[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch for accont object class

Dear Dieter ,
Thanks for your response. I am using LDAP as a centrtal authentication unit, and migrated all the linux accounts to ldap via some migration tools. currently authentication for linux users work fine i.e. "su sriram then inputing the password" doesnt complain, but when I want to bind to ldap using a user DN (ex ldapsearch "uid=sriram,ou=People,dc=ibm,dc=com" -W -x) I get the Invalid credentials (49) error. I added  password-hash   {CRYPR} to my slapd.config file, however, it prevented the server from running.

the other entry, "cn=fratbrother,ou=People,dc=ibm,dc=com", I added manually. Although the hashing method is SSHA, when I add password-hash   {MD5} to my slapd.config, I still can successfully bind. I dont know why this is happening... since the password-hash method has changed, I expect to get the Invalid credentials error... any ideas?

----- Original Message ----
From: Dieter Kluenter <dieter@dkluenter.de>
To: openldap-technical@openldap.org
Sent: Tuesday, February 19, 2008 11:33:05 PM
Subject: Re: ldapsearch for accont object class

Hamidreza Hamedtoolloei <hamedtoolloei@yahoo.com> writes:

> Dear all,
> Below is the "partial" content of my openldap db.
> when I do:
>  ldapsearch -D "cn=fratbrother,ou=People,dc=ibm,dc=com" -w password -x
> everything is fine. However, when I do
> ldapsearch -D "uid=sriram,ou=People,dc=ibm,dc=com" -w password -x
> I get the ldap_bind: Invalid credentials (49) error.
> is this related to the "account" object class?
> it seems that none of the openLdap tools such as ldapsearch,ldappasswd works
> for "account" object class.. is the syntax different for this type of class?
> p.s. in my slapd.config for ACL I have
>  access to *
>            by * read

Your problem seem to be different password hashing methods

> # sriram, People, ibm.com
> dn: uid=sriram,ou=People,dc=ibm,dc=com

> userPassword:: e2NyeXB0fSQxJC82bGVIazhGJEY3bHpuS1d2bi5UWmQuZ2o1TUhqLy4=

this is a crypt hashed passwword

> dn: cn=fratbrother,ou=People,dc=ibm,dc=com

> userPassword:: e1NTSEF9aXVxUkw1MlAvaS9XUkRkNHhuN0lEbUl3VnhhekRzV2s=

this is a ssha hashed password.

-Dieter

--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6


Looking for last minute shopping deals? Find them fast with Yahoo! Search.