Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OpenLdap (Centos 5.9): Invalid credentials (49)

Tags:

openldap

When i run the next command it's all KO:

ldapsearch -x -b "dc=icm,dc=movismart,dc=com" -D "cn=Manager,dc=icm,dc=movismart,dc=com" -W

But when i run this it's a problem "Invalid Credentials (49)":

ldapsearch -x -b "dc=icm,dc=movismart,dc=com" -D "uid=sysadmin,dc=icm,dc=movismart,dc=com" -W

My slapd.conf:

loglevel 1

include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/nis.schema
include     /etc/openldap/schema/openldap.schema
include     /etc/openldap/schema/dyngroup.schema

allow bind_v2

pidfile     /var/run/openldap/slapd.pid
argsfile    /var/run/openldap/slapd.args

access to attrs=userPassword
    by dn="cn=Manager,dc=icm,dc=movismart,dc=com" write
    by self write
    by anonymous auth
    by * none
access to dn.base="" by * read
access to *
    by dn="cn=Manager,dc=icm,dc=movismart,dc=com" write
    by * read

database    bdb
suffix      "dc=icm,dc=movismart,dc=com"
rootdn      "cn=Manager,dc=icm,dc=movismart,dc=com"
rootpw {SSHA}9xDlp+gBzA2E4EHXb4KXVkylAll7WmZd
directory   /var/lib/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

My structure ldif:

dn: dc=icm,dc=movismart,dc=com
objectClass: domain
objectClass: top
dc: icm

dn: ou=People,dc=icm,dc=movismart,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People
description: Container for user entries

My sysadmin user ldif:

dn: uid=sysadmin,ou=People,dc=icm,dc=movismart,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
uid: sysadmin
cn: System Administrator
sn: sysadmin
userPassword: sysadmin

I probe with plain text, crypt, md5 and ssha userPassword, and nothing.

Thanks a lot!!

like image 260
user3021072 Avatar asked Nov 22 '13 10:11

user3021072


1 Answers

Try doing this:

slappasswd -h {MD5}

Enter the requested password accordingly. Take the output/result and place it into the file:

nano config.ldif

This file should looks like:

dn: cn=config
changetype: modify

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {MD5}inform password

dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess

then make

ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif

To manipulate openldap, then use the command:

ldapadd -x -Y EXTERNAL -H ldapi:// -D cn=admin,cn=config -W -f file

Now it should work.

like image 93
Avanz Avatar answered Nov 10 '22 13:11

Avanz