Google
  Web www.spinics.net

Re: open ldap configuration on rhel3-u4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Nilesh Joshi wrote:

Hi,

I have installed openldap-2.0.27-23 on my server.

I have configured certificate and path is mentioned in slapd.conf file.

I am able to create root DN and also able to add user to it.

When I search using cn=manager,dc=test,dc=com, it gives me correct answers.
Howere, whenever I search using user id, I see error 49.

ldapsearch -x -b "ou=people,dc=test,dc=com" -D
"cn=nilesh,ou=people,dc=test,dc=com" -W '(uid=nilesh)'

In logs, I see:
conn=11 fd=10 ACCEPT from IP=192.168.1.2:53115 (IP=0.0.0.0:389)
conn=11 op=0 BIND dn="cn=nilesh,ou=people,dc=test,dc=com" method=128
conn=11 op=0 RESULT tag=97 err=49 text=
conn=11 fd=10 closed (connection lost)

I would like to have openldap running without sasl.

How should I configure the same? How can I fix this issue?
Error 49 is "invalid credentials," meaning that you didn't hand the ldapsearch the right password for the user you're trying to bind as. 
Try it again, but rather than using the "-W" (interactive) flag, try:

	-w 'your-password-here'

If the password has shell metacharacters in it, they may be being
interpreted by the shell before being handed to the ldapsearch command.
Using the -w and the password enclosed in single quotes prevents that.

You also have to make sure that the user you're trying to bind as has
access to the userPassword attribute in the slapd.conf file:

	access to attrs=userPassword
		by anonymous auth
		by self write
		by * none

----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks@xxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
- I never drink water because of the disgusting things that fish do  -
-                                  in it.                            -
-                                                      -- WC. Fields -
----------------------------------------------------------------------

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@xxxxxxxxxx
Subject: unsubscribe

[Red Hat Kickstart]     [Fedora Users]     [Red Hat General]     [Red Hat Development]     [Samba]     [Kernel]     [Kernel Newbies]     [Hot Springs]     [Yosemite News]

Powered by Linux