Installing OpenLDAP on Fedora 12: ldap_bind: Invalid credentials (49)

15,872

Aha! My problem is solved! I just need to delete the directory using rm -rf /etc/openldap/slapd.d. This will force OpenLDAP to look for my slapd.conf file while starting the service.

Share:
15,872

Related videos on Youtube

Admin
Author by

Admin

Updated on November 19, 2022

Comments

  • Admin
    Admin 12 months

    I've been trying to set up the OpenLDAP installed by default on Fedora 12, very unsuccessfully. My ultimate goal is to use LDAP authentication for user login and Apache, using the OpenLDAP server running on the same machine.

    The server is running, but the error I always get when I try to use ldapsearch or ldapadd is: ldap_bind: Invalid credentials (49)

    I've been following these tutorials, but none of them helped me:

    • http://www.howtoforge.com/openldap_fedora7
    • http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-ldap-quickstart.html
    • http://www.howtoforge.com/linux_ldap_authentication
    • http://docs.fedoraproject.org/deployment-guide/f12/en-US/html/s1-ldap-pam.html
    • http://www.openldap.org/doc/admin24/quickstart.html

    First, some components were already installed, and I installed these with yum:

    yum install openldap-servers openldap-devel
    

    Then, I created a basic slapd.conf file in /etc/openldap:

    database        bdb
    suffix          "dc=sniejana-sandbox,dc=com"
    rootdn          "cn=root,dc=sniejana-sandbox,dc=com"
    rootpw          {SSHA}cxdz55ygPu4T3ykg7dgu+L0VRvsFSeom
    directory       /var/lib/ldap/sniejana-sandbox.com
    

    I obtained the rootpw with this command:

    slappasswd -s changeme
    

    I also created the /var/lib/ldap/sniejana-sandbox.com directory and made sure the entire contents of /var/lib/ldap were owned by the ldap user.

    I found two ldap.conf files, one in /etc and one in /etc/openldap. I don't know which is the right one. If I understood correctly, this file is to configure the client. I put this in both:

    HOST localhost
    BASE dc=sniejana-sandbox,dc=com
    

    I then ran the server with:

    service slapd start
    

    It said OK.

    Most of the tutorials above say to use the command ldapsearch -D "cn=Manager,dc=my-domain,dc=com" -W to ensure that everything's working. When I execute this command, a password prompt appears, and after entering the password, I get the error.

    ldapsearch -D "cn=root,dc=sniejana-sandbox,dc=com" -W
    Enter LDAP password:
    ldap_bind: Invalid credentials (49)
    

    The same thing happens when trying to use ldapadd. I tried with an encrypted and unencrypted password in slapd.conf, it doesn't change anything. Adding a -x for simple authentication doesn't change anything either.

    netstat -ap confirms the server is listening:

    tcp   0   0 *:ldap    *:*       LISTEN      4148/slapd          
    tcp   0   0 *:ldap    *:*       LISTEN      4148/slapd
    

    ps -ef|grep slapd confirms the process is running:

    ldap   4148  1  0 15:22 ?   00:00:00 /usr/sbin/slapd -h  ldap:/// -u ldap
    

    Running slaptest procudes config file testing succeeded.

    I read somewhere that the command ldapsearch -x -b '' -s base '(objectclass=*)' namingContext can confirm the server is running. It appears to work:

    # extended LDIF
    #
    # LDAPv3
    # base <> with scope baseObject
    # filter: (objectclass=*)
    # requesting: namingContext 
    #
    
    #
    dn:
    
    # search result
    search: 2
    result: 0 Success
    
    # numResponses: 2
    # numEntries: 1
    

    I'm running out of ideas. Am I missing something obvious?

  • Admin
    Admin over 13 years
    Indeed, that works. Removing /etc/openldap/slapd.d causes openldap to load /etc/openldap/slapd.conf. Thank you.
  • Admin
    Admin over 11 years
    You don't need remove a /etc/openldap/slapd.d directory, but you can add as parameter for slapd -f /etc/openldap/slapd.conf.