[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind: Invalid credentials (49)



On Tuesday 16 June 2009 09:30:01 J. Bakshi wrote:
> Emmanuel Lecharny wrote:

> Thanks for the great oneliner tip !!
>
> The API which is doing the search is making the DN as
> ("uid=rbilly,ou=people,dc=example,dc=com") and to debug it I also
> executed the command manually based on the same DN.   But your kind
> suggestion has clarified everything. I  have created some users and this
> time I have inserted so that  the DN starts with uid  and I got success.

Note that most likely your application is broken, assuming that the DN can be 
constructed from a suffix and a username is not a good idea. The application 
should search for an entry that has a matching value for the "username" 
attribute is using, and bind as the resulting DN. This would allow the RDN to 
differ from the username attribute.

Regards,
Buchan