[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd -d9 --- Invalid credentials



Thanks Aaron, Buchan, and Erich,
    using clear text passwd.  the replication to the slaves work now.

I will look at using SASL, so that I can have an encyrpted passwd for it.

Just curious,  anyway I can use encrypted passwd for the proxyuser also?  This passwd is currently in /etc/ldap.secret with perm 0600 in clear text.  I've read that this has to be on every system (ldap server or client).

Thanks,
Steven

----- Original Message ----
From: Aaron Richton <richton@nbcs.rutgers.edu>
To: Steven Wong <slqwong@yahoo.com>
Cc: openLDAP software <openldap-software@OpenLDAP.org>
Sent: Saturday, July 15, 2006 9:59:15 AM
Subject: Re: slurpd -d9  --- Invalid credentials

Given
> replica host=<server3>:389
>         credentials={MD5}$1$ghofW1$RazQvsgWa/7dtiphrRRPe0
you'll get
> Error: ldap_simple_bind_s for <server3>:389 failed: Invalid credentials

because the argument to "credentials=" must be (to use the term of 
slapd.conf(5)) a "simple password," unhashed. That is, do not put
"{MD5}blah," but rather put "secret" itself (which hashes to {MD5}*).

If this bothers you, switch to a SASL mechanism. You have the same issue 
with <server2>, by the way.