Issue 7263 - ldap_bind: Invalid credentials (49)
Summary: ldap_bind: Invalid credentials (49)
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: historical (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-06 06:55 UTC by sateeshbraju10@gmail.com
Modified: 2018-01-15 02:48 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description sateeshbraju10@gmail.com 2012-05-06 06:55:04 UTC
Full_Name: sateesh raju
Version: openldap-servers-2.2.13-12.el4
OS: rhel4.8 AS
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (192.8.220.9)


Hi Team,

I am able to reset password using slappasswd, but when I am copying that
password and pasting in /etc/openldap/slapd.conf its not working.

When I am giving command as below its giving error.

Could you pls help how to fix this issue.

I have restarted my ldap service as well, but now luck.
==========================================================
Configuratoin file for your reference.

[root@semldslx5031 openldap]# cat /etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/redhat/autofs.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
loglevel        64

# Load dynamic backend modules:
# modulepath    /usr/sbin/openldap
# moduleload    back_bdb.la
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.  Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
TLSCACertificateFile /etc/certs/server.pem
TLSCertificateFile /etc/certs/server.pem
TLSCertificateKeyFile /etc/certs/server.pem

# Sample security restrictions
#       Require integrity protection (prevent hijacking)
#       Require 112-bit (3DES or better) encryption for updates
#       Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#       Root DSE: allow anyone to read it
#       Subschema (sub)entry DSE: allow anyone to read it
#       Other DSEs:
#               Allow self write access
#               Allow authenticated users read access
#               Allow anonymous users to authenticate
#       Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
access to attr=userPassword
        by self write
        by anonymous auth
        by * none
access to *
        by self write
        by * read
#       by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "dc=astrazeneca,dc=net"
rootdn          "cn=Manager,dc=astrazeneca,dc=net"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw                secret
# rootpw                {crypt}ijFYNcSNctBYg
rootpw           {SSHA}QLn21BmSFUGhuB0moI3/LSbovhvR+2GI
#rootpw         {CRYPT}6U9nUz39cnQ7s

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#     bindmethod=sasl saslmech=GSSAPI
#     authcId=host/ldap-master.example.com@EXAMPLE.COM

#replica uri=ldap://semldslx5032.seml.astrazeneca.net:389
replica host=semldslx5032.seml.astrazeneca.net:389
        suffix="dc=astrazeneca,dc=net"
        binddn="cn=Replicator,dc=astrazeneca,dc=net"
        bindmethod=simple credentials=ReplicatorPassword
replogfile /var/lib/ldap/replication.log
sizelimit 5000
[root@semldslx5031 openldap]#
Comment 1 Howard Chu 2012-05-06 14:54:06 UTC
published 7263
marked public
Comment 2 Howard Chu 2012-05-30 13:40:38 UTC
moved from Incoming to Historical
Comment 3 Quanah Gibson-Mount 2018-01-15 02:47:46 UTC
changed state Open to Closed
Comment 4 Quanah Gibson-Mount 2018-01-15 02:48:01 UTC
changed state Closed to Suspended
Comment 5 Quanah Gibson-Mount 2018-01-15 02:48:11 UTC
changed state Suspended to Closed