[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind: Invalid credentials (49)

To: Razvan Deaconescu <razvan@rosedu.org>
Subject: Re: ldap_bind: Invalid credentials (49)
From: Ondrej Kuznik <ondrej.kuznik@acision.com>
Date: Thu, 3 Feb 2011 10:02:03 +0100
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <4D4A5AAB.8040004@rosedu.org>
Organization: Acision
References: <4D49D183.4060103@yahoo.com> <4D49D774.7080803@yahoo.com> <4D49DD3D.9040801@yahoo.com> <4D4A5AAB.8040004@rosedu.org>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20101226 Iceowl/1.0b1 Icedove/3.0.11

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/03/2011 08:35 AM, Razvan Deaconescu wrote:
> On 02/03/2011 12:39 AM, John Espiro wrote:
>>> Seems that this might be the solution...
>>> http://stackoverflow.com/questions/3057257/ubuntu-10-04-lucid-openldap-invalid-credentials-issue
>>>
>> Actually, it seems that that wasn't the solution...
>>
>> So when I run:
>>
>>     ldapsearch -x -H ldap://127.0.0.1 -b 'cn=config' -D 'cn=config'  -s
>> base -LLL -W olcLoglevel
>>
>> I get:
>>     Enter LDAP Password:
>>     ldap_bind: Invalid credentials (49)
>>
>> Funny thing is, I never had any problems configuring ldap until I
>> switched to Ubuntu.
> 
> Hi, John!
> 
> I described a similar issue a few days ago[1] (reported for Debian). I
> found the only solution was manually editing the
> olcDatabase={0}config.ldif file (adding an olcRootPW line).
> 
> I've posted a message on the debian-user mailing list[2] but found not
> solution until now.
> 
> Răzvan
> 
> [1] http://www.openldap.org/lists/openldap-technical/201101/msg00307.html
> [2] http://lists.debian.org/debian-user/2011/02/msg00115.html
> 

If you are running Ubuntu or Debian, they both AFAIK set up the server
so that the root user has (if connecting properly) manage privileges. So
there is no need to edit the ldif by hand.

To check, try connecting as root to the UNIX socket OpenLDAP should be
listening on:

ldapwhoami -H ldapi:// -Y EXTERNAL

should return:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

This identity should be allowed to do pretty much as it pleases at least
within the cn=config db.

Ondra
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1KbwsACgkQ9GWxeeH+cXsy5wCcCSL4lU/zawDqvsR7JoUmvX/E
FnEAoK3BLUYP/Y8FnzW0AayTS7Eb7MY4
=/7vx
-----END PGP SIGNATURE-----

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

References:
- ldap_bind: Invalid credentials (49)
  - From: John Espiro <john_espiro@yahoo.com>
- Re: ldap_bind: Invalid credentials (49)
  - From: John Espiro <john_espiro@yahoo.com>
- Re: ldap_bind: Invalid credentials (49)
  - From: John Espiro <john_espiro@yahoo.com>
- Re: ldap_bind: Invalid credentials (49)
  - From: Razvan Deaconescu <razvan@rosedu.org>

Prev by Date: AccessLog behaviour
Next by Date: Re: Which backend should I use?
Index(es):
- Chronological
- Thread