Tuesday, March 17, 2009

Learned one critical rule of Openldap's slapd.conf format

One critical rule of Openldap's slapd.conf format : no leading space.

Openldap is easy to config, you just need to customize three params suffix,rootdn and rootpw
# /etc/openldap/slapd.conf

database        bdb
suffix          "dc=example,dc=com"
rootdn          "cn=root,dc=example,dc=com"
   rootpw {SSHA}Ok/uoTJYELAj346giEh2mdvmiE5etgcg
The above is my initial config, the rootpw is generated by slappasswd

# slappasswd  -s pass123
{SSHA}sKFAA5OKE6oi+XCXQAJDj/69+g/K9irH

I started ldap service, it was fine,But when i do do ldapsearch it get "ldap_bind: Invalid credentials (49)" error

# ldapsearch -x -h 127.0.0.1 -D "cn=root,dc=example,dc=com" -w pass123
ldap_bind: Invalid credentials (49)

The rootdn and rootpw are definately correct, but why? Did you notice the space before rootpw? it is the culprit. The same search returned ok after deleted the leading space.

Another common error "ldap_sasl_interactive_bind_s: No such attribute (16)" will appear if you omit -x :simple authentication

# ldapsearch   -h 127.0.0.1 -D "cn=root,dc=example,dc=com" -w pass123
ldap_sasl_interactive_bind_s: No such attribute (16)

Openldap tested is slapd 2.3.27
Posted by at
Labels: ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)