New subject: password problems: SOLVED

16 Nov 2010


      Hi,
I can not figure out why my AIX box does not want to authenticate with my ldap 
server.  I think I have a problem with the ldap setup so I can only bind to 
ldap with anonymous bind or with olcRoot.
Checking password for cn=admin,dc=axi,dc=intra (my LDAP manager account):
root@ldap1:/etc # ldapsearch -Y EXTERNAL -H ldapi:/// -b 
cn=admin,dc=axi,dc=intra
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=admin,dc=axi,dc=intra> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# admin, axi.intra
dn: cn=admin,dc=axi,dc=intra
cn: admin
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: LDAP administrator
userPassword:: e1NTSEF9UkJXSitCZy92V2ZLNlJ5Rzdwa1pvOStpQUh5aSt4NG0=
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Changing password:
root@ldap1:/etc # ldappasswd -Y EXTERNAL -H ldapi:/// -s secret 
cn=admin,dc=axi,dc=intra
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
Checking that the password is changed:
root@ldap1:/etc # ldapsearch -Y EXTERNAL -H ldapi:/// -b 
cn=admin,dc=axi,dc=intra
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=admin,dc=axi,dc=intra> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# admin, axi.intra
dn: cn=admin,dc=axi,dc=intra
cn: admin
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: LDAP administrator
userPassword:: e1NTSEF9TnBIK0hBN2JpWEczb0FSU1YwQm5HWmZSVll3S0NaTms=
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Using the password:
root@ldap1:/etc # ldapsearch -D "cn=admin,dc=axi,dc=intra" -w secret
ldap_bind: Invalid credentials (49)
So I change the password but I can not use it ?
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________