Discussion:
do_bind: invalid dn
Joshua Lim
2010-05-05 18:51:37 UTC
Permalink
Hi, I'm a newbie, downloaded a Windows compilation of OpenLDAP v2.4.18
from http://www.userbooster.de/en/download/openldap-for-windows.aspx

Am having some problems trying to get a client to bind to my setup, the
error is: do_bind: invalid dn

Hope to receive some pointers. Thanks. : )


My slapd.conf (i basically used the default, only suffix, rootdn and
rootpw is changed):
********************************
database bdb
suffix "dc=click,dc=com"
rootdn "cn=wael,dc=click,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw password
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory ./data
dirtyread
searchstack 20
# Indices to maintain
index mail pres,eq
index objectclass pres
index default eq,sub
index sn eq,sub,subinitial
index telephonenumber
index cn
********************

openldap.log:
********************
OpenLDAP 2.4.18 Standalone LDAP Server (slapd)daemon_init: listen on
ldap://JOSHUA:389
daemon_init: listen on ldaps://JOSHUA:636
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap://JOSHUA:389)
daemon: listener initialized ldap://JOSHUA:389
ldap_url_parse_ext(ldaps://JOSHUA:636)
daemon: listener initialized ldaps://JOSHUA:636
daemon_init: 6 listeners opened
ldap_create
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007)
==>sql_back_initialize()
<==sql_back_initialize()
bdb_db_init: Initializing BDB database
dnPrettyNormal: <dc=click,dc=com>
<<< dnPrettyNormal: <dc=click,dc=com>, <dc=click,dc=com>
dnPrettyNormal: <cn=wael,dc=click,dc=com>
<<< dnPrettyNormal: <cn=wael,dc=click,dc=com>, <cn=wael,dc=click,dc=com>
dnNormalize: <cn=Subschema>
<<< dnNormalize: <cn=subschema>
matching_rule_use_init
................
slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "cn={1}cosine"
config_build_entry: "cn={2}nis"
config_build_entry: "cn={3}inetorgperson"
config_build_entry: "cn={4}openldap"
config_build_entry: "cn={5}dyngroup"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}bdb"
backend_startup_one: starting "dc=click,dc=com"
bdb_db_open: warning - no DB_CONFIG file found in directory ./data: (2).
Expect poor performance for suffix "dc=click,dc=com".
bdb_db_open: database "dc=click,dc=com": dbenv_open(./data).
bdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
slapd starting
slap_listener(ldap://JOSHUA:389)
connection_get(8): got connid=0
connection_read(8): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 20 contents:
op tag 0x60, time 1273085183
ber_get_next
conn=0 op=0 do_bind
dnPrettyNormal: <wael>
conn=0 op=0 do_bind: invalid dn (wael)
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=34
ber_flush2: 32 bytes to sd 2124
connection_get(8): got connid=0
connection_read(8): checking for input on id=0
ber_get_next
ber_get_next on fd 8 failed errno=0 (unknown WSA error)
connection_close: conn=0 sd=8
********************
Michael Ströder
2010-05-06 21:15:32 UTC
Permalink
Post by Joshua Lim
dnPrettyNormal: <wael>
conn=0 op=0 do_bind: invalid dn (wael)
It seems to me you just use 'wael' without the quotes as bind-DN. But this has
to be a full distinguished name like cn=wael,dc=click,dc=com in your case.

Ciao, Michael.
Quanah Gibson-Mount
2010-05-06 21:49:41 UTC
Permalink
--On Thursday, May 06, 2010 2:51 AM +0800 Joshua Lim
Post by Joshua Lim
Hi, I'm a newbie, downloaded a Windows compilation of OpenLDAP v2.4.18
from http://www.userbooster.de/en/download/openldap-for-windows.aspx
Am having some problems trying to get a client to bind to my setup, the
error is: do_bind: invalid dn
conn=0 op=0 do_bind: invalid dn (wael)
What would have been helpful is how you were operating the bind.

"wael" is clearly not a valid DN, which is why you get the error you are
getting. I would expect something more like:

"cn=wael,dc=click,dc=com"

etc.

