Re: Unable to run ldapsearch

Kevin Kim Tue, 18 Mar 2008 15:34:28 -0700

I just removed all the db files, and did ldapadd again for both Manger and
testuser ldif files.
But, I still have problem running ldapsearch on testuser. (I don't see any
difference between two while inserting the data)



/opt/etc/openldap]$ /opt/bin/ldapsearch -Z -x -W -D
"uid=testuser,ou=People,dc=myorg,dc=com" "(objectclass=*)"
ldap_start_tls: Protocol error (2)
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
/opt/etc/openldap]$ /opt/bin/ldapsearch -Z -x -W -D
"cn=Manager,dc=myorg,dc=com" "(objectclass=*)"
ldap_start_tls: Protocol error (2)
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=myorg,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# myorg.com
dn: dc=myorg,dc=com
objectClass: top
objectClass: dcObject
objectClass: nisDomainObject
objectClass: organization
dc: myorg
o: My Organization
nisDomain:: bXlvcmcuY29tIA==
# Manager, myorg.com
dn: cn=Manager,dc=myorg,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
# NonAnon, myorg.com
dn: cn=NonAnon,dc=myorg,dc=com
objectClass: account
objectClass: posixAccount
description: Non-anonymous ldap binds
cn: NonAnon
uid: nonanon
uidNumber: 1005
gidNumber: 105
homeDirectory: /var/empty
userPassword:: e0NSWVBUfWp6YkFUQWNhb3guIA==
loginShell:: L2Jpbi9mYWxzZSA=
host:: bXlsZGFwaG9zdC5teW9yZy5jb20g
# People, myorg.com
dn: ou=People,dc=myorg,dc=com
objectClass: organizationalUnit
ou: People
description: User Accounts
# Group, myorg.com
dn: ou=Group,dc=myorg,dc=com
objectClass: organizationalUnit
ou: Group
description: System Groups
# testuser, People, myorg.com
dn: uid=testuser,ou=People,dc=myorg,dc=com
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetLocalMailRecipient
cn: Test User
uid: testuser
userPassword:: e2NyeXB0fXM1OFROaXVML3RjTS4=
loginShell: /usr/bin/bash
uidNumber: 1001
gidNumber: 500
homeDirectory: /home/admin/testuser
mailLocalAddress: [EMAIL PROTECTED]
mailRoutingAddress: [EMAIL PROTECTED]
host: somehost.myorg.com
host: someotherhost.myorg.com
host: anotherhost.myorg.com
shadowLastChange: 12193
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowInactive: 1
shadowExpire: 12999
gecos: Test User
# search result
search: 3
result: 0 Success
# numResponses: 7
# numEntries: 6







Is something wrong with my acl?

this is my acl:
access  to attrs=userPassword
        by self         write
        by *            auth
access  to *
        by *            read



Thanks,




On Tue, Mar 18, 2008 at 4:45 PM, Kevin Kim <[EMAIL PROTECTED]> wrote:

