Dear Dieter , Thanks for your response. I am using LDAP as a centrtal authentication unit, and migrated all the linux accounts to ldap via some migration tools. currently authentication for linux users work fine i.e. "su sriram then inputing the password" doesnt complain, but when I want to bind to ldap using a user DN (ex ldapsearch "uid=sriram,ou=People,dc=ibm,dc=com" -W -x) I get the Invalid credentials (49) error. I added password-hash {CRYPR} to my slapd.config file, however, it prevented the server from running.
the other entry, "cn=fratbrother,ou=People,dc=ibm,dc=com", I added manually. Although the hashing method is SSHA, when I add password-hash {MD5} to my slapd.config, I still can successfully bind. I dont know why this is happening... since the password-hash method has changed, I expect to get the Invalid credentials error... any ideas?
----- Original Message ---- From: Dieter Kluenter dieter@dkluenter.de To: openldap-technical@openldap.org Sent: Tuesday, February 19, 2008 11:33:05 PM Subject: Re: ldapsearch for accont object class
Hamidreza Hamedtoolloei hamedtoolloei@yahoo.com writes:
Dear all,
Below is the "partial" content of my openldap db.
when I do:
ldapsearch -D "cn=fratbrother,ou=People,dc=ibm,dc=com" -w password -x
everything is fine. However, when I do
ldapsearch -D "uid=sriram,ou=People,dc=ibm,dc=com" -w password -x
I get the ldap_bind: Invalid credentials (49) error.
is this related to the "account" object class?
it seems that none of the openLdap tools such as ldapsearch,ldappasswd works
for "account" object class.. is the syntax different for this type of class?
p.s. in my slapd.config for ACL I have
access to *
by * read
Your problem seem to be different password hashing methods
# sriram, People, ibm.com
dn: uid=sriram,ou=People,dc=ibm,dc=com
userPassword:: e2NyeXB0fSQxJC82bGVIazhGJEY3bHpuS1d2bi5UWmQuZ2o1TUhqLy4=
this is a crypt hashed passwword
dn: cn=fratbrother,ou=People,dc=ibm,dc=com
userPassword:: e1NTSEF9aXVxUkw1MlAvaS9XUkRkNHhuN0lEbUl3VnhhekRzV2s=
this is a ssha hashed password.
-Dieter
Hamidreza Hamedtoolloei hamedtoolloei@yahoo.com writes:
Dear Dieter , Thanks for your response. I am using LDAP as a centrtal authentication unit, and migrated all the linux accounts to ldap via some migration tools. currently authentication for linux users work fine i.e. "su sriram then inputing the password" doesnt complain, but when I want to bind to ldap using a user DN (ex ldapsearch "uid=sriram,ou=People,dc=ibm,dc=com" -W -x) I get the Invalid credentials (49) error. I added password-hash {CRYPR} to my slapd.config file, however, it prevented the server from running.
the other entry, "cn=fratbrother,ou=People,dc=ibm,dc=com", I added manually. Although the hashing method is SSHA, when I add password-hash {MD5} to my slapd.config, I still can successfully bind. I dont know why this is happening... since the password-hash method has changed, I expect to get the Invalid credentials error... any ideas?
I presume that your crypt hashed passwords have ben created with a diferent libcrypt than slapd and ldaptools have been compiled with. See http://www.openldap.org/faq/data/cache/1041.html
-Dieter
openldap-technical@openldap.org