open ldap configuration on rhel3-u4
Rick Stevens
ricks at nerd.com
Fri Aug 14 01:16:33 UTC 2009
Nilesh Joshi wrote:
> Hi,
>
> I have installed openldap-2.0.27-23 on my server.
>
> I have configured certificate and path is mentioned in slapd.conf file.
>
> I am able to create root DN and also able to add user to it.
>
> When I search using cn=manager,dc=test,dc=com, it gives me correct answers.
> Howere, whenever I search using user id, I see error 49.
>
> ldapsearch -x -b "ou=people,dc=test,dc=com" -D
> "cn=nilesh,ou=people,dc=test,dc=com" -W '(uid=nilesh)'
>
> In logs, I see:
> conn=11 fd=10 ACCEPT from IP=192.168.1.2:53115 (IP=0.0.0.0:389)
> conn=11 op=0 BIND dn="cn=nilesh,ou=people,dc=test,dc=com" method=128
> conn=11 op=0 RESULT tag=97 err=49 text=
> conn=11 fd=10 closed (connection lost)
>
> I would like to have openldap running without sasl.
>
> How should I configure the same? How can I fix this issue?
Error 49 is "invalid credentials," meaning that you didn't hand the
ldapsearch the right password for the user you're trying to bind as.
Try it again, but rather than using the "-W" (interactive) flag, try:
-w 'your-password-here'
If the password has shell metacharacters in it, they may be being
interpreted by the shell before being handed to the ldapsearch command.
Using the -w and the password enclosed in single quotes prevents that.
You also have to make sure that the user you're trying to bind as has
access to the userPassword attribute in the slapd.conf file:
access to attrs=userPassword
by anonymous auth
by self write
by * none
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks at nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- I never drink water because of the disgusting things that fish do -
- in it. -
- -- WC. Fields -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list