Thanks for your response. I am using LDAP as a centrtal authentication unit, and migrated all the linux accounts to ldap via some migration tools. currently authentication for linux users work fine i.e. "su sriram then inputing the password" doesnt complain, but when I want to bind to ldap using a user DN (ex ldapsearch "uid=sriram,ou=People,dc=ibm,dc=com" -W -x) I get the Invalid
credentials
(49)
error. I added password-hash {CRYPR} to my slapd.config file, however, it prevented the server from running.
the other entry, "cn=fratbrother,ou=People,dc=ibm,dc=com", I added manually. Although the hashing method is SSHA, when I add password-hash {MD5} to my slapd.config, I still can successfully bind. I dont know why this is happening... since the password-hash method has changed, I expect to get the Invalid credentials error... any ideas?
----- Original Message ----
From: Dieter Kluenter <dieter@dkluenter.de>
To: openldap-technical@openldap.org
Sent: Tuesday, February 19, 2008 11:33:05 PM
Subject: Re: ldapsearch for accont object class
Hamidreza
Hamedtoolloei
<
hamedtoolloei@yahoo.com>
writes:
>
Dear
all,
>
Below
is
the
"partial"
content
of
my
openldap
db.
>
when
I
do:
>
ldapsearch
-D
"cn=fratbrother,ou=People,dc=ibm,dc=com"
-w
password
-x
>
everything
is
fine.
However,
when
I
do
>
ldapsearch
-D
"uid=sriram,ou=People,dc=ibm,dc=com"
-w
password
-x
>
I
get
the
ldap_bind:
Invalid
credentials
(49)
error.
>
is
this
related
to
the
"account"
object
class?
>
it
seems
that
none
of
the
openLdap
tools
such
as
ldapsearch,ldappasswd
works
>
for
"account"
object
class..
is
the
syntax
different
for
this
type
of
class?
>
p.s.
in
my
slapd.config
for
ACL
I
have
>
access
to
*
>
by
*
read
Your
problem
seem
to
be
different
password
hashing
methods
>
#
sriram,
People,
ibm.com>
dn:
uid=sriram,ou=People,dc=ibm,dc=com
>
userPassword::
e2NyeXB0fSQxJC82bGVIazhGJEY3bHpuS1d2bi5UWmQuZ2o1TUhqLy4=
this
is
a
crypt
hashed
passwword
>
dn:
cn=fratbrother,ou=People,dc=ibm,dc=com
>
userPassword::
e1NTSEF9aXVxUkw1MlAvaS9XUkRkNHhuN0lEbUl3VnhhekRzV2s=
this
is
a
ssha
hashed
password.
-Dieter
--
Dieter
Klünter
|
Systemberatung
http://www.dkluenter.deGPG
Key
ID:8EF7B6C6