1

I am getting error ldap_bind Invalid credentials (49) with openldap. I only installed and configured openldap on centos7. I changed the password couple of time as well. I Know there are many question there on same issue but I tried all of them nothing worked in my case.

As @Piotr suggested i ran:

ldapsearch -H ldapi:/// -Y EXTERNAL -b cn=config '(objectclass=olcDatabaseConfig)' dn olcRootDN olcRootPW

I am getting below output as a result of this command:

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
extended LDIF

LDAPv3
base <cn=config> with scope subtree
filter: (objectclass=olcDatabaseConfig)
requesting: dn=xxx dn=xxx olcrootPW=xxx 


{-1}frontend, config
dn: olcDatabase={-1}frontend,cn=config

{0}config, config
dn: olcDatabase={0}config,cn=config

{1}monitor, config
dn: olcDatabase={1}monitor,cn=config

{2}hdb, config
dn: olcDatabase={2}hdb,cn=config

search result
search: 2
result: 0 Success

numResponses: 5
numEntries: 4
Piotr P. Karwasz
  • 5,748
  • 2
  • 11
  • 21
Umesh Upadhyay
  • 31
  • 1
  • 5
  • What password did you change? Can you add to the question the result of `ldapsearch -H ldapi:/// -Y EXTERNAL -b cn=config '(objectclass=olcDatabaseConfig)' dn olcRootDN olcRootPW` run as `root` (mangle the value of `olcRootPW`, the main question is whether it is set or not). – Piotr P. Karwasz Feb 04 '20 at 21:49
  • @Piotr i edited my question. I changed my password and its is still giving me error same as previous password was giving me. – Umesh Upadhyay Feb 05 '20 at 07:24
  • 2
    You **don't** have an admin username (DN) and password for **slapd**. Those are stored in the [olcRootDN and olcRootPW attributes](https://www.openldap.org/doc/admin24/slapdconf2.html#olcRootDN%3A%20%3CDN%3E) of your database. Can you add the full configuration of your database: `ldapsearch -H ldapi:/// -Y EXTERNAL -b cn=config '(olcDatabase={2}hdb)'`? The only sensitive data is the `olcRootPW` attribute, which you don't have. – Piotr P. Karwasz Feb 05 '20 at 11:38

0 Answers0