[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: {ldapsearch|ldapadd|ldapmodify} -y passwfile fails

On 5/11/07, Mark Par <mrbpar@gmail.com> wrote:

I'm getting an error using the -y switch for the ldapsearch, ldapadd,
and ldapmodify programs when specifying the password.  I do, however,
get positive results when using the -w switch.

Using ldapsearch, the exact command and error are:

$ ldapsearch -H ldap:// -x -D 'cn=manager,dc=company,dc=com'
-y passwdfile -b 'ou=people,dc=company,dc=com' '(uid=mark.par)'
ldap_bind: Invalid credentials (49)

$ ldapsearch -H ldap:// -x -D 'cn=manager,dc=company,dc=com'
-w PassWord -b 'ou=people,dc=company,dc=com' '(uid=mark.par)'
# extended LDIF
# LDAPv3
# base <ou=people,dc=company,dc=com> with scope subtree
# filter: (uid=mark.par)
# requesting: ALL

# mark.par, people, company.com
dn: uid=mark.par,ou=people,dc=company,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
homeDirectory: /home/mark.par
cn: mark par
uid: mark.par
loginShell: /bin/ksh
userPassword:: aWFrem9rLkdyeW61
uidNumber: 1177
gidNumber: 1177

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

I am using NetBSD 3.1.0_PATCH and OpenLDAP 2.3.32 compiled from the
packages collection (pkgsrc). Could anyone provide some hints?

Here's what I had to do on solaris for -y to work:
printf "PassWord" >> passwdfile

If you truss (ktruss on netbsd) you will see that ldapsearch doesn't
chomp the \n from the passwdfile and the newline (Will show up as a $
at the end if you cat -vet passwdfile) is added to the password for
the bind, thus the failure.

When you cat -vet your file, it should have no control characters at all.

Also make sure the permissions are correct.