[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapsearch: invalid credentials
- To: openldap-software@OpenLDAP.org
- Subject: Re: ldapsearch: invalid credentials
- From: kandryc@miser.umass.edu
- Date: Fri, 19 Aug 2005 17:32:25 -0400
- In-reply-to: <1124483568.430641f083e8c@mail-www2.oit.umass.edu>
- References: <1124483568.430641f083e8c@mail-www2.oit.umass.edu>
- User-agent: Internet Messaging Program (IMP) 3.2
Hello everyone,
I am very new to LDAP and have read through most of O'Reilly's LDAP book. I am
having significant trouble trying to do an ldap seach on a specific person in my
LDAP database. Here is what I am trying to do:
$ ldapsearch -v -x -W -b "dc=domain,dc=com" -D
"uid=myuser,ou=people,dc=domain,dc=com" "(objectclass=*)"
ldap_initialize( ldap://ldap.domain.com )
Enter LDAP Password:
ldap_bind: Invalid credentials
This is the LDIF that was created for the person (password masked):
dn: uid=myuser,ou=people,dc=domain,dc=com
uid: myuser
cn: myuser
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$XXXXXXXX/XXXXXXXXX/
shadowLastChange: 13003
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 100
homeDirectory: /home/myuser
Here is the slapd.cof (I allowed world access for testing purposes):
## slapd.conf
include /path/to/schema/core.schema
include /path/to/schema/cosine.schema
include /path/to/schema/nis.schema
include /path/to/schema/inetorgperson.schema
loglevel any
pidfile /path/to/slapd.pid
argsfile /path/to/slapd.args
TLSCipherSuite HIGH
TLSCertificateFile /path/to/tls.cert
TLSCertificateKeyFile /path/to/tls.key
password-hash {SSHA}
database bdb
suffix "dc=domain,dc=com"
rootdn "cn=Manager,dc=domain,dc=com"
rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
directory /path/to/openldap-data
mode 0600
index objectClass eq
index cn,uid eq
index uidNumber eq
#index guidNumber eq
# ACL
access to *
by * read
Here is the log that gets generated:
slapd[14927]: <= entry_decode(uid=myuser,ou=people,dc=domain,dc=com)
slapd[14927]: => access_allowed: auth access to
"uid=myuser,ou=people,dc=domain,dc=com" "userPassword" requested
slapd[14927]: => acl_get: [1] attr userPassword
slapd[14927]: access_allowed: no res from state (userPassword)
slapd[14927]: => acl_mask: access to entry
"uid=myuser,ou=people,dc=domain,dc=com", attr "userPassword" requested
slapd[14927]: => acl_mask: to value by "", (=0)
slapd[14927]: <= check a_dn_pat: *
slapd[14927]: <= acl_mask: [1] applying read(=rscxd) (stop)
slapd[14927]: <= acl_mask: [1] mask: read(=rscxd)
slapd[14927]: => access_allowed: auth access granted by read(=rscxd)
slapd[14927]: send_ldap_result: conn=0 op=0 p=3
slapd[14927]: send_ldap_result: err=49 matched="" text=""
slapd[14927]: send_ldap_response: msgid=1 tag=97 err=49
slapd[14899]: daemon: activity on 1 descriptors
slapd[14899]: daemon: activity on:
orion slapd[14899]: 13r
slapd[14899]:
slapd[14899]: daemon: read activity on 13
slapd[14899]: connection_get(13)
slapd[14899]: connection_get(13): got connid=0
slapd[14899]: connection_read(13): checking for input on id=0
slapd[14899]: ber_get_next on fd 13 failed errno=0 (Success)
slapd[14899]: connection_read(13): input error=-2 id=0, closing.
slapd[14899]: connection_closing: readying conn=0 sd=13 for close
slapd[14899]: connection_close: deferring conn=0 sd=13
slapd[14899]: daemon: select: listen=6 active_threads=0 tvp=NULL
slapd[14899]: daemon: select: listen=7 active_threads=0 tvp=NULL
slapd[14899]: daemon: activity on 1 descriptors
slapd[14899]: daemon: select: listen=6 active_threads=0 tvp=NULL
slapd[14899]: daemon: select: listen=7 active_threads=0 tvp=NULL
slapd[14927]: conn=0 op=0 RESULT tag=97 err=49 text=
slapd[14927]: connection_resched: attempting closing conn=0 sd=13
slapd[14927]: connection_close: conn=0 sd=13
slapd[14927]: daemon: removing 13
slapd[14927]: conn=0 fd=13 closed
Thanks for your help, it is much appreciated.
Sincerely,
~~K