2

I'm setting up an OpenLDAP server to authenticate users in a domain on Ubuntu 9.04.

What's interesting/strange is that in the newest version of openldap for Ubuntu, the default is not to use the /etc/ldap/slapd.conf file - instead it stores its configs in cn=config in the database (this has lead to some headaches trying to follow tutorials that specify slapd.conf instead of the newer version).

Whenever I try to add to the database using ldapadd, it returns ldap_bind (49) Invalid Credentials (even when I'm sure I'm using the right password).

The database doesn't have anything in it yet, so starting from scratch isn't a problem, I've just encountered this several times (even after reconfiguring slapd). What's the solution?

Cory Plastek
  • 979
  • 2
  • 8
  • 14

2 Answers2

2

Try specifying "-x" on the commandline. By default, the LDAP tools use SASL authentication, -x specifies "simple authentication".

Alex
  • 6,603
  • 1
  • 24
  • 32
  • The command I'm using to try to add some example entries in the db: ldapadd -x -D cn=admin,dc=example,dc=com -W -f example.com.ldif. -x disables SALS authentication, and -W makes sure it prompts for a the administrator password (which I enter). Still no joy. Any other thoughts? – Cory Plastek Jul 14 '09 at 21:33
  • Hmm. I am not familiar with configurations that don't use slapd.conf so I am not entirely sure where to go. Off the top of my head I would try running slapcat to print out the ldif of the database directly and verify that the rootdn matches what you are entering for your bind. – Alex Jul 15 '09 at 00:59
2

I do not know if OpenLDAP returns subcodes on error 49's like Active Directory does. AD returns a subtype of the error code for bad password, versus bad DN.

Are you confident the DN is correct?

geoffc
  • 2,165
  • 5
  • 25
  • 40
  • +1 For coming up with the same answer I figured out. I was using the wrong credentials - should have been using cn=admin,dc=example,dc=com instead of cn=admin,cn=config. Dumb mistake. Easy fix though. – Cory Plastek Jul 15 '09 at 15:25