[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP - no access, user doesn't exist, credentials wrong


today I got started with LDAP and OpenLDAP - but I didn't come far.
I'm using OpenLDAP 2.2.23 and ldaptools of same version from Debian
Sarge. At installation time I was asked about my admin user and
password. I've chosen the defaults admin and secret to give it a try.

But I can't do anything - always get

ldap_bind: Invalid credentials (49)
(when using -x for simple authentication)
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
     additional info: SASL(-13): user not found: no secret in database
(when using SASL)

ldapsearch -D "cn=admin,dc=mysystem,dc=test" -x -w secret cn=itsme
ldapsearch -D "cn=itsme,dc=mysystem,dc=test" uid=ldap -W
and entering mypassword as password.

But I can't see why because
slapcat gives

dn: cn=admin,dc=mysystem,dc=test
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e2NyeXB0fTgxVkZNcmNiM01UODI=
structuralObjectClass: organizationalRole
entryUUID: 4faec8fe-35a8-102a-9a4c-ef0106c19a2b
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20060219152950Z
modifyTimestamp: 20060219152950Z
entryCSN: 20060219152950Z#000002#00#000000

dn: cn=itsme,dc=mysystem,dc=test
cn: itsme
objectClass: top
objectClass: person
userPassword:: bXlwYXNzd29yZA==
structuralObjectClass: person
entryUUID: 1e99d1f0-35cb-102a-905a-afbcd35b240d
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20060219193900Z
modifyTimestamp: 20060219193900Z
entryCSN: 20060219193900Z#000001#00#000000

The second entry I created using slapadd.

So dn as well as passwords exist in the db and are the same I'm
entering, but why I don't have access?

BTW, ACL in slapd.conf was (Debian) standard first, but I now have
opened it up to

access to attrs=userPassword
        by anonymous auth
        by * write

access to *
        by anonymous auth
        by * write

Any suggestions would be great.