Installing OpenLDAP: ldap_bind: Invalid credentials (49)

Posted by Arcturus on Server Fault See other posts from Server Fault or by Arcturus
Published on 2010-04-05T14:04:58Z Indexed on 2010/04/05 14:13 UTC
Read the original article Hit count: 376

Filed under:
|
|
|

Hello.

I've been trying to set up the OpenLDAP installed by default on Fedora 12, very unsuccessfully. My ultimate goal is to use LDAP authentication for user login and Apache, using the OpenLDAP server running on the same machine.

The server is running, but the error I always get when I try to use ldapsearch or ldapadd is: ldap_bind: Invalid credentials (49)

I've been following these tutorials, but none of them helped me:

  • http://www.howtoforge.com/openldap_fedora7
  • http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-ldap-quickstart.html
  • http://www.howtoforge.com/linux_ldap_authentication
  • http://docs.fedoraproject.org/deployment-guide/f12/en-US/html/s1-ldap-pam.html
  • http://www.openldap.org/doc/admin24/quickstart.html

First, some components were already installed, and I installed these with yum:

yum install openldap-servers openldap-devel

Then, I created a basic slapd.conf file in /etc/openldap:

database        bdb
suffix          "dc=sniejana-sandbox,dc=com"
rootdn          "cn=root,dc=sniejana-sandbox,dc=com"
rootpw          {SSHA}cxdz55ygPu4T3ykg7dgu+L0VRvsFSeom
directory       /var/lib/ldap/sniejana-sandbox.com

I obtained the rootpw with this command:

slappasswd -s changeme

I also created the /var/lib/ldap/sniejana-sandbox.com directory and made sure the entire contents of /var/lib/ldap were owned by the ldap user.

I found two ldap.conf files, one in /etc and one in /etc/openldap. I don't know which is the right one. If I understood correctly, this file is to configure the client. I put this in both:

HOST localhost
BASE dc=sniejana-sandbox,dc=com

I then ran the server with:

service slapd start

It said OK.

Most of the tutorials above say to use the command ldapsearch -D "cn=Manager,dc=my-domain,dc=com" -W to ensure that everything's working. When I execute this command, a password prompt appears, and after entering the password, I get the error.

ldapsearch -D "cn=root,dc=sniejana-sandbox,dc=com" -W
Enter LDAP password:
ldap_bind: Invalid credentials (49)

The same thing happens when trying to use ldapadd. I tried with an encrypted and unencrypted password in slapd.conf, it doesn't change anything. Adding a -x for simple authentication doesn't change anything either.

netstat -ap confirms the server is listening:

tcp   0   0 *:ldap    *:*       LISTEN      4148/slapd          
tcp   0   0 *:ldap    *:*       LISTEN      4148/slapd

ps -ef|grep slapd confirms the process is running:

ldap   4148  1  0 15:22 ?   00:00:00 /usr/sbin/slapd -h  ldap:/// -u ldap

Running slaptest procudes config file testing succeeded.

I read somewhere that the command ldapsearch -x -b '' -s base '(objectclass=*)' namingContext can confirm the server is running. It appears to work:

# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContext 
#

#
dn:

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

I'm running out of ideas. Am I missing something obvious?

© Server Fault or respective owner

Related posts about openldap

Related posts about fedora