[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticating against slapd installed from package



* Marc Tardif <marc@interunion.ca> [2006-07-20 10:53 -0400]:
> I have installed OpenLDAP 2.2.26 from package on Ubuntu 6.06 LTS. The
> postinst script prompts for a password to create an admin user. However,
> when I try to run the ldapsearch command as the admin with that password, I
> get the following error message:
> 
>   $ ldapsearch -x -w password -D "cn=admin,dc=nodomain" '(objectclass=*)'
>   ldap_bind: Invalid credentials (49)
[snip]
> So, any ideas what I might be doing wrong?

I have managed to address the authentication problem encountered by
ldapsearch. It seems that the encryption used for the password wasn't
being recognized by the authentication mechanism. So, I changed the
password for cleartext with the following commands:

  $ /etc/init.d/slapd stop
  $ slapcat -f /etc/ldap/slapd.conf > /tmp/ldap.ldif
  $ perl -p -e 's/::.*/: password/' /tmp/ldap.ldif
  $ slapadd -f /etc/ldap/slapd.conf -l /tmp/ldap.ldif
  $ /etc/init.d/slapd start

Then the ldapsearch command output the content of the LDAP database:

  $ ldapsearch -x -w password -D "cn=admin,dc=nodomain" '(objectclass=*)'
  ...

So, here is the value for the userPassword attribute before ldapsearch
worked:

  userPassword:: e2NyeXB0fUY2ZGdUZmF0SlUubTY=
  
And after ldapsearch started working:

  userPassword:: d2FydGhvZ3M=

Both are meant to be for the same password, so what might be the problem?
Can I change the decryption algorithm from the ldapsearch options?

-- 
Marc Tardif <marc@interunion.ca>
Freenode: cr3, Jabber: cr3@jabber.org
1024D/72679CAD 09A9 D871 F7C4 A18F AC08  674D 2B73 740C 7267 9CAD