Dear all, Below is the "partial" content of my openldap db. when I do: ldapsearch -D "cn=fratbrother,ou=People,dc=ibm,dc=com" -w password -x everything is fine. However, when I do ldapsearch -D "uid=sriram,ou=People,dc=ibm,dc=com" -w password -x I get the ldap_bind: Invalid credentials (49) error. is this related to the "account" object class? it seems that none of the openLdap tools such as ldapsearch,ldappasswd works for "account" object class.. is the syntax different for this type of class? p.s. in my slapd.config for ACL I have access to * by * read
# sriram, People, ibm.com dn: uid=sriram,ou=People,dc=ibm,dc=com uid: sriram cn: Sriram Krishnan objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e2NyeXB0fSQxJC82bGVIazhGJEY3bHpuS1d2bi5UWmQuZ2o1TUhqLy4= shadowLastChange: 13923 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 503 gidNumber: 503 homeDirectory: /export/home/sriram gecos: Sriram Krishnan,SDSC,8585555555,8586666666
# fratbrother, People, ibm.com dn: cn=fratbrother,ou=People,dc=ibm,dc=com cn: fratbrother sn: fratbrother objectClass: top objectClass: person userPassword:: e1NTSEF9aXVxUkw1MlAvaS9XUkRkNHhuN0lEbUl3VnhhekRzV2s=
____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Hamidreza Hamedtoolloei hamedtoolloei@yahoo.com writes:
Dear all, Below is the "partial" content of my openldap db. when I do: ldapsearch -D "cn=fratbrother,ou=People,dc=ibm,dc=com" -w password -x everything is fine. However, when I do ldapsearch -D "uid=sriram,ou=People,dc=ibm,dc=com" -w password -x I get the ldap_bind: Invalid credentials (49) error. is this related to the "account" object class? it seems that none of the openLdap tools such as ldapsearch,ldappasswd works for "account" object class.. is the syntax different for this type of class? p.s. in my slapd.config for ACL I have access to * by * read
Your problem seem to be different password hashing methods
# sriram, People, ibm.com dn: uid=sriram,ou=People,dc=ibm,dc=com
userPassword:: e2NyeXB0fSQxJC82bGVIazhGJEY3bHpuS1d2bi5UWmQuZ2o1TUhqLy4=
this is a crypt hashed passwword
dn: cn=fratbrother,ou=People,dc=ibm,dc=com
userPassword:: e1NTSEF9aXVxUkw1MlAvaS9XUkRkNHhuN0lEbUl3VnhhekRzV2s=
this is a ssha hashed password.
-Dieter
On Wednesday 20 February 2008 05:02:04 Hamidreza Hamedtoolloei wrote:
Dear all, Below is the "partial" content of my openldap db. when I do: ldapsearch -D "cn=fratbrother,ou=People,dc=ibm,dc=com" -w password -x everything is fine. However, when I do ldapsearch -D "uid=sriram,ou=People,dc=ibm,dc=com" -w password -x I get the ldap_bind: Invalid credentials (49) error.
Which password are you providing? And, what are you trying to do here? Are you just trying to search for different users, or are you trying to test whether authenticating as these users works?
By your subject line, it may be that you are confused about the operation of ldapsearch.
For example, does this work for you:
$ ldapsearch -D "cn=fratbrother,ou=People,dc=ibm,dc=com" -w password -x -b ou=People,dc=ibm,dc=com "(uid=sriram)"
?
openldap-technical@openldap.org
-
Buchan Milne -
Dieter Kluenter -
Hamidreza Hamedtoolloei