Marc Tardif <[EMAIL PROTECTED]> writes: > * Marc Tardif <[EMAIL PROTECTED]> [2006-07-20 10:53 -0400]: >> I have installed OpenLDAP 2.2.26 from package on Ubuntu 6.06 LTS. The >> postinst script prompts for a password to create an admin user. However, >> when I try to run the ldapsearch command as the admin with that password, I >> get the following error message: >> >> $ ldapsearch -x -w password -D "cn=admin,dc=nodomain" '(objectclass=*)' >> ldap_bind: Invalid credentials (49) > [snip] >> So, any ideas what I might be doing wrong? > > I have managed to address the authentication problem encountered by > ldapsearch. It seems that the encryption used for the password wasn't > being recognized by the authentication mechanism. So, I changed the > password for cleartext with the following commands:
[...] > Then the ldapsearch command output the content of the LDAP database: > > $ ldapsearch -x -w password -D "cn=admin,dc=nodomain" '(objectclass=*)' > ... > > So, here is the value for the userPassword attribute before ldapsearch > worked: > > userPassword:: e2NyeXB0fUY2ZGdUZmF0SlUubTY= > > And after ldapsearch started working: > > userPassword:: d2FydGhvZ3M= > > Both are meant to be for the same password, so what might be the problem? > Can I change the decryption algorithm from the ldapsearch options? The first attribute value is the crypt hash of your cleartext password, both are displayed base64 encoded, so it is quite easy to decrypt your password with mimencode -u. I presume that my first guessing, slapd has problems with your crypt hashed password, comes true. You may either change the hashing algorythm (see man slappasswd(8)) and use simple binds, or stick to cleartext and use a shared secret authentication like SASL mechanism DIGEST-MD5.although I personally prefer Kerberos v5 and GSSAPI. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
