Enter LDAP Password keeps saying ldap_bind: Invalid credentials (49)

mpg picture mpg · Jun 2, 2011 · Viewed 86.9k times · Source

I looked everywhere for a solution to my problem but still didn't find it. I have these two simple files as sladp.conf and mytree.ldif and when i try to add something to mytree.ldif it keeps asking me for a password (which i believe is roopw defined in slapd.conf) but it doesn't work. I really need help with this.

These are my files:

slapd.conf

database dbd
suffix "dc=ers,dc=uminho,dc=pt"
rootdn "cn=Manager,dc=ers,dc=uminho,dc=pt"
rootpw ersadmin
directory /usr/local/var/openldap-data

mytree.ldif

dn: dc=ers, dc=uminho, dc=pt
objectclass: dcObject
objectclass: organization
o: ERS
dc: ers

dn: cn=Manager,dc=ers,dc=uminho,dc=pt
objectclass: organizationalRole
cn: Manager

And this is what i'm trying to do and my response:

sudo ldapadd -x -D "cn=Manager,dc=ers,dc=uminho,dc=pt" -W -f /etc/ldap/mytree.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

I already tried to encrypt the password using

slappasswd -h {SHA} -s ersadmin

and changing my slapd.conf file

password-hash   {SHA}
rootpw  {SHA}pLEBIPx4rW3eebpwACBGAZkNH4CVBRGW

but it didn't work. Thanks in advance.

Answer

Ingmar Hupp picture Ingmar Hupp · Jun 8, 2011

This question may be better suited for http://serverfault.com.

It seems your problem is with the bind (authentication) phase, so you should test with ldapsearch and get that working before you try to modify the database. Try:

ldapsearch -x -D cn=Manager,dc=ers,dc=uminho,dc=pt -w ersadmin

Assuming this gives you the same error, check your OpenLDAP logfile (by default it logs to syslog, although this is system dependent). See if the connection even gets to the server and see why it is rejecting it. If the logfile doesn't give you enough information, enable more debug logging in slapd.conf (trace/acl).

If it's not even seeing the connection, you may be authenticating to some other server, this is usually configured in ${prefix}/etc/ldap.conf.

Also make sure your slapd is actually using your slapd.conf and not another configuration source (it may be using slapd.d or a slapd.conf in a different location).

In addition to the logfile, please also always specify which version of OpenLDAP you are using, as there are vast differences between 2.3 and 2.4 (and even between minor versions).