0

I installed OpenLDAP on a CentOS7 machine, I can log on locally on the server, so user exists (in passwd). I also run the following LDAP command: 

#ldapsearch -h localhost -x cn=ldapuser01 -b "dc=example,dc=com"

and I get a result:

# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: cn=ldapuser01
# requesting: ALL
#

# ldapuser01, Group, example.com
dn: cn=ldapuser01,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser01
userPassword:: ffffsomesdatafff=
gidNumber: 1001

# ldapuser01, People, example.com
dn: uid=ldapuser01,ou=People,dc=example,dc=com
uid: ldapuser01
cn: ldapuser01
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: ffffffffffffffffffsome dataffffffffffffffffffffff
shadowLastChange: 17910
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/guests/ldapuser01

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

so user exists even in ldap directory.

But when I try to authenticate 

#ldapsearch -h localhost -x cn=ldapuser01 -b "dc=example,dc=com" -D "cn=ldapuser01,ou=Group,dc=example,dc=com" -w <my password>

I get error 49 invalid credentials

How can I solve this?

Additional info: I migrated local users and groups with migrationtools (to make a .ldif file) then added with 

ldapadd -x -W -D cn=Manager,dc=example,dc=com -f users.ldif
DDS
  • 145
  • 8

1 Answers1

2

If you migrated user entries from local passwd/group files, you are trying to use incorrect entry for bind. "cn=ldapuser01,ou=Group,dc=example,dc=com"

It's the DN for 'ldapuser01' linux group, not the user. Try using the following DN

uid=ldapuser01,ou=People,dc=example,dc=com

eg:- 

#ldapsearch -h localhost -x cn=ldapuser01 -b "dc=example,dc=com" -D "uid=ldapuser01,ou=People,dc=example,dc=com" -w <my password>
Najmuddin
  • 115
  • 4