Discussion:
Authentication Issue
Richard Golding
2010-03-12 07:24:31 UTC
Permalink
I am trying to setup a server and running into an issue whereby I cannot authenticate using the rootdn. (I am new to OPENLDAP so apologies in advance if this is a basic question)

The problem is I get "Invalid Credentials" returned


Here is an excerpt from my Slapd.conf file

database bdb
suffix "dc=my-domain,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
rootpw {crypt}ijFYNcSNctBYg

And here is the OpenLDAP command I run:

[***@localhost rgolding]# ldapadd -D cn=Manager,dc=my-domain,dc=com -w secret -f /tmp/newentry
ldap_bind: Invalid credentials (49)
[***@localhost rgolding]#

And here is the LDAP entry I am trying to add:


[***@localhost rgolding]# more /tmp/newentry

dn: cn=Barbara Jensen,dc=my-domain,dc=com
ObjectClass: person
cn: Barbara Jensen
cn: Babs Jensen
sn: Jensen
title: the world's most famous mythical manager
mail: ***@example.com
uid: bjensen


Thanks in advance


Richard
Quanah Gibson-Mount
2010-03-12 17:22:14 UTC
Permalink
--On Friday, March 12, 2010 7:24 AM +0000 Richard Golding
Post by Richard Golding
I am trying to setup a server and running into an issue whereby I cannot
authenticate using the rootdn. (I am new to OPENLDAP so apologies in
advance if this is a basic question)
The problem is I get "Invalid Credentials" returned
Here is an excerpt from my Slapd.conf file
database bdb
suffix "dc=my-domain,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
rootpw {crypt}ijFYNcSNctBYg
Don't use crypt passwords. Use the slappasswd command to generate yourself
a nice SSHA hash.

--Quanah



--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount
2010-03-16 17:43:52 UTC
Permalink
--On Tuesday, March 16, 2010 5:42 PM +0000 Richard Golding
Many Thanks - That did the trick
Glad to hear it worked. Please keep replies at least cc'd to the list
though. Thanks!

--Quanah
Post by Quanah Gibson-Mount
--On Friday, March 12, 2010 7:24 AM +0000 Richard Golding
Post by Richard Golding
I am trying to setup a server and running into an issue whereby I cannot
authenticate using the rootdn. (I am new to OPENLDAP so apologies in
advance if this is a basic question)
The problem is I get "Invalid Credentials" returned
Here is an excerpt from my Slapd.conf file
database bdb
suffix "dc=my-domain,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
rootpw {crypt}ijFYNcSNctBYg
Don't use crypt passwords. Use the slappasswd command to generate
yourself a nice SSHA hash.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration

tjoen
2010-03-12 18:07:14 UTC
Permalink
Post by Richard Golding
The problem is I get "Invalid Credentials" returned
Here is an excerpt from my Slapd.conf file
...
Post by Richard Golding
rootpw secret
rootpw {crypt}ijFYNcSNctBYg
Maybe you should comment those and replace it by
$ /usr/sbin/slappasswd -h {SSHA} -s secret
{SSHA}TDoz/xGx/ccKS94s0+uXLWIZ04XRd2E4

Because I get problems with
$ /usr/sbin/slappasswd -h {CRYPT} -s secret
Password generation failed for scheme {CRYPT}: scheme not recognized
Loading...