OpenLDAP configuration error ldap_bind: Invalid credentials (49)

10,608

Have you tried to connect via CLI?

ldapsearch -x -D "cn=admin,dc=home,dc=local" -W -h <hostname>

Do check your syslog, slapd by default logs its output there.

You can also use slapcat, which must be executed locally, to know whether your database was created or not (slapd would break if otherwise, anyway). It will output the first database avaliable. Use the flag -n to extract an specific database:

slapcat -n <database number>

My bets are that you're authenticating against the wrong database.

Share:
10,608
PLS
Author by

PLS

Check my Lattes profile http://buscatextual.cnpq.br/buscatextual/visualizacv.jsp?id=K4461668H9

Updated on August 23, 2022

Comments

  • PLS
    PLS over 1 year

    I'm using Ubuntu 10.4 server and I'm trying to configure OpenLDAP as a protocol for authentication for SVN and other services. However I quite don't understand how ldap works and after setting a example config I tried to populate it without success. This is the error:

    ldap_bind: Invalid credentials (49)
    

    It seems to be example config problem, more precisely with the admin configuration. However I tried to change it using cryptographic password but got no results. Code config bellow

        # Load modules for database type
        dn: cn=module,cn=config
        objectclass: olcModuleList
        cn: module
        olcModuleLoad: back_bdb.la
    
        # Create directory database
        dn: olcDatabase=bdb,cn=config
        objectClass: olcDatabaseConfig
        objectClass: olcBdbConfig
        olcDatabase: bdb
    
       # Domain name (e.g. home.local)
       olcSuffix: dc=home,dc=local
    
       # Location on system where database is stored
       olcDbDirectory: /var/lib/ldap
    
       # Manager of the database
       olcRootDN: cn=admin,dc=home,dc=local
       olcRootPW: admin
    
       # Indices in database to speed up searches
       olcDbIndex: uid pres,eq
       olcDbIndex: cn,sn,mail pres,eq,approx,sub
       olcDbIndex: objectClass eq
    
       # Allow users to change their own password
       # Allow anonymous to authenciate against the password
       # Allow admin to change anyone's password
       olcAccess: to attrs=userPassword
       by self write
       by anonymous auth
       by dn.base="cn=admin,dc=home,dc=local" write
       by * none
    
       # Allow users to change their own record
       # Allow anyone to read directory
       olcAccess: to *
       by self write
       by dn.base="cn=admin,dc=home,dc=local" write
       by * read