--Quanah



--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
Buchan Milne
2010-05-06 20:57:31 UTC
Permalink
Post by Joshua Lim
Hi, I'm a newbie, downloaded a Windows compilation of OpenLDAP v2.4.18
from http://www.userbooster.de/en/download/openldap-for-windows.aspx
Am having some problems trying to get a client to bind to my setup, the
error is: do_bind: invalid dn
Hope to receive some pointers. Thanks. : )
My slapd.conf (i basically used the default, only suffix, rootdn and
********************************
database bdb
suffix "dc=click,dc=com"
rootdn "cn=wael,dc=click,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw password
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory ./data
dirtyread
searchstack 20
# Indices to maintain
index mail pres,eq
index objectclass pres
index default eq,sub
index sn eq,sub,subinitial
index telephonenumber
index cn
[...]

You don't say if/how/what you loaded data into the directory, so the only
assumption we can make is that you were trying to connect as Root DN.
Post by Joshua Lim
conn=0 op=0 do_bind: invalid dn (wael)
"wael" is not a DN. Most likely, you want to bind as:
cn=wael,dc=click,dc=com

For example, if you have ldapsearch available on the same host, something
like:

ldapsearch -x -D cn=wael,dc=click,dc=com -h localhost -W -b '' namingContexts

(one of the few searches you can currently do that would produce some output).

Now, until you can explain to yourself what the above command does, you may
want to spend more time reading than configuring ....

Regards,
Buchan
Joshua Lim
2010-05-10 15:51:00 UTC
Permalink
Post by Buchan Milne
Post by Joshua Lim
Hi, I'm a newbie, downloaded a Windows compilation of OpenLDAP v2.4.18
from http://www.userbooster.de/en/download/openldap-for-windows.aspx
Am having some problems trying to get a client to bind to my setup, the
error is: do_bind: invalid dn
Hope to receive some pointers. Thanks. : )
My slapd.conf (i basically used the default, only suffix, rootdn and
********************************
database bdb
suffix "dc=click,dc=com"
rootdn "cn=wael,dc=click,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw password
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory ./data
dirtyread
searchstack 20
# Indices to maintain
index mail pres,eq
index objectclass pres
index default eq,sub
index sn eq,sub,subinitial
index telephonenumber
index cn
[...]
You don't say if/how/what you loaded data into the directory, so the only
assumption we can make is that you were trying to connect as Root DN.
Joshua > Hi Buchan, thanks for replying. No data, I've not come to that
yet. Yes, I'm connecting as Root DN.
Post by Buchan Milne
Post by Joshua Lim
conn=0 op=0 do_bind: invalid dn (wael)
cn=wael,dc=click,dc=com
For example, if you have ldapsearch available on the same host, something
ldapsearch -x -D cn=wael,dc=click,dc=com -h localhost -W -b '' namingContexts
Joshua > localhost didn't work, i used my pc name and got:

ldap_bind: Invalid credentials (49)
Post by Buchan Milne
Post by Joshua Lim
slap_listener(ldap://JOSHUAPC:389)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 47 contents:
op tag 0x60, time 1273506428
ber_get_next
conn=0 op=0 do_bind
Post by Buchan Milne
Post by Joshua Lim
dnPrettyNormal: <cn=wael,dc=click,dc=com>
<<< dnPrettyNormal: <cn=wael,dc=click,dc=com>, <cn=wael,dc=click,dc=com>
do_bind: version=3 dn="cn=wael,dc=click,dc=com" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 22 bytes to sd 2140
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next on fd 10 failed errno=0 (unknown WSA error)
connection_close: conn=0 sd=10
Joshua Lim
2010-05-17 17:21:18 UTC
Permalink
Any thoughts? I tried the following, entered the correct password
'password' and got:
ldap_bind: Invalid credentials (49)

ldapsearch -x -D cn=wael,dc=click,dc=com -h localhost -W -b ''
namingContexts
Post by Joshua Lim
Post by Buchan Milne
slap_listener(ldap://JOSHUAPC:389)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 47 contents:
op tag 0x60, time 1273506428
ber_get_next
conn=0 op=0 do_bind
Post by Joshua Lim
Post by Buchan Milne
dnPrettyNormal: <cn=wael,dc=click,dc=com>
<<< dnPrettyNormal: <cn=wael,dc=click,dc=com>, <cn=wael,dc=click,dc=com>
do_bind: version=3 dn="cn=wael,dc=click,dc=com" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 22 bytes to sd 2140
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next on fd 10 failed errno=0 (unknown WSA error)
connection_close: conn=0 sd=10


