[Date Prev][Date Next]
Re: Invalid Credentials error for a Bind DN with spl. character
- To: firstname.lastname@example.org
- Subject: Re: Invalid Credentials error for a Bind DN with spl. character
- From: snsk <email@example.com>
- Date: Thu, 21 Jul 2005 06:38:48 -0700 (PDT)
- Cc: Openldap-Software <openldap-software@OpenLDAP.org>
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=5kmY6+EiqhEivHZh9fncM7tNHaqlxDrf2423r92NTHy8xo6Gz+L9OyvdbVoZn+6GLcz1f6ZNN1bg/8Uk6QiD+1g2xCJoFLHPEY6zkUd2Q6TqnlyS2bfyM3QikEf/jL44dUYgA/V0IbiffcKCewzZS6h1X2pvL3HLUwNmmB8+3p8= ;
- In-reply-to: <firstname.lastname@example.org>
I am running openLDAP 2.2.26 in Windows XP. I am using the build made by Lucas http://bergmans.us/list/openldap-windows/. I have configured slapd.conf to use ldbm database (was wondering if the issue I saw has anything to do with the database in use :-)
Earlier, I was using 256 as debug level. After your suggestion, I changed it to -1 (All debug).
During startup, I could see openLDAP reading the suffix as "o=VeriSign\2C Inc.,c=US" but rootDN as "cn=Manager,o=VeriSign2C Inc.,c=US" (note there is no backslash in O value). So I tried doing a ldapsearch w/o backslash for the bind DN and it worked.
Is this an expected behavior? I don't know if I mentioned earlier, I have the following entries in slapd.conf for suffix and rootDN.
suffix "O=VeriSign\2C Inc., C=US"
rootdn "cn=Manager,O=VeriSign\2C Inc.,C=US"
Pierangelo Masarati <email@example.com> wrote:
[I assume you intended to post to the list as well.]
> You can see what openLDAP is getting for anonymous search and bind dn
> conn=0 fd=1216 ACCEPT from IP=127.0.0.1:3390 (IP=0.0.0.0:389)
> conn=0 op=0 BIND dn="" method=128
> connection_input: conn=0 deferring operation: binding
> conn=0 op=0 RESULT tag=97 err=0 text=
> conn=0 op=1 SRCH base="o=VeriSign\2C Inc.,c=US" scope=2 deref=0
> conn=0 op=2 UNBIND
> conn=0 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
^^^ err=32 (noSuchObject): no data exists with that DN
> conn=0 fd=1216 closed
> conn=1 fd=1216 ACCEPT from IP=127.0.0.1:3393 (IP=0.0.0.0:389)
> conn=1 op=0 BIND dn="cn=Manager,o=VeriSign\2C Inc.,c=US" method=128
> conn=1 op=0 RESULT tag=97 err=49 text=
^^^ err=49 (invalidCredentials): can be anything, from invalid credentials
(e.g. wrong password) to many other errors. In any case, it appears that
the DN is parsed correctly. I don't see any evidence of an error in
treating it. I suggest you use a more verbose log level, in an attempt to
find out what's really going on in there. An indication of the version of
OpenLDAP you're using may be of help.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around