[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Invalid Credentials Error

Lee wrote:
Hey All,
We used to run 2.0, but are now upgrading to 2.1.21. We first slapcatted the directory to a file, then tried moved over the old config files, replaced the old schema with 2.1's schema, changed the ldbm to bdb in the config file then ran:

slapadd -l /root/dump_new -f slapd.conf -c

The old dump is then imported (what appears to be successfully). I am able to slapcat the directory at this point to confirm that the slapadd was successful.

The problem is that when I run ldapsearch (the exact same command i run on our old server sucessfully), i get a :

"ldap_bind: Invalid credentials (49)" error.

Im binding as manager, which is in the directory (i saw it in the slapcat) and in the slapd.conf file. The dn and ssha hashed password listed for Manager slapd.conf is exactly the same as the old directory.

Any ideas?



Here is the compile flag for both the old and new directory:

./configure --prefix=/usr/local/encap/openldap-2.1.21 --enable-multimaster --with-cyrus-sasl --with-tls

SASL is installed.

Here is the ldapsearch command I used:

ldapsearch -d10 -h localhost -LLL -b "ou=publicLists,dc=organization,dc=com" -s sub -x -D "cn=Manager,ou=software,dc=organization,dc=com" -W "objectclass=*"

Here is slapd.conf:

include         /export/openldap/etc/schema/core.schema
include         /export/openldap/etc/schema/misc.schema
include         /export/openldap/etc/schema/cosine.schema
include         /export/openldap/etc/schema/inetorgperson.schema

pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args

access to dn.base="" by * none

access to * by self read
            by * auth

database bdb suffix "dc=organization,dc=com" rootdn "cn=Manager,ou=software,dc=organization,dc=com"

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          {SSHA}DSFfjhksldf2389dDFs^&jfklsfjklDZg7y+q5fm8Y7

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /export/openldap/var/openldap-bdb

# Indices to maintain
index default pres,eq
index objectClass,uid,cn

loglevel -1

TLSCertificateFile /export/openldap/etc/ldapcert.pem
TLSCertificateKeyFile /export/openldap/etc/ldapkey.pem
TLSCACertificateFile /export/openldap/etc/demoCA/cacert.pem

Hi Lee,

Try your bind with option '-x' to force a simple bind.


Christian Pohl

The From: and Reply-To: addresses are internal news2mail gateway addresses.
Reply to the list or to Christian Pohl <pohl@secaron.de>