[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ldapmodify : ldap_bind - Invalid credentials (49)
- To: "Buchan Milne" <bgmilne@staff.telkomsa.net>
- Subject: RE: ldapmodify : ldap_bind - Invalid credentials (49)
- From: "Tu Haiyi" <tu_haiyi@bah.com>
- Date: Thu, 14 Sep 2006 09:40:13 -0400
- Cc: <openldap-software@OpenLDAP.org>
- Content-class: urn:content-classes:message
- Thread-index: AcbXzclMcgHYKCSSTde7Z9KPM/W1DAAM39Uw
- Thread-topic: ldapmodify : ldap_bind - Invalid credentials (49)
Thank you Buchan. I was able to add ou=Employees under
cn=Manager,dc=my-domain,dc=com. I also added cn=John Doe under
ou=Employees. I can see John Doe in LDAPBrowser so it is like
dc=my-domain,dc=com
cn=Manager
ou=Employees
cn=John Doe
but when I tried to do
ldapsearch -D "ou=Employees,cn=Manager,dc=my-domain,dc=com" -s sub cn sn
-x -w secret -v
I got an error
Ldap_bind: Invalid credentials (49)
If I remove ou=Employees from my ldapsearch, like
ldapsearch -D "cn=Manager,dc=my-domain,dc=com" -s sub cn sn -x -w secret
-v
I did not get any error but no record either (see below)
filter: (objectclass=*)
requesting: cn sn
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: cn sn
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
Why can't I find John Doe since it is obviously in there?
Thanks.
Haiyi
-----Original Message-----
From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net]
Sent: Thursday, September 14, 2006 3:17 AM
To: Tu Haiyi
Cc: openldap-software@openldap.org
Subject: Re: ldapmodify : ldap_bind - Invalid credentials (49)
On Wednesday 13 September 2006 18:41, Tu Haiyi wrote:
> Hi All,
>
> I am a new LDAP user. I just installed OpenLDAP 2.2.29 on Windows XP.
> I can use LDAP Browser to connect but I can't make ldapmodify work.
> Here is my command:
>
> ldapmodify -w secret -f ldapmodify.ldif
So, if your OpenLDAP is compiled with SASL support, you're trying a SASL
bind, with no SASL configuration in your slapd.conf. If your OpenLDAP is
compiled without SASL support, you're trying a simple bind with a
password but no DN.
Maybe you should try:
ldapmodify -D cn=Manager,dc=my-domain,dc=com -w secret -f
ldapmodify.ldif
or
ldapmodify -x -D cn=Manager,dc=my-domain,dc=com -w secret -f
ldapmodify.ldif
>
> then I get
>
> ldap_bind: Invalid credentials (49)
>
> It seems to be pretty simple but I could not find the problem.
>
> My ldapmodify.ldif file is:
>
>
> dn: o=example.com
This DN won't be able to live under your suffix ...
> objectclass: top
> objectclass: organization
> o: example.com
> description: example corp
>
> dn: ou=Employees,cn=Manager, dc=my-domain,dc=com
This seems a weird DN to have ... and you most likely don't have its
parent in your directory at present.
> objectclass: top
> objectclass: organizationalUnit
> ou: Employees
> description: all employees
>
> dn: uid=user1,ou=Employees,o=example.com
Again, not under your suffix.
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> cn: John Doe
> sn: Doe
> givenname: John
> uid: user1
> userpassword: password
> ou: Employees
> description: user1
>
>
>
>
> My slapd.conf is:
I've kept only the relevant data from your slapd.conf, for reference.
>
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> ucdata-path ./ucdata
> include ./schema/core.schema
[...]
> database bdb
> suffix "dc=my-domain,dc=com"
> rootdn "cn=Manager,dc=my-domain,dc=com"
> rootpw secret
--
Buchan Milne
ISP Systems Specialist
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)