[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Invalid Credentials Error

To: openldap-software@OpenLDAP.org
Subject: Re: Invalid Credentials Error
From: Christian Pohl <list-openldap-software@mail2news-gw.secaron.de>
Date: Tue, 24 Jun 2003 08:12:20 +0200
Delivered-to: news2mail@mail2news-gw.secaron.de
Organization: Secaron AG Munich
References: <C531DD63-A585-11D7-9EC0-000393DBC2CA@brown.edu>

Lee wrote:

Hey All, We used to run 2.0, but are now upgrading to 2.1.21. We first slapcatted the directory to a file, then tried moved over the old config files, replaced the old schema with 2.1's schema, changed the ldbm to bdb in the config file then ran:
slapadd -l /root/dump_new -f slapd.conf -c
The old dump is then imported (what appears to be successfully). I am able to slapcat the directory at this point to confirm that the slapadd was successful.

The problem is that when I run ldapsearch (the exact same command i run on our old server sucessfully), i get a :
"ldap_bind: Invalid credentials (49)" error.
Im binding as manager, which is in the directory (i saw it in the slapcat) and in the slapd.conf file. The dn and ssha hashed password listed for Manager slapd.conf is exactly the same as the old directory.
Any ideas?
Thanks,
Lee
-------------------------------------
Here is the compile flag for both the old and new directory:
./configure --prefix=/usr/local/encap/openldap-2.1.21 --enable-multimaster --with-cyrus-sasl --with-tls
SASL is installed.
Here is the ldapsearch command I used:
ldapsearch -d10 -h localhost -LLL -b "ou=publicLists,dc=organization,dc=com" -s sub -x -D "cn=Manager,ou=software,dc=organization,dc=com" -W "objectclass=*"
Here is slapd.conf:
include         /export/openldap/etc/schema/core.schema
include         /export/openldap/etc/schema/misc.schema
include         /export/openldap/etc/schema/cosine.schema
include         /export/openldap/etc/schema/inetorgperson.schema
pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args
access to dn.base="" by * none
access to * by self read
            by * auth
database        bdb
suffix          "dc=organization,dc=com"
rootdn          "cn=Manager,ou=software,dc=organization,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          {SSHA}DSFfjhksldf2389dDFs^&jfklsfjklDZg7y+q5fm8Y7
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /export/openldap/var/openldap-bdb
# Indices to maintain
index default pres,eq
index objectClass,uid,cn
loglevel -1
# TLS / SSL
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /export/openldap/etc/ldapcert.pem
TLSCertificateKeyFile /export/openldap/etc/ldapkey.pem
TLSCACertificateFile /export/openldap/etc/demoCA/cacert.pem


Hi Lee,

Try your bind with option '-x' to force a simple bind.

Chris

--
Christian Pohl
»|secaron

--
The From: and Reply-To: addresses are internal news2mail gateway addresses.
Reply to the list or to Christian Pohl <pohl@secaron.de>

References:
- Invalid Credentials Error
  - From: Lee <lee_hoffman@brown.edu>

Prev by Date: Re: about "referral objectclass"
Next by Date: Re: schema definition precedence
Index(es):
- Chronological
- Thread