL ldap_int_select read1msg: ld 0x7f5672464250 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 61 07 0a 0....a.. ldap_read: want=6, got=6 0000: 01 31 04 00 04 00 .1.... ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x7f567246daa0 ptr=0x7f567246daa0 end=0x7f567246daac len=12 0000: 02 01 01 61 07 0a 01 31 04 00 04 00 ...a...1.... read1msg: ld 0x7f5672464250 msgid 1 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x7f567246daa0 ptr=0x7f567246daa3 end=0x7f567246daac len=9 0000: 61 07 0a 01 31 04 00 04 00 a...1.... read1msg: ld 0x7f5672464250 0 new referrals read1msg: mark request completed, ld 0x7f5672464250 msgid 1 request done: ld 0x7f5672464250 msgid 1 res_errno: 49, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x7f567246daa0 ptr=0x7f567246daa3 end=0x7f567246daac len=9 0000: 61 07 0a 01 31 04 00 04 00 a...1.... ber_scanf fmt (}) ber: ber_dump: buf=0x7f567246daa0 ptr=0x7f567246daac end=0x7f567246daac len=0
ldap_msgfree ldap_err2string ldap_bind: Invalid credentials (49) ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 3 0000: 30 05 02 01 02 42 00 0....B. ldap_write: want=7, written=7 0000: 30 05 02 01 02 42 00 0....B. ldap_free_connection: actually freed
=========================
slapd.conf
root@EluOnHea1:/etc/openldap# cat slapd.conf | grep -v ^# | grep -v ^$ include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema pidfile /var/run/slapd.pid argsfile /var/run/slapd.args moduleload back_bdb.la access to * by self write by users read by anonymous auth database ldif suffix "dc=seiner,dc=lan" rootdn "cn=admin,dc=seiner,dc=lan" rootpw xxx directory /usr/lib/openldap-data