[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Invalid credentials

To: Dave Beach <drbeach4@gmail.com>
Subject: Re: Invalid credentials
From: Ryan Tandy <ryan@nardis.ca>
Date: Sun, 21 Feb 2016 11:56:45 -0800
Cc: openldap-technical@openldap.org
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nardis.ca; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=/xJ04uf+UzZOHKu5h2Ue6iiagsObJQ0//PbP7XkcuDY=; b=ZucBn1q7Wf6ZzqxiktWW9hZ7XYqyxzD3EyvtbtdQ6Ayi5ksAqOz1zUX6TRaSGBCYbH QkXWRK5iUMaWzozyS3l3tKcSXaNCGywv0KtTQP1Jkftv/yA6jR02CxnTT6L9oZxxvOrT bh8E4m1ZCBGz5rq8DoKbe0+sCkVHvm3UIntPM=
In-reply-to: <006c01d16cde$b81812e0$284838a0$@gmail.com>
Mail-followup-to: Dave Beach <drbeach4@gmail.com>, openldap-technical@openldap.org
References: <DA06CE5AA35A4905CC681854@192.168.1.9> <003e01d16c06$776a8c10$663fa430$@gmail.com> <CACsf_wx3Xd50ALD2q5+aJrMSZsAVf-S8C6cG4ne5uFLXtJj_kQ@mail.gmail.com> <004801d16cb9$35b79bb0$a126d310$@gmail.com> <20160221174753.GA632@kiwi> <006401d16cd4$01e07990$05a16cb0$@gmail.com> <20160221182836.GB632@kiwi> <006501d16cd7$0fdf0ea0$2f9d2be0$@gmail.com> <20160221192847.GC632@kiwi> <006c01d16cde$b81812e0$284838a0$@gmail.com>
User-agent: Mutt/1.5.23 (2014-03-12)

On Sun, Feb 21, 2016 at 02:33:18PM -0500, Dave Beach wrote:

OK, some sanity checks:
ensure the parent entry exists and has expected contents:
ldapsearch -D cn=admin,dc=drbhome,dc=ca -W -s base -b 'dc=drbhome,dc=ca'

'*' +

("'*' +" is asking for all attributes including operational ones; then the

output will be closer to what you see from slapcat)

Result: 34 Invalid DN syntax
Text: invalid DN


Unexpected.

Did I mistype something?

Did you mistype something when copying it?

If you copied and pasted, did some intermediate step mangle the result(for example transforming the ascii quotes into Unicode fancy ones)?

All of which is reminding me of something I was thinking of earlier: is it
somehow possible that slapcat is able to read the entries (which it does),
but ldapsearch is not because it's reading something OTHER THAN the same
database slapcat is querying?

Your config looked ok to me (nice simple config, hard to mess up), butit's possible. Make sure your slapd and slapcat use the same -fargument.


slapd -f /etc/ldap/slapd.conf [other args ...]

and

slapcat -f /etc/ldap/slapd.conf [other args e.g. -b 'dc=drbhome,dc=ca']

should be operating on the same data.

When you moved the LDAP database from the old machine to this one, youdid that via slapcat/slapadd, right? Did you empty out /var/lib/ldap(except for DB_CONFIG) before slapadd?

Follow-Ups:
- RE: Invalid credentials
  - From: "Dave Beach" <drbeach4@gmail.com>

References:
- RE: Invalid credentials
  - From: "Dave Beach" <drbeach4@gmail.com>
- Re: Invalid credentials
  - From: Cole <cole@opteqint.net>
- RE: Invalid credentials
  - From: "Dave Beach" <drbeach4@gmail.com>
- Re: Invalid credentials
  - From: Ryan Tandy <ryan@nardis.ca>
- RE: Invalid credentials
  - From: "Dave Beach" <drbeach4@gmail.com>
- Re: Invalid credentials
  - From: Ryan Tandy <ryan@nardis.ca>
- RE: Invalid credentials
  - From: "Dave Beach" <drbeach4@gmail.com>
- Re: Invalid credentials
  - From: Ryan Tandy <ryan@nardis.ca>
- RE: Invalid credentials
  - From: "Dave Beach" <drbeach4@gmail.com>

Prev by Date: RE: Invalid credentials
Next by Date: RE: Invalid credentials
Index(es):
- Chronological
- Thread