[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapadd : ldap_bind - Invalid credentials (49)

To: Kevin Newman <knewman00@earthlink.net>, openldap-software@OpenLDAP.org
Subject: Re: ldapadd : ldap_bind - Invalid credentials (49)
From: Peter Marschall <peter@adpm.de>
Date: Sun, 14 Dec 2003 14:11:23 +0100
Content-disposition: inline
In-reply-to: <3FDB8284.5080708@earthlink.net>
Organization: ADPM
References: <3FDB8284.5080708@earthlink.net>
User-agent: KMail/1.5.1

Hi,

your islapd.conf says:
suffix		"dc=my-domain,dc=com"
rootdn		"cn=Manager,dc=my-domain,dc=com"
rootpw		secret

Yet you try to add something under dc=example,dc=com
with an authentication ID of cn=Manager,dc=example,dc=com
(which your slapd does not know anything about.

That is not consistent.

Peter

On Saturday 13 December 2003 22:20, Kevin Newman wrote:
> I've just installed OpenLDAP 2.1.25 on W2K \ Cygwin.  I've searched
> through the mailing lists and read the OpenLDAP 2.1 Administrator's
> Guide but I must be missing some vital information becuase I can't get
> past:
>
> $ ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif
> Enter LDAP Password:
> ldap_bind: Server is unwilling to perform (53)
>          additional info: unauthenticated bind (DN with no password)
> disallowed
>
> If I use no password
>
> or
>
> $ ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> If I use secret as the password
>
> When attempting to do a ldapadd.  I'm using the example unchanged from
> the admin guide, but am not having success in performing an ldapadd.
>
> Any suggestions?
>
> Thanks,
>
> Kevin Newman
>
> Here is my example.ldif (all white space have been trimmed)
> ==================================
> dn: dc=example,dc=com
> objectclass: dcObject
> objectclass: organization
> o: Example Company
> dc: example
>
> dn: cn=Manager,dc=example,dc=com
> objectclass: organizationalRole
> cn: Manager
> =================================
>
> Here is my slapd.conf file
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24
> 23:19:14 kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include		/usr/local/etc/openldap/schema/core.schema
>
> # Define global ACLs to disable default read access.
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral	ldap://root.openldap.org
>
> pidfile		/usr/local/var/slapd.pid
> argsfile	/usr/local/var/slapd.args
>
> # Load dynamic backend modules:
> # modulepath	/usr/local/libexec/openldap
> # moduleload	back_bdb.la
> # moduleload	back_ldap.la
> # moduleload	back_ldbm.la
> # moduleload	back_passwd.la
> # moduleload	back_shell.la
>
> # Sample security restrictions
> #	Require integrity protection (prevent hijacking)
> #	Require 112-bit (3DES or better) encryption for updates
> #	Require 63-bit encryption for simple bind
> # security ssf=1 update_ssf=112 simple_bind=64
>
> # Sample access control policy:
> #	Root DSE: allow anyone to read it
> #	Subschema (sub)entry DSE: allow anyone to read it
> #	Other DSEs:
> #		Allow self write access
> #		Allow authenticated users read access
> #		Allow anonymous users to authenticate
> #	Directives needed to implement policy:
> # access to dn.base="" by * read
> # access to dn.base="cn=Subschema" by * read
> # access to *
> #	by self write
> #	by users read
> #	by anonymous auth
> #
> # if no access controls are present, the default policy is:
> #	Allow read by all
> #
> # rootdn can always write!
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database	bdb
> suffix		"dc=my-domain,dc=com"
> rootdn		"cn=Manager,dc=my-domain,dc=com"
> # Cleartext passwords, especially for the rootdn, should
> # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw		secret
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory	/usr/local/var/openldap-data
> # Indices to maintain
> index	objectClass	eq
>
> System Info:
>
> Cygwin Win95/NT Configuration Diagnostics
> Current System Time: Sat Dec 13 13:27:59 2003
>
> Windows 2000 Professional Ver 5.0 Build 2195 Service Pack 3
> <some deleted>
>      Cygwin DLL version info:
>          DLL version: 1.5.5
>          DLL epoch: 19
>          DLL bad signal mask: 19005
>          DLL old termios: 5
>          DLL malloc env: 28
>          API major: 0
>          API minor: 94
>          Shared data: 3
>          DLL identifier: cygwin1
>          Mount registry: 2
>          Cygnus registry name: Cygnus Solutions
>          Cygwin registry name: Cygwin
>          Program options name: Program Options
>          Cygwin mount registry name: mounts v2
>          Cygdrive flags: cygdrive flags
>          Cygdrive prefix: cygdrive prefix
>          Cygdrive default prefix:
>          Build date: Sat Sep 20 16:31:15 EDT 2003
>          CVS tag: cr-0x9b
>          Shared id: cygwin1S3

-- 
Peter Marschall
eMail: peter@adpm.de

Follow-Ups:
- Re: ldapadd : ldap_bind - Invalid credentials (49)
  - From: Kevin Newman <knewman00@earthlink.net>

References:
- ldapadd : ldap_bind - Invalid credentials (49)
  - From: Kevin Newman <knewman00@earthlink.net>

Prev by Date: Re: ACL for only creating entry
Next by Date: Re: ldapadd : ldap_bind - Invalid credentials (49)
Index(es):
- Chronological
- Thread