[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: Object not found




From:	espeake@oreillyauto.com
To:	Quanah Gibson-Mount <quanah@zimbra.com>
Cc:	Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>,
            openldap-technical@openldap.org
Date:	08/29/2013 06:39 PM
Subject:	Re: Antw: Re: Object not found
Sent by:	openldap-technical-bounces@OpenLDAP.org




To: espeake@oreillyauto.com
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: 08/29/2013 05:55PM
Cc: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>,
openldap-technical@openldap.org
Subject: Re: Antw: Re: Object not found

--On Thursday, August 29, 2013 2:30 PM -0500 espeake@oreillyauto.com wrote:

> Quanah,
>
> I have retyped the password a couple of times to be sure I didn't
> fat-finger the password.   I have a 3 node n-way multimaster cluster that
> working with replication on all changes with no issues other than the
> authentication.  I changed the password for the user on one server and
> checked the other two making sure the password hash replicated to the
> other servers and it did with no problems.  I tried the ldapsearch with
> two system users that will be used against the ldap server with the same
> result for both.  The only user that will authenticate is the DB rootDN
> user.  And of course that password is stored in the config.
>
> Any ideas on what I can check on next.  I tried changing the logging to
-1
> to get everything, but I just wasn't seeing anything that looked helpful.

So, as someone else noted, if your previous OpenLDAP version used a {crypt}

type hash, the newer build of OpenLDAP may not support {crypt} type
passwords.  So, my suggestion was you modify the password of the user who
can't bind.  You can do this using the rootdn and the ldappasswd utility.

--Quanah

--

Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration


Sorry that I was unclear.  I have changed the password and I still the
invalid credentials error.

Thanks,
Eric
--
This message has been scanned for viruses and dangerous content,
and is believed to be clean.
  Message id: 879D0600DEB.AF5BB

I came across something might explain what is causing the authentication
issue.  In looking at the readOnlyUser that is not authenticating on my new
server running openladap 2.4.31 and my old server running openldap 2.4.21
is the password hash.  When decode the provided password hash the old
server returns that the the password was generated with a standard hash and
on the new server it is a salted hash.  I have looked through ppolicy from
my slapcat.ldif file and I don't see anything there dealing with password
storage. I am trying to figure out how I can toggle the salt hash off to do
further testing.

Thanks,
Eric


This communication and any attachments are confidential, protected by
Communications Privacy Act 18 USCS § 2510, solely for the use of the
intended recipient, and may contain legally privileged material. If you are
not the intended recipient, please return or destroy it immediately. Thank
you.
This communication and any attachments are confidential, protected by
Communications Privacy Act 18 USCS § 2510, solely for the use of the
intended recipient, and may contain legally privileged material. If you are
not the intended recipient, please return or destroy it immediately. Thank
you.
-- This message has been scanned for viruses and dangerous content, and is
believed to be clean. Message id: D3D8E600DEA.A3662

This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.