OS: Centos 4.4 / openLDAP 2.2.13
Hostname: ldap_1.helios.local
Domain Name: helios.local
I have followed many howto's including
OpenLDAP QuickStart Guide
http://www.openldap.org/doc/admin23/quickstart.html
HowtoForge LDAP installation / configuration
http://www.howtoforge.com/linux_open..._server_client
The current issue I am having is when I want to import my user.ldif files into my LDAP tree using the ldapadd command it gives me the invalid credentials error. I have searched and found many people reporting the same issues however the threads are never answered as to what the solution would be. I have turned on debug and will post as much information as needed to get some help. I will quickly go through what I have done.
1. Installed openLDAP and needed dependencies via YUM
compat-openldap.i386 0:2.1.30-6.4E
openldap-clients.i386 0:2.2.13-6.4E
openldap-devel.i386 0:2.2.13-6.4E
openldap-servers.i386 0:2.2.13-6.4E
openldap-servers-sql.i386 0:2.2.13-6.4E
2. Created password for "manager" via slappasswd
3. Edited
/etc/openldap/slapd.conf to input my correct settings
For space reasons I will condense my files and only show what settings are uncommented
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database bdb
suffix "dc=helios,dc=local"
rootdn "cn=root,dc=helios,dc=local"
rootpw {SSHA}fNZomTKSYOlIp8q9PD8jKDevsCj5n96j
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
4. Restarted ldap using
># service ldap restart
Stopping slapd: [ OK ]
Checking configuration files for slapd: config file testing succeeded
Starting slapd: [ OK ]
5. Prepared test users to create test.ldif files
grep root /etc/passwd > /etc/openldap/passwd.root
grep ldaptest1 /etc/passwd > /etc/openldap/passwd.ldaptest1
grep ldaptest2 /etc/passwd > /etc/openldap/passwd.ldaptest2
6. Edited /usr/share/migration/openldap/migration/migrate_common.ph to reflect my domain settings
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "helios.local";
# Default base
$DEFAULT_BASE = "dc=helios,dc=local";
7. Converted my password files to ldif files using the migration tool
./migrate_passwd.pl /etc/openldap/passwd.root /tmp/root.ldif
./migrate_passwd.pl /etc/openldap/passwd.ldaptest1 /tmp/ldaptest1.ldif
./migrate_passwd.pl /etc/openldap/passwd.ldaptest2 /tmp/ldaptest2.ldif
8. Created domain ldif file
># touch /tmp/helios.local.ldif
dn: dc=helios,dc=local
dc: helios
description: LDAP Admin
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=People, dc=helios,dc=local
ou: People
description: Users of Helios.local
objectClass: organizationalUnit
9. Use ldapadd to insert domain ldif file
># ldapadd -x -D "cn=root,dc=helios,dc=local" -W -f /tmp/helios.local.ldif
Enter LDAP Password: <password>
ldap_bind: Invalid credentials (49)
>#
Now if I shutdown ldap and add using the slapadd command it imports correctly.
># slapadd -v -l /tmp/helios.local.ldif
I am also able to add the ldaptest1, ldaptest2, and root's ldif's using slapadd.
Running a ldapsearch -x -b 'dc=helios,dc=local' '(objectclass=*)' gives me
# extended LDIF
#
# LDAPv3
# base <dc=helios,dc=local> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# helios.local
dn: dc=helios,dc=local
dc: helios
description: LDAP Admin
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
# People, helios.local
dn: ou=People,dc=helios,dc=local
ou: People
description: Users of Helios.Local
objectClass: organizationalUnit
# ldaptest1, People, helios.local
dn: uid=ldaptest1,ou=People,dc=helios,dc=local
uid: ldaptest1
cn: ldaptest1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJERVRUxMYy9XJHI4R3VvbWlOR3B5UXY3cnZSQ3MxcS8=
shadowLastChange: 13623
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 502
gidNumber: 503
homeDirectory: /home/ldaptest1
# ldaptest2, People, helios.local
dn: uid=ldaptest2,ou=People,dc=helios,dc=local
uid: ldaptest2
cn: ldaptest2
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJE44M3J4TC5CJE81VVliVERZenk1Vzh5STJCanY1bDA=
shadowLastChange: 13623
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 503
gidNumber: 504
homeDirectory: /home/ldaptest2
# root, People, helios.local
dn: uid=root,ou=People,dc=helios,dc=local
uid: root
cn: root
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJFNBOUxYeGN3JDl6Wm04anV6OGlsTXpoR0JRL1hzTS8=
shadowLastChange: 13606
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root
# operator, People, helios.local
dn: uid=operator,ou=People,dc=helios,dc=local
uid: operator
cn: operator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSo=
shadowLastChange: 13450
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 11
gidNumber: 0
homeDirectory: /root
gecos: operator
# search result
search: 2
result: 0 Success
# numResponses: 7
# numEntries: 6
[root@buzz tmp]#
Now although slapadd works all the refrence material points to using ldapadd which is what I would like to use as well. I have run the ldapadd -d 255 however it does not present any errors that stand out. If you would like that output I can provide that as well. I am also curious as to why my credentials are not working as it may lead to other issues when trying to provide authentication. Thank you in advance for you help.