Re: Unable to run ldapsearch

On Tue, Mar 18, 2008 at 4:45 PM, Kevin Kim <surelybless@gmail.com> wrote:

Yes, that worked, but crypt library is same..

ldd /opt/libexec/slapd | grep crypt

libcrypto.so.0.9.8 => /usr/local/ssl/lib/libcrypto.so.0.9.8
[16:36:19][root@bai-qadev-mw1:/usr/local/ssl/certs]$ ldd /opt/sbin/slappasswd | grep crypt

libcrypto.so.0.9.8 => /usr/local/ssl/lib/libcrypto.so.0.9.8

Following error is output using -Z option:

/opt/bin/ldapsearch -x -Z -W -D "uid=testuser,ou=People,dc=myorg,dc=com" "(objectclass=*)"
ldap_start_tls: Protocol error (2)

Enter LDAP Password:
ldap_bind: Invalid credentials (49)

On Tue, Mar 18, 2008 at 4:19 PM, Patrick Shinpaugh <shpatric@vt.edu> wrote:

Try running the ldapsearch with the cn=Manager and its password - if
that works then take a look at the response from Dieter Kluenter
concerning the crypt library used... could be that when slapd is
hashing your password it isn't matching.

Kevin Kim wrote:
> When I try running it with -Z option, I got
>
> Enter LDAP Password:
> connection_get(11): got connid=5
> connection_read(11): checking for input on id=5
> ber_get_next
> ber_get_next: tag 0x30 len 58 contents:
> ber_get_next
> conn=5 op=1 do_bind
> ber_scanf fmt ({imt) ber:
> ber_scanf fmt (m}) ber:
> >>> dnPrettyNormal: <uid=testuser,ou=People,dc=myorg,dc=com>
> <<< dnPrettyNormal: <uid=testuser,ou=People,dc=myorg,dc=com>,
> <uid=testuser,ou=people,dc=myorg,dc=com>
> do_bind: version=3 dn="uid=testuser,ou=People,dc=myorg,dc=com" method=128
> bdb_dn2entry("uid=testuser,ou=people,dc=myorg,dc=com")
> send_ldap_result: conn=5 op=1 p=3
> send_ldap_response: msgid=2 tag=97 err=49
> ber_flush2: 14 bytes to sd 11
> ldap_bind: Invalid credentials (49)
>
> Is ldapsearch requires special secuirity module compared to ldapadd?
>
>
>
> On Tue, Mar 18, 2008 at 1:26 PM, Patrick Shinpaugh <shpatric@vt.edu

> <mailto:shpatric@vt.edu>> wrote:
>
> The error from your ldapsearch may give a clue...
>
> ldap_bind: Confidentiality required (13)
> additional info: TLS confidentiality required
>
> Try adding the -Z option to your ldapsearch
>
>
>
> Kevin Kim wrote:
> > I also did
> >
> > $ /opt/bin/ldapadd -Z -x -W -D "cn=Manager,dc=myorg,dc=com" -v -f
> > person.ldif
> > ldap_initialize( <DEFAULT> )
> > Enter LDAP Password:
> > add objectclass:
> > account
> > posixAccount
> > shadowAccount
> > inetLocalMailRecipient
> > add cn:
> > Test User
> > add uid:
> > testuser
> > add userPassword:
> > {crypt}s58TNiuL/tcM.
> > add loginShell:
> > /usr/bin/bash
> > add uidnumber:
> > 1001
> > add gidnumber:
> > 500
> > add homeDirectory:
> > /home/admin/testuser
> > add mailLocalAddress:
> > testuser@myorg.com <mailto:testuser@myorg.com>

> <mailto:testuser@myorg.com <mailto:testuser@myorg.com>>

> > add mailRoutingAddress:
> > testuser@mailhost.myorg.com
> <mailto:testuser@mailhost.myorg.com>
> <mailto:testuser@mailhost.myorg.com
> <mailto:testuser@mailhost.myorg.com>>
> > add host:
> > somehost.myorg.com <http://somehost.myorg.com/>
> <http://somehost.myorg.com <http://somehost.myorg.com/>>
> > someotherhost.myorg.com
> <http://someotherhost.myorg.com/> <http://someotherhost.myorg.com
> <http://someotherhost.myorg.com/>>
> > anotherhost.myorg.com <http://anotherhost.myorg.com/>
> <http://anotherhost.myorg.com <http://anotherhost.myorg.com/>>

> > add shadowLastChange:
> > 12193
> > add shadowMin:
> > 0
> > add shadowMax:
> > 99999
> > add shadowWarning:
> > 7
> > add shadowInactive:
> > 1
> > add shadowExpire:
> > 12999
> > add gecos:
> > Test User
> > adding new entry "uid=testuser,ou=People,dc=myorg,dc=com"
> > modify complete
> >
> > then,
> >
> > $ /opt/bin/ldapsearch -x -W -D
> > "uid=testuser,ou=People,dc=myorg,dc=com" "(objectclass=*)"
> > Enter LDAP Password:
> > ldap_bind: Confidentiality required (13)
> > additional info: TLS confidentiality required
> >
> > any help will be appreciated.
> >
> > On Tue, Mar 18, 2008 at 11:50 AM, Kevin Kim
> <surelybless@gmail.com <mailto:surelybless@gmail.com>

> > <mailto:surelybless@gmail.com <mailto:surelybless@gmail.com>>>

> wrote:
> >
> > Correction: I did ran with
> > /opt/bin/ldapsearch -x -W -D
> "uid=testuser,ou=People,dc=myorg,dc=com"
> > and I am still getting same error.
> > On Tue, Mar 18, 2008 at 11:44 AM, Kevin Kim
> <surelybless@gmail.com <mailto:surelybless@gmail.com>

> > <mailto:surelybless@gmail.com

> <mailto:surelybless@gmail.com>>> wrote:
> >
> > Can someone help me find the problem with ldapsearch?
> >
> > I can insert the data using ldapadd:
> > /opt/bin/ldapadd -Z -x -W -D "cn=Manager,dc=myorg,dc=com" -v
> > -f toplevel.ldif
> > ldap_initialize( <DEFAULT> )
> > Enter LDAP Password:
> > ...........
> > modify complete
> > but I am not able to run ldapsearch:
> > /opt/etc/openldap/ldif_files]$ /opt/bin/ldapsearch -x -W -D
> > "uid=testuser,ou=People,dc=scivantage,dc=com"
> "(objectclass=*)"
> > Enter LDAP Password:
> > ldap_bind: Invalid credentials (49)
> >
> > my slapd.conf files:
> > defaultsearchbase dc=myorg,dc=com
> >
> > access to attrs=userPassword
> > by self write
> > by anonymous auth
> > by * none
> > access to *
> > by self write
> > by users read
> > by * none
> >
> > database bdb
> > suffix "dc=myorg,dc=com"
> > rootdn "cn=Manager,dc=myorg,dc=com"
> >
> > Also, if run ldapwhoami:
> > /opt/bin/ldapwhoami
> > ldap_sasl_interactive_bind_s: Confidentiality required (13)
> >
> > I will be appreciated,
> >
> > Kevin
> >
> >
> >
>
> --
> Patrick Shinpaugh
> Virginia Tech
> UVAG System Administrator/Programmer
> 540-231-2054
>
>

--

Patrick Shinpaugh
Virginia Tech
UVAG System Administrator/Programmer
540-231-2054