ldap_bind: Invalid credentials (49) again

Question

I have searched several posting on this message and I am still getting the error when I attempt to do an "ldapsearch"

I have changed the slapd.conf to use a plain-text password and I am still getting the error. I have also made sure that there are no blank spaces in the file. The log file shows and iptables is turned off. I have attempted to follow the LDAP setup from

"http://www.itmanx.com/kb/centos63-openldap-phpldapadmin".  

conn=1001 fd=15 ACCEPT from IP=[::1]:54486 (IP=[::]:389)
conn=1001 op=0 BIND dn="cn=Manager,dc=domain,dc=local,dc=pt" method=128
conn=1001 op=0 RESULT tag=97 err=49 text=
conn=1001 fd=15 closed (connection lost)

my server is running Centos 6.4 64.

below are the commands I am using

"ldapsearch -x -D cn=Manager,dc=domain,dc=local,dc=pt -w abc"

my slapd.conf file

database        bdb
suffix          "dc=domain,dc=local"
checkpoint      1024 15
rootdn          "cn=Manager,dc=domain,dc=local"
rootpw                  abc

Answer 1

In the search you try to bind as:

cn=Manager,dc=domain,dc=local,dc=pt

but in the config the rootdn is:

cn=Manager,dc=domain,dc=local

This is of course "an invalid credential".

Answer 2

You are binding as the rootdn, which is to say the "root account" of your DIT. This account's password is, in this case, config-based. It is possible that while 'abc' is the configured password, it may not be the loaded password.

Case in point: Someone goes into the slapd.conf file and changes the rootdn password from 'xyz' to 'abc' but neglects to restart the OpenLDAP daemon. What will happen here is that 'abc' will NOT work until the process is restarted, and thus the OpenLDAP daemon will continue to honor the OLD password of 'xyz'.

I hope this helps...

Max

Answer 3

You need to generate your password like below -

slappasswd -h {CLEARTEXT}

enter password - abc

Do the search -

ldapsearch -x -h ipaddress(mention ip address) -D "cn=Manager,dc=domain,dc=local" -W