Re: ldapmodify : ldap_bind - Invalid credentials (49)

["matthew sporleder" <msporleder@gmail.com>]

On 9/13/06, Tu Haiyi <tu_haiyi@bah.com> wrote:
>  Hi All, I am a new LDAP user. I just installed OpenLDAP 2.2.29 on Windows
> XP. I can use LDAP Browser to connect but I can't make ldapmodify work. Here
> is my command: ldapmodify -w secret -f ldapmodify.ldif then I get ldap_bind:
> Invalid credentials (49) It seems to be pretty simple but I could not find
> the problem. My ldapmodify.ldif file is: dn: o=example.com objectclass: top
> objectclass: organization o: example.com description: example corp dn:
> ou=Employees,cn=Manager, dc=my-domain,dc=com objectclass: top objectclass:
> organizationalUnit ou: Employees description: all employees dn:
> uid=user1,ou=Employees,o=example.com objectclass: top objectclass: person
> objectclass: organizationalPerson cn: John Doe sn: Doe givenname: John uid:
> user1 userpassword: password ou: Employees description: user1 My slapd.conf
> is: # # See slapd.conf(5) for details on configuration options. # This file
> should NOT be world readable. # ucdata-path ./ucdata include
> ./schema/core.schema # Define global ACLs to disable default read access. #
> Do not enable referrals until AFTER you have a working directory # service
> AND an understanding of referrals. #referral ldap:/root.openldap.org pidfile
> ./run/slapd.pid argsfile ./run/slapd.args # Load dynamic backend modules: #
> modulepath ./libexec/openldap # moduleload back_bdb.la # moduleload
> back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la #
> moduleload back_shell.la # Sample security restrictions # Require integrity
> protection (prevent hijacking) # Require 112-bit (3DES or better) encryption
> for updates # Require 63-bit encryption for simple bind # security ssf=1
> update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE:
> allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it
> # Other DSEs: # Allow self write access # Allow authenticated users read
> access # Allow anonymous users to authenticate # Directives needed to
> implement policy: # access to dn.base="" by * read # access to
> dn.base="cn=Subschema" by * read # access to * # by self write # by users
> read # by anonymous auth # # if no access controls are present, the default
> policy # allows anyone and everyone to read anything but restricts # updates
> to rootdn. (e.g., "access to * by * read") # # rootdn can always read and
> write EVERYTHING!
> #######################################################################
> # BDB database definitions
> #######################################################################
> database bdb suffix "dc=my-domain,dc=com" rootdn
> "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords,
> especially for the rootdn, should # be avoid. See slappasswd(8) and
> slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw
> secret # The database directory MUST exist prior to running slapd AND #
> should only be accessible by the slapd and slap tools. # Mode 700
> recommended. directory ./data # Indices to maintain index objectClass eq Can
> someone tell me what the problem is? Thanks in advance. Haiyi


Verify your rootdn and rootpw match what's actually in your config.
Also, make sure your syntax is correct.  I would be able to tell you,
but your email is next to impossible to read.

_Matt