Hi, I can not figure out why my AIX box does not want to authenticate with my ldap server. I think I have a problem with the ldap setup so I can only bind to ldap with anonymous bind or with olcRoot.
Checking password for cn=admin,dc=axi,dc=intra (my LDAP manager account): r...@ldap1:/etc # ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=admin,dc=axi,dc=intra SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <cn=admin,dc=axi,dc=intra> with scope subtree # filter: (objectclass=*) # requesting: ALL # # admin, axi.intra dn: cn=admin,dc=axi,dc=intra cn: admin objectClass: simpleSecurityObject objectClass: organizationalRole description: LDAP administrator userPassword:: e1NTSEF9UkJXSitCZy92V2ZLNlJ5Rzdwa1pvOStpQUh5aSt4NG0= # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Changing password: r...@ldap1:/etc # ldappasswd -Y EXTERNAL -H ldapi:/// -s secret cn=admin,dc=axi,dc=intra SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 Checking that the password is changed: r...@ldap1:/etc # ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=admin,dc=axi,dc=intra SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <cn=admin,dc=axi,dc=intra> with scope subtree # filter: (objectclass=*) # requesting: ALL # # admin, axi.intra dn: cn=admin,dc=axi,dc=intra cn: admin objectClass: simpleSecurityObject objectClass: organizationalRole description: LDAP administrator userPassword:: e1NTSEF9TnBIK0hBN2JpWEczb0FSU1YwQm5HWmZSVll3S0NaTms= # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Using the password: r...@ldap1:/etc # ldapsearch -D "cn=admin,dc=axi,dc=intra" -w secret ldap_bind: Invalid credentials (49) So I change the password but I can not use it ? Stef ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
