Installing OpenLDAP on Fedora 12: ldap_bind: Invalid credentials (49)
Aha! My problem is solved! I just need to delete the directory using rm -rf /etc/openldap/slapd.d
. This will force OpenLDAP to look for my slapd.conf
file while starting the service.
Related videos on Youtube
Admin
Updated on November 19, 2022Comments
-
Admin 12 months
I've been trying to set up the OpenLDAP installed by default on Fedora 12, very unsuccessfully. My ultimate goal is to use LDAP authentication for user login and Apache, using the OpenLDAP server running on the same machine.
The server is running, but the error I always get when I try to use ldapsearch or ldapadd is: ldap_bind: Invalid credentials (49)
I've been following these tutorials, but none of them helped me:
- http://www.howtoforge.com/openldap_fedora7
- http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-ldap-quickstart.html
- http://www.howtoforge.com/linux_ldap_authentication
- http://docs.fedoraproject.org/deployment-guide/f12/en-US/html/s1-ldap-pam.html
- http://www.openldap.org/doc/admin24/quickstart.html
First, some components were already installed, and I installed these with yum:
yum install openldap-servers openldap-devel
Then, I created a basic slapd.conf file in /etc/openldap:
database bdb suffix "dc=sniejana-sandbox,dc=com" rootdn "cn=root,dc=sniejana-sandbox,dc=com" rootpw {SSHA}cxdz55ygPu4T3ykg7dgu+L0VRvsFSeom directory /var/lib/ldap/sniejana-sandbox.com
I obtained the rootpw with this command:
slappasswd -s changeme
I also created the
/var/lib/ldap/sniejana-sandbox.com
directory and made sure the entire contents of/var/lib/ldap
were owned by the ldap user.I found two ldap.conf files, one in /etc and one in /etc/openldap. I don't know which is the right one. If I understood correctly, this file is to configure the client. I put this in both:
HOST localhost BASE dc=sniejana-sandbox,dc=com
I then ran the server with:
service slapd start
It said OK.
Most of the tutorials above say to use the command
ldapsearch -D "cn=Manager,dc=my-domain,dc=com" -W
to ensure that everything's working. When I execute this command, a password prompt appears, and after entering the password, I get the error.ldapsearch -D "cn=root,dc=sniejana-sandbox,dc=com" -W Enter LDAP password: ldap_bind: Invalid credentials (49)
The same thing happens when trying to use ldapadd. I tried with an encrypted and unencrypted password in slapd.conf, it doesn't change anything. Adding a -x for simple authentication doesn't change anything either.
netstat -ap confirms the server is listening:
tcp 0 0 *:ldap *:* LISTEN 4148/slapd tcp 0 0 *:ldap *:* LISTEN 4148/slapd
ps -ef|grep slapd confirms the process is running:
ldap 4148 1 0 15:22 ? 00:00:00 /usr/sbin/slapd -h ldap:/// -u ldap
Running slaptest procudes config file testing succeeded.
I read somewhere that the command
ldapsearch -x -b '' -s base '(objectclass=*)' namingContext
can confirm the server is running. It appears to work:# extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: namingContext # # dn: # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
I'm running out of ideas. Am I missing something obvious?
-
Admin over 13 yearsIndeed, that works. Removing /etc/openldap/slapd.d causes openldap to load /etc/openldap/slapd.conf. Thank you.
-
Admin over 11 yearsYou don't need remove a /etc/openldap/slapd.d directory, but you can add as parameter for
slapd
-f /etc/openldap/slapd.conf
.