open ldap configuration on rhel3-u4

Nilesh Joshi nileshnjoshi at gmail.com
Fri Aug 14 01:36:55 UTC 2009 

Thanks Rick.

I have checked using -w password. The exact command I tried was:

ldapsearch -x -b "ou=people,dc=test,dc=com" -D
"cn=nilesh,ou=people,dc=test,dc=com" -w password '(uid=nilesh)'

Also added:
       access to attrs=userPassword
               by anonymous auth
               by self write
               by * none

However the result was same. I have confirmed that password is password for
now.

I think, I am missing something in configuration. Can I use LDAP without
sasl and if yes, what I need to do?

Thanks and Regards,
-Nilesh



On Thu, Aug 13, 2009 at 6:16 PM, Rick Stevens <ricks at nerd.com> wrote:

>  Nilesh Joshi wrote:
>
>> Hi,
>>
>> I have installed openldap-2.0.27-23 on my server.
>>
>> I have configured certificate and path is mentioned in slapd.conf file.
>>
>> I am able to create root DN and also able to add user to it.
>>
>> When I search using cn=manager,dc=test,dc=com, it gives me correct
>> answers.
>> Howere, whenever I search using user id, I see error 49.
>>
>> ldapsearch -x -b "ou=people,dc=test,dc=com" -D
>> "cn=nilesh,ou=people,dc=test,dc=com" -W '(uid=nilesh)'
>>
>> In logs, I see:
>> conn=11 fd=10 ACCEPT from IP=192.168.1.2:53115 (IP=0.0.0.0:389)
>> conn=11 op=0 BIND dn="cn=nilesh,ou=people,dc=test,dc=com" method=128
>> conn=11 op=0 RESULT tag=97 err=49 text=
>> conn=11 fd=10 closed (connection lost)
>>
>> I would like to have openldap running without sasl.
>>
>> How should I configure the same? How can I fix this issue?
>>
>
> Error 49 is "invalid credentials," meaning that you didn't hand the
> ldapsearch the right password for the user you're trying to bind as.
> Try it again, but rather than using the "-W" (interactive) flag, try:
>
>        -w 'your-password-here'
>
> If the password has shell metacharacters in it, they may be being
> interpreted by the shell before being handed to the ldapsearch command.
> Using the -w and the password enclosed in single quotes prevents that.
>
> You also have to make sure that the user you're trying to bind as has
> access to the userPassword attribute in the slapd.conf file:
>
>        access to attrs=userPassword
>                by anonymous auth
>                by self write
>                by * none
>
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer                      ricks at nerd.com -
> - AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
> -                                                                    -
> - I never drink water because of the disgusting things that fish do  -
> -                                  in it.                            -
> -                                                      -- WC. Fields -
> ----------------------------------------------------------------------
>
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-install-list/attachments/20090813/735b2970/attachment.htm>

More information about the Redhat-install-list mailing list