# ldap_bind: Invalid credentials

## ImAmMe

Setting up a secure Samba PDC server using ldap as backend.  I realy like the loads of usefull documentation, i would think that there would more considering what it is.

My problem is with ldap.  It took several days of tinkering to get slapd running finally

links i use are

http://gentoo-wiki.com/HOWTO_LDAPv3

http://www.gentoo.org/doc/en/ldap-howto.xml

http://www.openldap.org/doc/admin21/

but the problems is when i run this ( partal way thru the setup toturials)

ldapsearch -x -b "cn=admin,dc=mcgraw,dc=net" "(objectclass=*)" -W -d 255

I get

ldap_bind: Invalid credentials (49)

i have tried uninstalling my all my ldap packages, then going back a deleting the remaining files. Then reinstalling.

i have ran this 

chown ldap:ldap -R /var/lib/openldap-{ldbm,data,slurp}

I have another question also, i have webmin installed and both of my ldap modules are not configured correctly, so webmin says.  but i do have openldap nss_ldap pam_ldap installed and slapd is running.  Arent those supposed to come up if those packages are installed?

I am interrested in using hdb instead of ldbm.  but having troubles finding info on how work those kinds of databases.

```

equery list ldap

[I--] [  ] dev-perl/perl-ldap-0.34 (0)

[I--] [  ] net-nds/openldap-2.3.41 (0)

[I--] [ ~] net-nds/phpldapadmin-1.1.0.5 (1.1.0.5)

[I--] [  ] net-nds/smbldap-tools-0.9.1-r1 (0)

[I--] [  ] sys-auth/nss_ldap-258 (0)

[I--] [  ] sys-auth/pam_ldap-183 (0)
```

```

# ldapsearch -x -b "cn=admin,dc=mcgraw,dc=net" "(objectclass=*)" -W -d 255

ldap_create

Enter LDAP Password:

ldap_bind

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP marge.mcgraw.net:389

ldap_new_socket: 3

ldap_prepare_socket: 3

ldap_connect_to_host: Trying 192.168.1.8:389

ldap_connect_timeout: fd: 3 tm: -1 async: 0

ldap_open_defconn: successful

ldap_send_server_request

ber_scanf fmt ({it) ber:

ber_dump: buf=0x805ff78 ptr=0x805ff78 end=0x805ff8c len=20

  0000:  30 12 02 01 01 60 0d 02  01 03 04 00 80 06 31 32   0....`........12

  0010:  33 34 35 36                                        3456

ber_scanf fmt ({i) ber:

ber_dump: buf=0x805ff78 ptr=0x805ff7d end=0x805ff8c len=15

  0000:  60 0d 02 01 03 04 00 80  06 31 32 33 34 35 36      `........123456

ber_flush: 20 bytes to sd 3

  0000:  30 12 02 01 01 60 0d 02  01 03 04 00 80 06 31 32   0....`........12

  0010:  33 34 35 36                                        3456

ldap_write: want=20, written=20

  0000:  30 12 02 01 01 60 0d 02  01 03 04 00 80 06 31 32   0....`........12

  0010:  33 34 35 36                                        3456

ldap_result ld 0x8057d98 msgid 1

ldap_chkResponseList ld 0x8057d98 msgid 1 all 1

ldap_chkResponseList returns ld 0x8057d98 NULL

wait4msg ld 0x8057d98 msgid 1 (infinite timeout)

wait4msg continue ld 0x8057d98 msgid 1 all 1

** ld 0x8057d98 Connections:

* host: marge.mcgraw.net  port: 389  (default)

  refcnt: 2  status: Connected

  last used: Tue Mar 18 01:09:26 2008

** ld 0x8057d98 Outstanding Requests:

 * msgid 1,  origid 1, status InProgress

   outstanding referrals 0, parent count 0

** ld 0x8057d98 Response Queue:

   Empty

ldap_chkResponseList ld 0x8057d98 msgid 1 all 1

ldap_chkResponseList returns ld 0x8057d98 NULL

ldap_int_select

read1msg: ld 0x8057d98 msgid 1 all 1

ber_get_next

ldap_read: want=8, got=8

  0000:  30 0c 02 01 01 61 07 0a                            0....a..

ldap_read: want=6, got=6

  0000:  01 31 04 00 04 00                                  .1....

ber_get_next: tag 0x30 len 12 contents:

ber_dump: buf=0x8061118 ptr=0x8061118 end=0x8061124 len=12

  0000:  02 01 01 61 07 0a 01 31  04 00 04 00               ...a...1....

read1msg: ld 0x8057d98 msgid 1 message type bind

ber_scanf fmt ({eaa) ber:

ber_dump: buf=0x8061118 ptr=0x806111b end=0x8061124 len=9

  0000:  61 07 0a 01 31 04 00 04  00                        a...1....

read1msg: ld 0x8057d98 0 new referrals

read1msg:  mark request completed, ld 0x8057d98 msgid 1

request done: ld 0x8057d98 msgid 1

res_errno: 0, res_error: <>, res_matched: <>

ldap_free_request (origid 1, msgid 1)

ldap_free_connection 0 1

ldap_free_connection: refcnt 1

ldap_parse_result

ber_scanf fmt ({iaa) ber:

ber_dump: buf=0x8061118 ptr=0x806111b end=0x8061124 len=9

  0000:  61 07 0a 01 31 04 00 04  00                        a...1....

ber_scanf fmt (}) ber:

ber_dump: buf=0x8061118 ptr=0x8061124 end=0x8061124 len=0

ldap_msgfree

ldap_err2string

<strong>ldap_bind: Invalid credentials (49)</strong>
```