> Yes, that worked, but crypt library is same..
> ldd /opt/libexec/slapd | grep crypt
>         libcrypto.so.0.9.8 =>    /usr/local/ssl/lib/libcrypto.so.0.9.8
> [16:36:[EMAIL PROTECTED]:/usr/local/ssl/certs]$ ldd
> /opt/sbin/slappasswd | grep crypt
>         libcrypto.so.0.9.8 =>    /usr/local/ssl/lib/libcrypto.so.0.9.8
>
>
> Following error is output using -Z option:
> /opt/bin/ldapsearch -x -Z -W -D "uid=testuser,ou=People,dc=myorg,dc=com"
> "(objectclass=*)"
> ldap_start_tls: Protocol error (2)
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
>   On Tue, Mar 18, 2008 at 4:19 PM, Patrick Shinpaugh <[EMAIL PROTECTED]>
> wrote:
>
> > Try running the ldapsearch with the cn=Manager and its password - if
> > that works then take a look at the response from Dieter Kluenter
> > concerning the  crypt library used... could be that when slapd is
> > hashing your password it isn't matching.
> >
> >
> > Kevin Kim wrote:
> > > When I try running it with -Z option, I got
> > >
> > > Enter LDAP Password:
> > > connection_get(11): got connid=5
> > > connection_read(11): checking for input on id=5
> > > ber_get_next
> > > ber_get_next: tag 0x30 len 58 contents:
> > > ber_get_next
> > > conn=5 op=1 do_bind
> > > ber_scanf fmt ({imt) ber:
> > > ber_scanf fmt (m}) ber:
> > > >>> dnPrettyNormal: <uid=testuser,ou=People,dc=myorg,dc=com>
> > > <<< dnPrettyNormal: <uid=testuser,ou=People,dc=myorg,dc=com>,
> > > <uid=testuser,ou=people,dc=myorg,dc=com>
> > > do_bind: version=3 dn="uid=testuser,ou=People,dc=myorg,dc=com"
> > method=128
> > > bdb_dn2entry("uid=testuser,ou=people,dc=myorg,dc=com")
> > > send_ldap_result: conn=5 op=1 p=3
> > > send_ldap_response: msgid=2 tag=97 err=49
> > > ber_flush2: 14 bytes to sd 11
> > > ldap_bind: Invalid credentials (49)
> > >
> > > Is ldapsearch requires special secuirity module compared to ldapadd?
> > >
> > >
> > >
> > > On Tue, Mar 18, 2008 at 1:26 PM, Patrick Shinpaugh <[EMAIL PROTECTED]
> >  > <mailto:[EMAIL PROTECTED]>> wrote:
> > >
> > >     The error from your ldapsearch may give a clue...
> > >
> > >     ldap_bind: Confidentiality required (13)
> > >            additional info: TLS confidentiality required
> > >
> > >     Try adding the -Z option to your ldapsearch
> > >
> > >
> > >
> > >     Kevin Kim wrote:
> > >     > I also did
> > >     >
> > >     > $ /opt/bin/ldapadd -Z -x -W -D "cn=Manager,dc=myorg,dc=com" -v
> > -f
> > >     > person.ldif
> > >     > ldap_initialize( <DEFAULT> )
> > >     > Enter LDAP Password:
> > >     > add objectclass:
> > >     >         account
> > >     >         posixAccount
> > >     >         shadowAccount
> > >     >         inetLocalMailRecipient
> > >     > add cn:
> > >     >         Test User
> > >     > add uid:
> > >     >         testuser
> > >     > add userPassword:
> > >     >         {crypt}s58TNiuL/tcM.
> > >     > add loginShell:
> > >     >         /usr/bin/bash
> > >     > add uidnumber:
> > >     >         1001
> > >     > add gidnumber:
> > >     >         500
> > >     > add homeDirectory:
> > >     >         /home/admin/testuser
> > >     > add mailLocalAddress:
> > >     >         [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> > >     <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
> > >     > add mailRoutingAddress:
> > >     >         [EMAIL PROTECTED]
> > >     <mailto:[EMAIL PROTECTED]>
> > >     <mailto:[EMAIL PROTECTED]
> > >     <mailto:[EMAIL PROTECTED]>>
> > >     > add host:
> > >     >         somehost.myorg.com <http://somehost.myorg.com/>
> > >     <http://somehost.myorg.com <http://somehost.myorg.com/>>
> > >     >         someotherhost.myorg.com
> > >     <http://someotherhost.myorg.com/> <http://someotherhost.myorg.com
> > >     <http://someotherhost.myorg.com/>>
> > >     >         anotherhost.myorg.com <http://anotherhost.myorg.com/>
> > >     <http://anotherhost.myorg.com <http://anotherhost.myorg.com/>>
> >  >     > add shadowLastChange:
> > >     >         12193
> > >     > add shadowMin:
> > >     >         0
> > >     > add shadowMax:
> > >     >         99999
> > >     > add shadowWarning:
> > >     >         7
> > >     > add shadowInactive:
> > >     >         1
> > >     > add shadowExpire:
> > >     >         12999
> > >     > add gecos:
> > >     >         Test User
> > >     > adding new entry "uid=testuser,ou=People,dc=myorg,dc=com"
> > >     > modify complete
> > >     >
> > >     > then,
> > >     >
> > >     > $ /opt/bin/ldapsearch -x -W -D
> > >     > "uid=testuser,ou=People,dc=myorg,dc=com" "(objectclass=*)"
> > >     > Enter LDAP Password:
> > >     > ldap_bind: Confidentiality required (13)
> > >     >         additional info: TLS confidentiality required
> > >     >
> > >     > any help will be appreciated.
> > >     >
> > >     > On Tue, Mar 18, 2008 at 11:50 AM, Kevin Kim
> > >     <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> > >     > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>>
> > >     wrote:
> > >     >
> > >     >     Correction: I did ran with
> > >     >     /opt/bin/ldapsearch -x -W -D
> > >     "uid=testuser,ou=People,dc=myorg,dc=com"
> > >     >     and I am still getting same error.
> > >     >     On Tue, Mar 18, 2008 at 11:44 AM, Kevin Kim
> > >     <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> > >     >     <mailto:[EMAIL PROTECTED]
> >  >     <mailto:[EMAIL PROTECTED]>>> wrote:
> > >     >
> > >     >         Can someone help me find the problem with ldapsearch?
> > >     >
> > >     >         I can insert the data using ldapadd:
> > >     >         /opt/bin/ldapadd -Z -x -W -D
> > "cn=Manager,dc=myorg,dc=com" -v
> > >     >         -f toplevel.ldif
> > >     >         ldap_initialize( <DEFAULT> )
> > >     >         Enter LDAP Password:
> > >     >          ...........
> > >     >         modify complete
> > >     >         but I am not able to run ldapsearch:
> > >     >         /opt/etc/openldap/ldif_files]$ /opt/bin/ldapsearch -x -W
> > -D
> > >     >         "uid=testuser,ou=People,dc=scivantage,dc=com"
> > >     "(objectclass=*)"
> > >     >         Enter LDAP Password:
> > >     >         ldap_bind: Invalid credentials (49)
> > >     >
> > >     >         my slapd.conf files:
> > >     >         defaultsearchbase dc=myorg,dc=com
> > >     >
> > >     >         access  to attrs=userPassword
> > >     >                 by self         write
> > >     >                 by anonymous    auth
> > >     >                 by *            none
> > >     >         access  to *
> > >     >                 by self         write
> > >     >                 by users        read
> > >     >                 by *            none
> > >     >
> > >     >         database        bdb
> > >     >         suffix          "dc=myorg,dc=com"
> > >     >         rootdn          "cn=Manager,dc=myorg,dc=com"
> > >     >
> > >     >         Also, if run ldapwhoami:
> > >     >         /opt/bin/ldapwhoami
> > >     >         ldap_sasl_interactive_bind_s: Confidentiality required
> > (13)
> > >     >
> > >     >         I will be appreciated,
> > >     >
> > >     >         Kevin
> > >     >
> > >     >
> > >     >
> > >
> > >     --
> > >     Patrick Shinpaugh
> > >     Virginia Tech
> > >     UVAG System Administrator/Programmer
> > >     540-231-2054
> > >
> > >
> >
> > --
> >  Patrick Shinpaugh
> > Virginia Tech
> > UVAG System Administrator/Programmer
> > 540-231-2054
> >
> >
>

Re: Unable to run ldapsearch

Reply via email to