Hello list,
Here is a very typical problem. I have already done some googling but I am more confused now. I like to query a user information with his own id and password.
When I do this as cn=Manager the there is no problem
```````````````````````````````````````` ldapsearch -h 127.0.0.1 -b "ou=people,dc=example,dc=com" -x "(&(objectclass=inetOrgPerson)(cn=test2))" uid -D "cn=Manager,dc=example,dc=com" -W Enter LDAP Password:
# extended LDIF # # LDAPv3 # base <ou=people,dc=example,dc=com> with scope subtree # filter: (&(objectclass=inetOrgPerson)(cn=test2)) # requesting: uid #
# test2, people, example.com dn: cn=test2,ou=people,dc=example,dc=com uid: rbilly
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1 ```````````````````````````````````````````````````````````````````
Now if I search with the user credential the problem starts
`````````````````````````````````````````````````````` ldapsearch -h 127.0.0.1 -b "ou=people,dc=example,dc=com" -x "(&(objectclass=inetOrgPerson)(cn=test2))" uid -D "uid=rbilly,ou=people,dc=example,dc=com" -W Enter LDAP Password:
ldap_bind: Invalid credentials (49)
````````````````````````````````````````````````
I have typed the correct password and repeated the above command a no. of times. But the same error.
why Invalid credentials ? Any clue please ? Thanks
J. Bakshi wrote:
Hello list,
Here is a very typical problem. I have already done some googling but I am more confused now. I like to query a user information with his own id and password.
When I do this as cn=Manager the there is no problem
ldapsearch -h 127.0.0.1 -b "ou=people,dc=example,dc=com" -x "(&(objectclass=inetOrgPerson)(cn=test2))" uid -D "cn=Manager,dc=example,dc=com" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=people,dc=example,dc=com> with scope subtree # filter: (&(objectclass=inetOrgPerson)(cn=test2)) # requesting: uid # # test2, people, example.com dn: cn=test2,ou=people,dc=example,dc=com uid: rbilly # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1Now if I search with the user credential the problem starts
ldapsearch -h 127.0.0.1 -b "ou=people,dc=example,dc=com" -x "(&(objectclass=inetOrgPerson)(cn=test2))" uid -D "uid=rbilly,ou=people,dc=example,dc=com" -W Enter LDAP Password: ldap_bind: Invalid credentials (49) ```````````````````````````````````````````````` I have typed the correct password and repeated the above command a no. of times. But the same error. why Invalid credentials ?
Why is the base DN ("uid=rbilly,ou=people,dc=example,dc=com") in your second requestdifferent from the first request ( "cn=test2,ou=people,dc=example,dc=com") ?
Emmanuel Lecharny wrote:
J. Bakshi wrote:
Hello list,
Here is a very typical problem. I have already done some googling but I am more confused now. I like to query a user information with his own id and password.
When I do this as cn=Manager the there is no problem
ldapsearch -h 127.0.0.1 -b "ou=people,dc=example,dc=com" -x "(&(objectclass=inetOrgPerson)(cn=test2))" uid -D "cn=Manager,dc=example,dc=com" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=people,dc=example,dc=com> with scope subtree # filter: (&(objectclass=inetOrgPerson)(cn=test2)) # requesting: uid # # test2, people, example.com dn: cn=test2,ou=people,dc=example,dc=com uid: rbilly # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1Now if I search with the user credential the problem starts
ldapsearch -h 127.0.0.1 -b "ou=people,dc=example,dc=com" -x "(&(objectclass=inetOrgPerson)(cn=test2))" uid -D "uid=rbilly,ou=people,dc=example,dc=com" -W Enter LDAP Password: ldap_bind: Invalid credentials (49) ```````````````````````````````````````````````` I have typed the correct password and repeated the above command a no. of times. But the same error. why Invalid credentials ?Why is the base DN ("uid=rbilly,ou=people,dc=example,dc=com") in your second requestdifferent from the first request ( "cn=test2,ou=people,dc=example,dc=com") ?
Hello Emmanuel,
Thanks for the great oneliner tip !!
The API which is doing the search is making the DN as ("uid=rbilly,ou=people,dc=example,dc=com") and to debug it I also executed the command manually based on the same DN. But your kind suggestion has clarified everything. I have created some users and this time I have inserted so that the DN starts with uid and I got success.
millions of thanks.
``````````````````````````````````````````````````
On Tuesday 16 June 2009 09:30:01 J. Bakshi wrote:
Emmanuel Lecharny wrote:
Thanks for the great oneliner tip !!
The API which is doing the search is making the DN as ("uid=rbilly,ou=people,dc=example,dc=com") and to debug it I also executed the command manually based on the same DN. But your kind suggestion has clarified everything. I have created some users and this time I have inserted so that the DN starts with uid and I got success.
Note that most likely your application is broken, assuming that the DN can be constructed from a suffix and a username is not a good idea. The application should search for an entry that has a matching value for the "username" attribute is using, and bind as the resulting DN. This would allow the RDN to differ from the username attribute.
Regards, Buchan
openldap-technical@openldap.org
-
Buchan Milne -
Emmanuel Lecharny -
J. Bakshi