My slapd.conf (i basically used the default, only suffix, rootdn and
rootpw is changed):
********************************
database bdb
suffix "dc=click,dc=com"
rootdn "cn=wael,dc=click,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw password
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory ./data
dirtyread
searchstack 20
# Indices to maintain
index mail pres,eq
index objectclass pres
index default eq,sub
index sn eq,sub,subinitial
index telephonenumber
index cn
Post by Joshua Lim
Post by Buchan Milne
Hi, I'm a newbie, downloaded a Windows compilation of OpenLDAP v2.4.18
from http://www.userbooster.de/en/download/openldap-for-windows.aspx
Am having some problems trying to get a client to bind to my setup, the
error is: do_bind: invalid dn
Hope to receive some pointers. Thanks. : )
My slapd.conf (i basically used the default, only suffix, rootdn and
********************************
database bdb
suffix "dc=click,dc=com"
rootdn "cn=wael,dc=click,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw password
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory ./data
dirtyread
searchstack 20
# Indices to maintain
index mail pres,eq
index objectclass pres
index default eq,sub
index sn eq,sub,subinitial
index telephonenumber
index cn
[...]
You don't say if/how/what you loaded data into the directory, so the
only assumption we can make is that you were trying to connect as
Root DN.
Joshua > Hi Buchan, thanks for replying. No data, I've not come to
that yet. Yes, I'm connecting as Root DN.
Post by Buchan Milne
conn=0 op=0 do_bind: invalid dn (wael)
cn=wael,dc=click,dc=com
For example, if you have ldapsearch available on the same host,
ldapsearch -x -D cn=wael,dc=click,dc=com -h localhost -W -b '' namingContexts
ldap_bind: Invalid credentials (49)
Post by Buchan Milne
slap_listener(ldap://JOSHUAPC:389)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
op tag 0x60, time 1273506428
ber_get_next
conn=0 op=0 do_bind
Post by Buchan Milne
dnPrettyNormal: <cn=wael,dc=click,dc=com>
<<< dnPrettyNormal: <cn=wael,dc=click,dc=com>, <cn=wael,dc=click,dc=com>
do_bind: version=3 dn="cn=wael,dc=click,dc=com" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 22 bytes to sd 2140
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next on fd 10 failed errno=0 (unknown WSA error)
connection_close: conn=0 sd=10
Joshua Lim
2010-05-19 14:26:10 UTC
Permalink
-----Original Message-----
Sent: Monday, May 17, 2010 12:21 PM
Subject: Re: do_bind: invalid dn
Any thoughts? I tried the following, entered the correct password
ldap_bind: Invalid credentials (49)
ldapsearch -x -D cn=wael,dc=click,dc=com -h localhost -W -b ''
namingContexts
slap_listener(ldap://JOSHUAPC:389)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
op tag 0x60, time 1273506428
ber_get_next
conn=0 op=0 do_bind
dnPrettyNormal: <cn=wael,dc=click,dc=com>
<<< dnPrettyNormal: <cn=wael,dc=click,dc=com>, <cn=wael,dc=click,dc=com>
do_bind: version=3 dn="cn=wael,dc=click,dc=com" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 22 bytes to sd 2140
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next on fd 10 failed errno=0 (unknown WSA error)
connection_close: conn=0 sd=10
My slapd.conf (i basically used the default, only suffix, rootdn and
********************************
database bdb
suffix "dc=click,dc=com"
rootdn "cn=wael,dc=click,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw password
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory ./data
dirtyread
searchstack 20
# Indices to maintain
index mail pres,eq
index objectclass pres
index default eq,sub
index sn eq,sub,subinitial
index telephonenumber
index cn
--------------------------------------------------------------------------
I may be wrong but I believe your rootpw value needs to be a hash value. Use slappasswd to generate one and then replace password with it. Restart the service and let me know if you experience the same issue.
Regards,
Dan
Thanks Dan, yes, that was the reason. :)

Loading...