[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldappasswd question...

To: <openldap-software@openldap.org>
Subject: ldappasswd question...
From: "Dan Denton" <ddenton@remitpro.com>
Date: Fri, 5 Oct 2007 11:21:29 -0500
Content-language: en-us
Thread-index: AcgHa8kPR2G1IpUkTHWme7rzpTOoeg==

Hello list,

I've been halfway successful so far in setting up an ldap server, but have
run into issues when setting passwords using ldappasswd. The server is RHEL
4, running openldap-2.2.13-7.4E (server and clients) provided by RedHat. 

I've successfully gotten the server listening, and have added entries to the
database, and can even access it from my outlook installation (browsing of
course). 

When I run the following command on my ldap server, I get the following
output:

[root@TESTBED002 sbin]# ldappasswd -WS -D
'cn=root,ou=users,dc=remitpro,dc=local' jdoe -d 300
New password:
Re-enter new password:
Enter LDAP Password:
request 1 done
SASL/DIGEST-MD5 authentication started
request 2 done
Please enter your password:
request 3 done
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
        additional info: SASL(-13): user not found: no secret in database

The first two prompts seem pretty straightforward, in that it seems to be
asking for the user's new password. The second and third have me stumped. Is
the second password (LDAP Password) the bind password for the root user? If
so, by entering that, the result is being sent straight to the final error
message. If I hit enter (blank) at that prompt, I'm sent to the 'MD5'
prompt, and which point anything I enter gets me the final error message. 

I know this is probably something obvious I'm missing, and I'm sure it's a
nube issue, but a day of banging my head against the wall (and searching
google, and the list archives) hasn't given me an answer I can use, or make
sense of.

Thanks in advance...

Danno

P.S. - here's what I think is the relevant part of my conf file, and a
listing from slapcat.

database        bdb
suffix          "dc=remitpro,dc=local"
rootdn          "cn=root,dc=remitpro,dc=local"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
#rootpw         {MD5}OT6nyd+82+aATLn5z2BfwQ==



dn: dc=remitpro,dc=local
objectClass: dcObject
objectClass: organization
o: Test Company
dc: remitpro
structuralObjectClass: organization
entryUUID: a4a2b22a-070d-102c-9eb8-90018c9f14f8
creatorsName: cn=root,dc=remitpro,dc=local
createTimestamp: 20071004213642Z
entryCSN: 20071004213642Z#000001#00#000000
modifiersName: cn=root,dc=remitpro,dc=local
modifyTimestamp: 20071004213642Z

dn: cn=root,dc=remitpro,dc=local
objectClass: organizationalRole
cn: root
structuralObjectClass: organizationalRole
entryUUID: a4ab3d28-070d-102c-9eb9-90018c9f14f8
creatorsName: cn=root,dc=remitpro,dc=local
createTimestamp: 20071004213642Z
entryCSN: 20071004213642Z#000002#00#000000
modifiersName: cn=root,dc=remitpro,dc=local
modifyTimestamp: 20071004213642Z

dn: ou=users,dc=remitpro,dc=local
objectClass: organizationalUnit
ou: users
structuralObjectClass: organizationalUnit
entryUUID: c8b22af6-070d-102c-9eba-90018c9f14f8
creatorsName: cn=root,dc=remitpro,dc=local
createTimestamp: 20071004213743Z
entryCSN: 20071004213743Z#000001#00#000000
modifiersName: cn=root,dc=remitpro,dc=local
modifyTimestamp: 20071004213743Z

dn: cn=jdoe,ou=users,dc=remitpro,dc=local
structuralObjectClass: organizationalPerson
entryUUID: b40f9524-070e-102c-9ebd-90018c9f14f8
creatorsName: cn=root,dc=remitpro,dc=local
createTimestamp: 20071004214418Z
objectClass: organizationalPerson
cn: jdoe
sn: Doe
userPassword:: c2VjcmV0
entryCSN: 20071004215535Z#000001#00#000000
modifiersName: cn=root,dc=remitpro,dc=local
modifyTimestamp: 20071004215535Z

dn: cn=bsmith,ou=users,dc=remitpro,dc=local
structuralObjectClass: organizationalPerson
entryUUID: fa14e16e-070e-102c-9ebe-90018c9f14f8
creatorsName: cn=root,dc=remitpro,dc=local
createTimestamp: 20071004214615Z
objectClass: person
objectClass: organizationalPerson
cn: bsmith
cn: Bob Smith
sn: Smith
userPassword:: c2VjcmV0
title: Lackey
telephoneNumber: 4028610005
entryCSN: 20071005144910Z#000001#00#000000
modifiersName: cn=root,dc=remitpro,dc=local
modifyTimestamp: 20071005144910Z

dn: cn=jjohnson,ou=users,dc=remitpro,dc=local
structuralObjectClass: inetOrgPerson
entryUUID: 6173c7e6-079e-102c-9ec4-90018c9f14f8
creatorsName: cn=root,dc=remitpro,dc=local
createTimestamp: 20071005145247Z
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
cn: jjohnson
cn: Jim Johnson
sn: Johnson
uid: jjohnson
userPassword:: c2VjcmV0
uidNumber: 513
gidNumber: 513
title: Lackey
mail: ddenton@remitpro.com
givenName: Jim
displayName: Jim Johnson
initials: JJ
roomNumber: IT
physicalDeliveryOfficeName: IT
homeDirectory: /home/jjohnson
entryCSN: 20071005151734Z#000001#00#000000
modifiersName: cn=root,dc=remitpro,dc=local
modifyTimestamp: 20071005151734Z

Follow-Ups:
- Re: ldappasswd question...
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: ACL to bind groups from a IP
Next by Date: Re: No such object
Index(es):
- Chronological
- Thread