openldap nightmare

Norman Gaywood ngaywood at une.edu.au
Mon Nov 5 21:52:25 UTC 2007 

On Mon, Nov 05, 2007 at 02:25:55PM -0700, Craig White wrote:
> On Mon, 2007-11-05 at 21:19 +0000, Timothy Murphy wrote:
> > I've spent today trying to get openldap running under Fedora 7.
> > The documentation is unbelievably bad -
> > even worse than sendmail, the previous winner.
> > It is almost as incomprehensible as my VHS manual in Japanese.

It's like most man pages, bad for starting out, great for reference.

> > Anyway, I've got to the stage where I'm trying to install
> > an address book with ldapadd with
> > [root at alfred tim]#
> > ldapadd -x -D 'cn=Manager,dc=alfred,dc=gayleard,dc=com' -W -f /etc/openldap/addressbook.ldif
> > Enter LDAP Password:
> > and I get the error
> > ldap_bind: Invalid credentials (49)

You are trying to bind as "cn=Manager,dc=alfred,dc=gayleard,dc=com" and
it did not like the password you gave.

> > which I find slightly baffling since ldapsearch seems to work ok:
> > 
> > [root at alfred tim]# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

That is an anonymous bind. OK for reading.

> > So what sort of credentials do they want?
> ----
> whatever the password that is set for the bind address (-D
> 'cn=Manager,dc=alfred,dc=galeard,dc=com)

And that password is usually set in the /etc/openldap/slapd.conf
configuration file. You should see the lines:

rootdn          "cn=Manager,dc=alfred,dc=gayleard,dc=com"
rootpw          secret

If you don't want a plaintext password in the config file, you can
generate a password hash with the slappasswd command:

# slappasswd 
New password: 
Re-enter new password: 
{SSHA}94+CSjT15Xt0sCu3EoTpQf8c9ZKkS6px

Then cut that output and replace it in the rootpw line of
/etc/openldap/slapd.conf

rootpw {SSHA}94+CSjT15Xt0sCu3EoTpQf8c9ZKkS6px

> Recommendation...
> 
> LDAP System Administration by Gerald Carter
> 
> simplifies everything

+1

Great book.

-- 
Norman Gaywood, Systems Administrator
University of New England, Armidale, NSW 2351, Australia

ngaywood at une.edu.au            Phone: +61 (0)2 6773 3337
http://mcs.une.edu.au/~norm    Fax:   +61 (0)2 6773 3312

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

More information about the fedora-list mailing list