files

```
/etc/hosts

127.0.0.1        localhost

::1                 localhost

192.168.1.8    marge.mcgraw.net   marge
```

```
/etc/openldap/ldap.conf

URI  ldap://marge.mcgraw.net

BASE dc=marge,dc=mcgraw,dc=org
```

```
/etc/openldap/slapd.conf

include   /etc/openldap/schema/core.schema

include   /etc/openldap/schema/cosine.schema

include   /etc/openldap/schema/inetorgperson.schema

include   /etc/openldap/schema/nis.schema

 

TLSCertificateFile    /etc/ssl/ldap.pem

TLSCertificateKeyFile /etc/openldap/ldap-key.pem

TLSCACertificateFile  /etc/ssl/ldap.pem

 

loglevel 256

pidfile   /var/run/openldap/slapd.pid

argsfile  /var/run/openldap/slapd.args

access to * by self write by * read

database ldbm

suffix    "dc=mcgraw,dc=net"

checkpoint  32  30 # <kbyte> <min>

rootdn    "cn=admin,dc=mcgraw,dc=net"

 

directory /var/lib/openldap-data

index objectClass eq

password-hash   {MD5}

rootpw {MD5}4QrcOUm6Wau+VuBX8g+IPg==

```

```

/etc/conf.d/slapd

OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
```

if run 

```
$ ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

# extended LDIF

#

# LDAPv3

# base <> with scope baseObject

# filter: (objectclass=*)

# requesting: namingContexts

#

#

dn:

namingContexts: dc=mcgraw,dc=net

# search result

search: 2

result: 0 Success

# numResponses: 2

# numEntries: 1

logs from that command line

Mar 18 01:07:35 marge slapd[25152]: conn=3 fd=13 ACCEPT from IP=192.168.1.8:52922 (IP=0.0.0.0:389)

Mar 18 01:07:35 marge slapd[25152]: conn=3 op=0 BIND dn="" method=128

Mar 18 01:07:35 marge slapd[25152]: conn=3 op=0 RESULT tag=97 err=0 text=

Mar 18 01:07:35 marge slapd[25152]: conn=3 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"

Mar 18 01:07:35 marge slapd[25152]: conn=3 op=1 SRCH attr=namingContexts

Mar 18 01:07:35 marge slapd[25152]: conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

Mar 18 01:07:35 marge slapd[25152]: conn=3 op=2 UNBIND

Mar 18 01:07:35 marge slapd[25152]: conn=3 fd=13 closed
```

```
netstat -a --numeric-ports

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State

tcp        0      0 *:389                   *:*                     LISTEN

tcp        0      0 *:636                   *:*                     LISTEN

 

tcp        0      0 *:443                   *:*                     LISTEN

tcp        0      0 *:636                   *:*                     LISTEN

Active UNIX domain sockets (servers and established)

Proto RefCnt Flags       Type       State         I-Node Path

unix  2      [ ACC ]     STREAM     LISTENING     263936 /var/run/openldap/slapd.sock
```

```
netstat -lnp | grep slapd

tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      25613/slapd

tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN      25613/slapd

tcp        0      0 :::389                  :::*                    LISTEN      25613/slapd

tcp        0      0 :::636                  :::*                    LISTEN      25613/slapd

unix  2      [ ACC ]     STREAM     LISTENING     263936 25613/slapd         /var/run/openldap/slapd.sock
```

```
# ldapadd -x -D "cn=admin,dc=mcgraw,dc=net" -W -f base.ldif

ran fine and appeared to be promising 
```

```
slaptest -d 10

WARNING: No dynamic config support for database ldbm.

config file testing succeeded
```

```
startup logs (cat /var/log/messages | grep slapd)

Mar 18 01:20:47 marge slapd[25612]: @(#) $OpenLDAP: slapd 2.3.41 (Mar 17 2008 21:25:37) $root@marge:/var/tmp/portage/net-nds/openldap-2.3.41/work/openldap-2.3.41/servers/slapd

Mar 18 01:20:47 marge slapd[25613]: WARNING: No dynamic config support for database ldbm.

Mar 18 01:20:47 marge slapd[25613]: slapd starting
```

slapindex -d 1

dumps out a lot of text, nothing jumps out as errors

iptables -nvL

no iptable yet

i am using super simple pass word for setup, it is being type correctly.  i have gone thru many of the ldap topics here, they got my slapd running.   Thanks Guys

I would like to say thanks for looking thru this

and i am happy to post any more info if it would help

----------

## loisl

Hai,

an /etc/openldap/slapd.conf file may contain more than one database blocks, each beginning with its own suffix and rootdn. So I would suggest to place the rootpw directly after the rootdn line.

Just a guess[/b]

----------

## atatut

Hi did you manage to have a working OpenLDAP?

I followed the

http://gentoo-wiki.com/HOWTO_LDAPv3

too, and came to a running slapd that does nothing, as sson as I tried to add something in the db I ended up with

SASL/GGSAPI error. I even tried to manually feed the base using the ldif, and try to import it again, but I receive "Can't contact LDAP server", while its running.

Does anyone have a clearer HOW TO, I mean a real HOW TO, where you have a step by step configuration that you can understand? Sorry to ask too much, but at some point if no one takes the time to explain there's hardly any chance we understand how to set OpenLDAP.

Thanks

----------

## ianw1974

When I had problems with this, I disabled the use flag for sasl against the openldap package, so that I could only communicate on port 389 and it worked fine after this.  I never worried about using the secure port for ldap.

----------

## bunder

 *Quote:*   

> BASE dc=marge,dc=mcgraw,dc=org

 

iirc that should just be mcgraw.org.

cheers

ps:  i would remove that root md5 from your post, you really don't want people knowing that one.   :Wink: 

----------

