Re: a problem of authentication fail in Ubuntu 10.04,slapd 2.4.21

["l.f.hwang" <l.f.hwang@gmail.com>]

hi Dan White,

I'm sorry to reply so late.

I read your email this morning,before that I still try to check the problem out.Last night I figure out a solution by rebuild "/etc/ldap/slapd.d/cn=config" directory:

rm -r /etc/ldap/slapd.d/cn\=config
/etc/init.d/slapd restart

and this problem(Invalid credentials) seem to gone,but another new problem arises.when I run step 5,it's show that:

# ldapsearch -x -D "cn=Manager,dc=cg,dc=scsio,dc=ac,dc=cn" -w "secret"
ldap_bind: Invalid DN syntax (34)
    additional info: invalid DN


I google the solution and found someone said it must be the DN string format error (contain whitespace),but I check and  check again,and it's seem to be OK in format.Maybe there are still somewhere went wrong?

Thank you for your help!


On 2011年01月05日 01:20, Dan White wrote:

On 04/01/11 19:30 +0800, cn_gd@126.com wrote:

hi all,

I 'm install slapd follow bellow steps  in ubuntu 10.04 lucid  strictly:

1. apt-get install slapd

* slapd -V
@(#) $OpenLDAP: slapd 2.4.21 (Aug 10 2010 17:08:36) $
   buildd@yellow:/build/buildd/openldap-2.4.21/debian/build/servers/slapd*

2. dpkg-reconfigure slapd

3.edit  /etc/ldap/slapd.d/cn\=config.ldif

4. cat /etc/ldap/slapd.d/cn\=config.ldif

dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: none
olcPidFile: /var/run/slapd/slapd.pid
structuralObjectClass: olcGlobal

dn: olcDatabase=bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: bdb
olcSuffix: "dc=cg,dc=scsio,dc=ac,dc=cn"
olcDbDirectory:    /home/az/openldap-data
olcRootDN: "cn=Manager,dc=cg,dc=scsio,dc=ac,dc=cn"
olcRootPW: secret

4. /etc/init.d/slapd restart


All step're OK,then I run bellow to test it:

5. ldapsearch -x -D "cn=Manager,dc=cg,dc=scsio,dc=ac,dc=cn" -w "secret" -H ldap://cg.scsio.ac.cn

and it show that error:
*ldap_bind: Invalid credentials (49)

You could increase your log level (olcLogLevel) to get trouble shooting
details.

After having gone through this process myself recently (using slapd.d), and
not being happy with the Debian default config, here's the process I'm
using in a test environment for boot strapping an install, that might spark
some ideas with your config.

My starting configuration is: http://web.olp.net/dwhite/openldap/slapd-new.conf

aptitude install slapd slapd-smbk5pwd

/etc/init.d/slapd stop
mv /etc/ldap/slapd.d /etc/ldap/slapd.d.bak
mv /var/lib/ldap /var/lib/ldap.bak
mkdir /etc/ldap/slapd.d /var/lib/ldap
chown openldap:openldap /etc/ldap/slapd.d /var/lib/ldap
cat > /etc/ldap/ldap.conf << EOF
BASE dc=example,dc=org
URI ldapi:///
EOF

echo "SASL_MECH EXTERNAL" > /root/.ldaprc

sudo -u openldap slapadd << EOF
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example
dc: example

dn: ou=People,dc=example,dc=org
objectClass: top
objectClass: organizationalUnit
ou: People

dn: ou=Groups,dc=example,dc=org
objectClass: top
objectClass: organizationalUnit
ou: Groups

dn: ou=Aliases,dc=example,dc=org
objectClass: top
objectClass: organizationalUnit
ou: Aliases

EOF

sudo -u openldap slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
/etc/init.d/slapd start

-- 
黄龙飞
2011-01-05
_________________________________________________________

地址：　广州市新港西路135号中山大学东北区345栋(510275)
网站：  http://press.sysu.edu.cn
电话：  (020)84113349
传真：  (020)84037215
手机：  13560497211
Email：l.f.hwang@gmail.com

* 在社办公时间：周二、周三 08:15~11:45  14:45~17:15
外出组稿时请直接拨打本人手机，谢谢！