stephen.hanson
stephen.hanson

Reputation: 9624

LDAP - ldapwhoami returns "ldap_bind: Invalid credentials (49)"

I am new to working with LDAP, and my ultimate goal is to offer LDAP single sign-on in a web app. In order to achieve this, I'm trying to run ldapwhoami, but I'm running into issues. I am able to run other commands, like ldapsearch and ldapadd.

I'm running OpenLdap on Mac OS High Sierra.

My relevant slapd.conf looks like this:

access to *
  by self write
  by * read
  by anonymous auth

database    ldif

suffix          "dc=test,dc=com"
directory       openldap-data
rootdn          "cn=admin,dc=test,dc=com"
## rootpw = secret
rootpw          {SSHA}fFjKcZb4cfOAcwSjJer8nCGOEVRUnwCC

I then added a user with ldapadd -x -w secret -f shanson.ldif, where shanson.ldif looks like:

dn: cn=shanson,dc=test,dc=com
objectClass: inetOrgPerson
sn: Hanson
uid: shanson
cn: shanson
userPassword: secret

I am successfully able to search for and find this new user with ldapsearch -x "(cn=shanson)".

Now, I am trying to verify the user's credentials using ldapwhoami, and I keep getting an error:

> ldapwhoami -x -D cn=shanson,dc=test,dc=com -w secret
ldap_bind: Invalid credentials (49)

The same operation with my root admin user succeeds:

> ldapwhoami -x -D cn=admin,dc=test,dc=com -w secret
dn:cn=admin,dc=test,dc=com

I'm sure I'm just making a simple mistake or not understanding what I'm doing, but I don't really know where else to look right now for answers. Thanks!

Upvotes: 2

Views: 6476

Answers (2)

Souradeep Nanda
Souradeep Nanda

Reputation: 3298

For me, my dn was wrong.

I did an ldapsearch with admin credentials to get the dn: uid=xxx,ou=xxx,dc=xxx,dc=xxx,dc=xxx

Then I did an ldapwhoami -x -D "uid=xxx,ou=xxx,dc=xxx,dc=xxx,dc=xxx" -w secret and it worked fine.

Upvotes: 0

stephen.hanson
stephen.hanson

Reputation: 9624

It seems to have had something to do with the plain text password I set up. I installed Jxplorer and manually updated my user's password and hashed it with MD5, and now the ldapwhoami command works. If I set the password as plain text in JXplorer, ldapwhoami still does not work. Beyond that, I'm not entirely sure what I was doing wrong.

Upvotes: 1

Related Questions