[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Invalid Credentials error for a Bind DN with spl. character

I am running openLDAP 2.2.26 in Windows XP.  I am using the build made by Lucas http://bergmans.us/list/openldap-windows/.  I have configured slapd.conf to use ldbm database (was wondering if the issue I saw has anything to do with the database in use :-)
Earlier, I was using 256 as debug level.  After your suggestion, I changed it to -1 (All debug).  
During startup, I could see openLDAP reading the suffix as "o=VeriSign\2C Inc.,c=US" but rootDN as "cn=Manager,o=VeriSign2C Inc.,c=US" (note there is no backslash in O value).  So I tried doing a ldapsearch w/o backslash for the bind DN and it worked.
Is this an expected behavior?  I don't know if I mentioned earlier, I have the following entries in slapd.conf for suffix and rootDN.
suffix  "O=VeriSign\2C Inc., C=US"
rootdn  "cn=Manager,O=VeriSign\2C Inc.,C=US"

Pierangelo Masarati <ando@sys-net.it> wrote:
[I assume you intended to post to the list as well.]

> You can see what openLDAP is getting for anonymous search and bind dn
> request:
> conn=0 fd=1216 ACCEPT from IP= (IP=
> conn=0 op=0 BIND dn="" method=128
> connection_input: conn=0 deferring operation: binding
> conn=0 op=0 RESULT tag=97 err=0 text=
> conn=0 op=1 SRCH base="o=VeriSign\2C Inc.,c=US" scope=2 deref=0
> filter="(objectClass=*)"
> conn=0 op=2 UNBIND
> conn=0 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=

^^^ err=32 (noSuchObject): no data exists with that DN

> conn=0 fd=1216 closed
> conn=1 fd=1216 ACCEPT from IP= (IP=
> conn=1 op=0 BIND dn="cn=Manager,o=VeriSign\2C Inc.,c=US" method=128
> conn=1 op=0 RESULT tag=97 err=49 text=

^^^ err=49 (invalidCredentials): can be anything, from invalid credentials
(e.g. wrong password) to many other errors. In any case, it appears that
the DN is parsed correctly. I don't see any evidence of an error in
treating it. I suggest you use a more verbose log level, in an attempt to
find out what's really going on in there. An indication of the version of
OpenLDAP you're using may be of help.


Pierangelo Masarati

SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around