unable to bind using encrypted password (ITS#324)

[heath@space.ne.mediaone.net]

Full_Name: Heath Hendrickson
Version: 0.9.4
OS: Linux Redhat 5.2
URL: 
Submission from: (NULL) (129.83.19.1)


I noticed another user with an open ticket and the same problem.  I've managed
to repeat the problem on my setup.

After creating a valid user in the directory, setting the password using
ldappasswd
(binding as the rootDN), I can't bind as that user using ldapsearch.  The
password
for the rootDN is {crypt} in slapd.conf, and that doesn't seem to have
problems.

I originally had {crypt} for the userPassword, and have since changed it to
{sha},
but neither of them is working.  Here's the output from the ldapsearch:

[root@space ldap]# ldapsearch -D
"uid=heath,ou=People,dc=space,dc=ne,dc=mediaone,dc=net" -w XXXXXXX -b
"dc=space,dc=ne,dc=mediaone,dc=net" "uid=heath"
ldap_bind: Invalid credentials

doing the same as the rootDN yields:

[root@space ldap]# ldapsearch -D "cn=dirman,dc=space,dc=ne,dc=mediaone,dc=net"
-w XXXXXXX -b "dc=space,dc=ne,dc=mediaone,dc=net" "uid=heath"
uid=heath,ou=People,dc=space,dc=ne,dc=mediaone,dc=net
uid=heath
cn=Heath S Hendrickson
givenname=Heath S
sn=Hendrickson
mail=heath@space.ne.mediaone.net
objectclass=person
objectclass=organizationalPerson
objectclass=inetOrgPerson
objectclass=account
objectclass=posixAccount
objectclass=top
objectclass=kerberosSecurityObject
objectclass=shadowAccount
shadowlastchange=10596
shadowmax=99999
shadowwarning=7
krbname=heath@SPACE.NE.MEDIAONE.NET
loginshell=/bin/bash
uidnumber=500
gidnumber=500
homedirectory=/home/heath
gecos=Heath S Hendrickson
modifytimestamp=19991014113650Z
modifiersname=cn=dirman,dc=space,dc=ne,dc=mediaone,dc=net
userpassword={sha}XXXXXXXXXXXXXXX

The rootDN is defined in slapd.conf as:

rootdn		"cn=dirman,dc=space,dc=ne,dc=mediaone,dc=net"
rootpw		{crypt}XXXXXXXXXXX