I've been trying to set up the OpenLDAP installed by default on Fedora 12, very unsuccessfully. My ultimate goal is to use LDAP authentication for user login and Apache, using the OpenLDAP server running on the same machine.
The server is running, but the error I always get when I try to use ldapsearch or ldapadd is: ldap_bind: Invalid credentials (49)
I've been following these tutorials, but none of them helped me:
http://www.howtoforge.com/openldap_fedora7
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-ldap-quickstart.html
http://www.howtoforge.com/linux_ldap_authentication
http://docs.fedoraproject.org/deployment-guide/f12/en-US/html/s1-ldap-pam.html
http://www.openldap.org/doc/admin24/quickstart.html
First, some components were already installed, and I installed these with yum:
yum install openldap-servers openldap-devel
Then, I created a basic slapd.conf file in /etc/openldap:
database bdb
suffix "dc=sniejana-sandbox,dc=com"
rootdn "cn=root,dc=sniejana-sandbox,dc=com"
rootpw {SSHA}cxdz55ygPu4T3ykg7dgu+L0VRvsFSeom
directory /var/lib/ldap/sniejana-sandbox.com
I obtained the rootpw with this command:
slappasswd -s changeme
I also created the /var/lib/ldap/sniejana-sandbox.com directory and made sure the entire contents of /var/lib/ldap were owned by the ldap user.
I found two ldap.conf files, one in /etc and one in /etc/openldap. I don't know which is the right one. If I understood correctly, this file is to configure the client. I put this in both:
HOST localhost
BASE dc=sniejana-sandbox,dc=com
I then ran the server with:
service slapd start
It said OK.
Most of the tutorials above say to use the command ldapsearch -D "cn=Manager,dc=my-domain,dc=com" -W to ensure that everything's working. When I execute this command, a password prompt appears, and after entering the password, I get the error.
ldapsearch -D "cn=root,dc=sniejana-sandbox,dc=com" -W
Enter LDAP password:
ldap_bind: Invalid credentials (49)
The same thing happens when trying to use ldapadd. I tried with an encrypted and unencrypted password in slapd.conf, it doesn't change anything. Adding a -x for simple authentication doesn't change anything either.
netstat -ap confirms the server is listening:
tcp 0 0 *:ldap *:* LISTEN 4148/slapd
tcp 0 0 *:ldap *:* LISTEN 4148/slapd
ps -ef|grep slapd confirms the process is running:
ldap 4148 1 0 15:22 ? 00:00:00 /usr/sbin/slapd -h ldap:/// -u ldap
Running slaptest procudes config file testing succeeded.
I read somewhere that the command ldapsearch -x -b '' -s base '(objectclass=*)' namingContext can confirm the server is running. It appears to work:
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContext
#
#
dn:
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
I'm running out of ideas. Am I missing something obvious?
