System: Ubuntu 10.10 server 64bit @(#) $OpenLDAP: slapd 2.4.23 (Nov 19 2010 17:41:28) $ buildd@allspice:/build/buildd/openldap-2.4.23/debian/build/servers/slapd
Problem: I am following the guide here: http://blog.suretecsystems.com/archives/163-OpenLDAP-Quick-Tips-Change-logle...
Entering: ldapmodify -x -D 'cn=config' -W -f log.ldif
Gives me: Enter LDAP Password: ldap_bind: Invalid credentials (49)
I enter the password (that is also stored in ldap.secret), but the error persists.
I've got to be missing something obvious, but it's not clear what that is...
John
Seems that this might be the solution... http://stackoverflow.com/questions/3057257/ubuntu-10-04-lucid-openldap-inval...
System: Ubuntu 10.10 server 64bit @(#) $OpenLDAP: slapd 2.4.23 (Nov 19 2010 17:41:28) $ buildd@allspice:/build/buildd/openldap-2.4.23/debian/build/servers/slapd
Problem: I am following the guide here: http://blog.suretecsystems.com/archives/163-OpenLDAP-Quick-Tips-Change-logle...
Entering: ldapmodify -x -D 'cn=config' -W -f log.ldif
Gives me: Enter LDAP Password: ldap_bind: Invalid credentials (49)
I enter the password (that is also stored in ldap.secret), but the error persists.
I've got to be missing something obvious, but it's not clear what that is...
John
Seems that this might be the solution... http://stackoverflow.com/questions/3057257/ubuntu-10-04-lucid-openldap-inval...
Actually, it seems that that wasn't the solution...
So when I run:
ldapsearch -x -H ldap://127.0.0.1 -b 'cn=config' -D 'cn=config' -s base -LLL -W olcLoglevel
I get: Enter LDAP Password: ldap_bind: Invalid credentials (49)
Funny thing is, I never had any problems configuring ldap until I switched to Ubuntu.
On 02/03/2011 12:39 AM, John Espiro wrote:
Seems that this might be the solution... http://stackoverflow.com/questions/3057257/ubuntu-10-04-lucid-openldap-inval...
Actually, it seems that that wasn't the solution...
So when I run:
ldapsearch -x -H ldap://127.0.0.1 -b 'cn=config' -D 'cn=config' -sbase -LLL -W olcLoglevel
I get: Enter LDAP Password: ldap_bind: Invalid credentials (49)
Funny thing is, I never had any problems configuring ldap until I switched to Ubuntu.
Hi, John!
I described a similar issue a few days ago[1] (reported for Debian). I found the only solution was manually editing the olcDatabase={0}config.ldif file (adding an olcRootPW line).
I've posted a message on the debian-user mailing list[2] but found not solution until now.
Răzvan
[1] http://www.openldap.org/lists/openldap-technical/201101/msg00307.html [2] http://lists.debian.org/debian-user/2011/02/msg00115.html
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/03/2011 08:35 AM, Razvan Deaconescu wrote:
On 02/03/2011 12:39 AM, John Espiro wrote:
Seems that this might be the solution... http://stackoverflow.com/questions/3057257/ubuntu-10-04-lucid-openldap-inval...
Actually, it seems that that wasn't the solution...
So when I run:
ldapsearch -x -H ldap://127.0.0.1 -b 'cn=config' -D 'cn=config' -sbase -LLL -W olcLoglevel
I get: Enter LDAP Password: ldap_bind: Invalid credentials (49)
Funny thing is, I never had any problems configuring ldap until I switched to Ubuntu.
Hi, John!
I described a similar issue a few days ago[1] (reported for Debian). I found the only solution was manually editing the olcDatabase={0}config.ldif file (adding an olcRootPW line).
I've posted a message on the debian-user mailing list[2] but found not solution until now.
Răzvan
[1] http://www.openldap.org/lists/openldap-technical/201101/msg00307.html [2] http://lists.debian.org/debian-user/2011/02/msg00115.html
If you are running Ubuntu or Debian, they both AFAIK set up the server so that the root user has (if connecting properly) manage privileges. So there is no need to edit the ldif by hand.
To check, try connecting as root to the UNIX socket OpenLDAP should be listening on:
ldapwhoami -H ldapi:// -Y EXTERNAL
should return: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
This identity should be allowed to do pretty much as it pleases at least within the cn=config db.
Ondra
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
On Wednesday, 2 February 2011 23:49:55 John Espiro wrote:
[...]
I've got to be missing something obvious, but it's not clear what that is...
You didn't read my reply to your previous thread, which was sent 20 minutes before your mail above, all the info you needed was there.
Regards, Buchan
On Wed, Feb 02, 2011 at 10:49:55PM +0100, John Espiro wrote:
Ubuntu 10.10 server 64bit
...
Entering: ldapmodify -x -D 'cn=config' -W -f log.ldif
Gives me: Enter LDAP Password: ldap_bind: Invalid credentials (49)
Run ldapmodify on the same box as the server, as root. Point to the ldapi:/// URL, and use the EXTERNAL SASL mechanism. Drop the other authentication args (-x, -D, -W)
$ sudo bash # ldapmodify -Y EXTERNAL -H ldapi:/// ...rest of args...
Regards,
Brian.
openldap-technical@openldap.org
-
Brian Candler -
Buchan Milne -
John Espiro -
Ondrej Kuznik -
Razvan Deaconescu