Enter LDAP Password keeps saying ldap_bind: Invalid credentials (49)

Question

I looked everywhere for a solution to my problem but still didn't find it. I have these two simple files as sladp.conf and mytree.ldif and when i try to add something to mytree.ldif it keeps asking me for a password (which i believe is roopw defined in slapd.conf) but it doesn't work. I really need help with this.

These are my files:

slapd.conf

database dbd
suffix "dc=ers,dc=uminho,dc=pt"
rootdn "cn=Manager,dc=ers,dc=uminho,dc=pt"
rootpw ersadmin
directory /usr/local/var/openldap-data

mytree.ldif

dn: dc=ers, dc=uminho, dc=pt
objectclass: dcObject
objectclass: organization
o: ERS
dc: ers

dn: cn=Manager,dc=ers,dc=uminho,dc=pt
objectclass: organizationalRole
cn: Manager

And this is what i'm trying to do and my response:

sudo ldapadd -x -D "cn=Manager,dc=ers,dc=uminho,dc=pt" -W -f /etc/ldap/mytree.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

I already tried to encrypt the password using

slappasswd -h {SHA} -s ersadmin

and changing my slapd.conf file

password-hash   {SHA}
rootpw  {SHA}pLEBIPx4rW3eebpwACBGAZkNH4CVBRGW

but it didn't work. Thanks in advance.

Answer 1

This question may be better suited for http://serverfault.com.

It seems your problem is with the bind (authentication) phase, so you should test with ldapsearch and get that working before you try to modify the database. Try:

ldapsearch -x -D cn=Manager,dc=ers,dc=uminho,dc=pt -w ersadmin

Assuming this gives you the same error, check your OpenLDAP logfile (by default it logs to syslog, although this is system dependent). See if the connection even gets to the server and see why it is rejecting it. If the logfile doesn't give you enough information, enable more debug logging in slapd.conf (trace/acl).

If it's not even seeing the connection, you may be authenticating to some other server, this is usually configured in ${prefix}/etc/ldap.conf.

Also make sure your slapd is actually using your slapd.conf and not another configuration source (it may be using slapd.d or a slapd.conf in a different location).

In addition to the logfile, please also always specify which version of OpenLDAP you are using, as there are vast differences between 2.3 and 2.4 (and even between minor versions).

Answer 2

I have faced the issue many times and here the solution check for the rootpw in slapd.conf what you have entered like the below,means space will be added between by chance

just copy the below and restart the ldap service

database        bdb
suffix          "dc=ldaptest,dc=com"
rootdn          "cn=Manager,dc=ldaptest,dc=com"
rootpw          {SSHA}Bnrl4t23XQxT3uzlC9AxO+hm6DNpps`Hello`

the above in my case change your Distinguished name based on your case,please lemme know once resolved