Hi I am trying to search ldap user using the following command but with invalid credentials error:
# ldapsearch -x -h ldaps://idm.example.net -p 636 -b "dc=example,dc=net" -D "uid=ldapbind,cn=users,cn=account,dc=example,dc=net" uid=ambariadmin1 -W Enter LDAP Password: ldap_bind: Invalid credentials (49)
I have double checked the password but the error still persists.
Before that, i have added a ldap bind user with the following procedure
[root@example ~]# cat ldapbind.ldif dn: uid=ldapbind,cn=users,cn=accounts,dc=example,dc=net changetype: add objectclass: account objectclass: simplesecurityobject uid: ambaribind userPassword: secret123 passwordExpirationTime: 20380119031407Z nsIdleTimeout: 0
[root@example ~]# ldapmodify -h example.net -p 389 -x -D "cn=Directory Manager" -w 'secret123' -f ldapbind.ldif adding new entry "uid=ldapbind,cn=users,cn=accounts,dc=example,dc=net" [root@example ~]# ipa user-show ambaribind --raw --all dn: uid=ldapbind,cn=users,cn=accounts,dc=example,dc=net uid: ldapbind nsaccountlock: FALSE has_password: TRUE has_keytab: FALSE objectClass: account objectClass: simplesecurityobject objectClass: top
Without bind user, i can search the user [root@example ~]# ldapsearch -x -h idm.infodetics.net -p 389 -b "cn=ambari,dc=example,dc=net" uid=ambariadmin1
Can any one plz guide me where is the issue ? Regards
Update:
Please ignore the idapsearch command from last post, i have used the following without SSL:
# ldapsearch -x -h ldap://idm.example.net -p 389 -b "dc=example,dc=net" -D "uid=ldapbind,cn=users,cn=account,dc=example,dc=net" uid=ambariadmin1 -W Enter LDAP Password: ldap_bind: Invalid credentials (49)
And also the last search command
[root@example ~]# ldapsearch -x -h idm.example.net -p 389 -b "cn=ambari,dc=example,dc=net" uid=ambariadmin1
What is in the directory server access log? /var/log/dirsrv/slapd-YOUR_INSTANCE/access
It might give more information about the failure. But error 49 typically means you are using the wrong password, but it could be another issue and the access log will have that information, just look for "err=49" in the log...
On 7/19/20 3:58 AM, Dwijadas Dey wrote:
Update:
Please ignore the idapsearch command from last post, i have used the following without SSL:
# ldapsearch -x -h ldap://idm.example.net -p 389 -b "dc=example,dc=net" -D "uid=ldapbind,cn=users,cn=account,dc=example,dc=net" uid=ambariadmin1 -W Enter LDAP Password: ldap_bind: Invalid credentials (49)
And also the last search command
[root@example ~]# ldapsearch -x -h idm.example.net -p 389 -b "cn=ambari,dc=example,dc=net" uid=ambariadmin1 _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Hi Thanks for the reply. Yes, There are information logged in the "access" file and are more general in nature.
[19/Jul/2020:08:24:51.625206536 -0500] conn=985 fd=83 slot=83 SSL connection from 192.168.10.110 to 192.168.10.110 [19/Jul/2020:08:24:51.791327014 -0500] conn=985 TLS1.2 256-bit AES-GCM [19/Jul/2020:08:24:51.791648403 -0500] conn=985 op=0 BIND dn="uid=ambaribind,cn=users,cn=accounts,dc=infodetics,dc=net" method=128 version=3 [19/Jul/2020:08:24:51.792026416 -0500] conn=985 op=0 RESULT err=49 tag=97 nentries=0 etime=0.008042249 - Invalid credentials [19/Jul/2020:08:24:51.793722629 -0500] conn=985 op=1 UNBIND [19/Jul/2020:08:24:51.793742217 -0500] conn=985 op=1 fd=83 closed - U1
Regards
You must be entering the wrong password...
Reset the password like this:
# ldapmodify -D "cn=directory manager" -W dn: uid=ambaribind,cn=users,cn=accounts,dc=infodetics,dc=net changetype: modify replace: userpassword userpassword: NEW_PASSWORD <press enter twice and then control d>
Then try the ldapsearch again using the reset password.
HTH,
Mark
On 7/19/20 10:03 AM, Dwijadas Dey wrote:
Hi Thanks for the reply. Yes, There are information logged in the "access" file and are more general in nature.
[19/Jul/2020:08:24:51.625206536 -0500] conn=985 fd=83 slot=83 SSL connection from 192.168.10.110 to 192.168.10.110 [19/Jul/2020:08:24:51.791327014 -0500] conn=985 TLS1.2 256-bit AES-GCM [19/Jul/2020:08:24:51.791648403 -0500] conn=985 op=0 BIND dn="uid=ambaribind,cn=users,cn=accounts,dc=infodetics,dc=net" method=128 version=3 [19/Jul/2020:08:24:51.792026416 -0500] conn=985 op=0 RESULT err=49 tag=97 nentries=0 etime=0.008042249 - Invalid credentials [19/Jul/2020:08:24:51.793722629 -0500] conn=985 op=1 UNBIND [19/Jul/2020:08:24:51.793742217 -0500] conn=985 op=1 fd=83 closed - U1
Regards _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Hi Reynolds
Yes, somehow i was entering the wrong password. I updated the password as per your suggestion and then executed the ldapsearch command and it worked.
Regards
389-users@lists.fedoraproject.org