<div>Thanks Rick.</div> <div> </div> <div>I have checked using -w password. The exact command I tried was:</div> <div><br>ldapsearch -x -b "ou=people,dc=test,dc=com" -D "cn=nilesh,ou=people,dc=test,dc=com" -w password '(uid=nilesh)'</div> <div> </div> <div>Also added:</div> <div> access to attrs=userPassword<br> by anonymous auth<br> by self write<br> by * none</div> <div> </div> <div>However the result was same. I have confirmed that password is password for now.</div> <div> </div> <div>I think, I am missing something in configuration. Can I use LDAP without sasl and if yes, what I need to do?</div> <div> </div> <div>Thanks and Regards,</div> <div>-Nilesh</div> <div> </div> <div><br> </div> <div class="gmail_quote">On Thu, Aug 13, 2009 at 6:16 PM, Rick Stevens <span dir="ltr"><<a href="mailto:ricks@nerd.com">ricks@nerd.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"> <div> <div></div> <div class="h5">Nilesh Joshi wrote:<br> <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Hi,<br><br>I have installed openldap-2.0.27-23 on my server.<br><br>I have configured certificate and path is mentioned in slapd.conf file.<br> <br>I am able to create root DN and also able to add user to it.<br><br>When I search using cn=manager,dc=test,dc=com, it gives me correct answers.<br>Howere, whenever I search using user id, I see error 49.<br><br>ldapsearch -x -b "ou=people,dc=test,dc=com" -D<br> "cn=nilesh,ou=people,dc=test,dc=com" -W '(uid=nilesh)'<br><br>In logs, I see:<br>conn=11 fd=10 ACCEPT from IP=<a href="http://192.168.1.2:53115/" target="_blank">192.168.1.2:53115</a> (IP=<a href="http://0.0.0.0:389/" target="_blank">0.0.0.0:389</a>)<br> conn=11 op=0 BIND dn="cn=nilesh,ou=people,dc=test,dc=com" method=128<br>conn=11 op=0 RESULT tag=97 err=49 text=<br>conn=11 fd=10 closed (connection lost)<br><br>I would like to have openldap running without sasl.<br> <br>How should I configure the same? How can I fix this issue?<br></blockquote><br></div></div>Error 49 is "invalid credentials," meaning that you didn't hand the ldapsearch the right password for the user you're trying to bind as.<br> Try it again, but rather than using the "-W" (interactive) flag, try:<br><br> -w 'your-password-here'<br><br>If the password has shell metacharacters in it, they may be being<br>interpreted by the shell before being handed to the ldapsearch command.<br> Using the -w and the password enclosed in single quotes prevents that.<br><br>You also have to make sure that the user you're trying to bind as has<br>access to the userPassword attribute in the slapd.conf file:<br><br> access to attrs=userPassword<br> by anonymous auth<br> by self write<br> by * none<br><br>----------------------------------------------------------------------<br>- Rick Stevens, Systems Engineer <a href="mailto:ricks@nerd.com" target="_blank">ricks@nerd.com</a> -<br> - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -<br>- -<br>- I never drink water because of the disgusting things that fish do -<br> - in it. -<br>- -- WC. Fields -<br>----------------------------------------------------------------------<br> <br>_______________________________________________<br>Redhat-install-list mailing list<br><a href="mailto:Redhat-install-list@redhat.com" target="_blank">Redhat-install-list@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/redhat-install-list" target="_blank">https://www.redhat.com/mailman/listinfo/redhat-install-list</a><br> To Unsubscribe Go To ABOVE URL or send a message to:<br><a href="mailto:redhat-install-list-request@redhat.com" target="_blank">redhat-install-list-request@redhat.com</a><br>Subject: unsubscribe<br></blockquote></div><br>