[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind: Invalid credentials (49)


I have already a  cn=admin,dc=example,dc=com to add/modify my users/groups in ldap.
And I don't have a olcAuthzRegexp configured
But I could add the samba.schema in my ldap server with
ldapadd -Y external -H ldapi:/// -f /tmp/cn\=samba.ldif

No password was asked? Is this normal?


On 01/24/2014 12:12 AM, Joshua Schaeffer wrote:
Debian Wheezy's package does include sasl external auth by default, so you should be able to use Dan's suggestion.  Also you can run dpkg-reconfigure slapd to set an admin account (cn=admin,dc=example,dc=com) and a password for your bdb or hdb database.  However you wouldn't want to use that account anyway to add a schema as that needs to be added to the cn=schema,cn=config directory.

On Thu, Jan 23, 2014 at 10:19 AM, Dan White <dwhite@olp.net> wrote:
On 01/23/14 18:01 +0100, W Forum W wrote:
I try to add the samba.schema in my openldap server (Debian Wheezy),
default installed.
slapd: 2.4.31
ldap-utils 2.4.31

I followed this tutorial

I can use ldapsearch, ldapadd and ldapmodify with my
cn=admin,dc=example,dc=com password
but when I try to add the new schema to the directory with

ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\=samba.ldif

I get
ldap_bind: Invalid credentials (49)

Is there a different password for cn=admin,cn=config? I was never asked
to create it.
And how can I change it if necessary?

Use 'slapcat -n0' to view your existing configuration. You may have an
olcAuthzRegexp configured to allow sasl external authentication over your
ldapi unix socket. If so, try:

ldapadd -Y external -H ldapi:/// -f /tmp/cn\=samba.ldif

Dan White