[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: do_bind: invalid dn

Dan Burkland wrote:
-----Original Message-----
From: openldap-software-bounces+dburklan=nmdp.org@OpenLDAP.org [mailto:openldap-software-bounces+dburklan=nmdp.org@OpenLDAP.org] On Behalf Of Joshua Lim
Sent: Monday, May 17, 2010 12:21 PM
To: openldap-software@openldap.org
Subject: Re: do_bind: invalid dn

Any thoughts? I tried the following, entered the correct password 'password' and got: ldap_bind: Invalid credentials (49)

ldapsearch -x -D cn=wael,dc=click,dc=com -h localhost -W -b '' namingContexts

Log shows:

 >>> slap_listener(ldap://JOSHUAPC:389)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next: tag 0x30 len 47 contents:
op tag 0x60, time 1273506428
conn=0 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
 >>> dnPrettyNormal: <cn=wael,dc=click,dc=com>
<<< dnPrettyNormal: <cn=wael,dc=click,dc=com>, <cn=wael,dc=click,dc=com>
do_bind: version=3 dn="cn=wael,dc=click,dc=com" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 22 bytes to sd 2140
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next on fd 10 failed errno=0 (unknown WSA error)
connection_close: conn=0 sd=10

My slapd.conf (i basically used the default, only suffix, rootdn and
rootpw is changed):
database    bdb
suffix        "dc=click,dc=com"
rootdn        "cn=wael,dc=click,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw        password
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory ./data
searchstack 20
# Indices to maintain
index mail pres,eq
index objectclass pres
index default eq,sub
index sn eq,sub,subinitial
index telephonenumber
index cn

I may be wrong but I believe your rootpw value needs to be a hash value. Use slappasswd to generate one and then replace password with it. Restart the service and let me know if you experience the same issue.



Thanks Dan, yes, that was the reason.  :)