Thank you very much for your clarifying message. I have found it very helpful, but the problem actually turned out not to be the password, but the problem actually turned out to be the loginShell.
44 uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com uid: bluethundr cn: Timothy P. ThatGuy givenName: Timothy P. sn: ThatGuy mail: [email protected] mailRoutingAddress: [email protected] mailHost: mail.summitnjhome.com objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top userPassword: {CRYPT}secret uidNumber: 1001 gidNumber: 1002 homeDirectory: /home/bluethundr gecos: Timothy P. ThatGuy loginShell: /usr/local/bin/bash The LDAP server is FreeBSD but the clients are CentOS. The problem turned out to be that the PADL migration script that had generated the user ldif from /etc/passwd and produced the loginShell attribute with a BSD path to bash (i.e. /usr/local/bin/bash), when the clients which are all CentOS needed the red hat path to bash (i.e. /bin/bash). I have also added an index for uid to by slap.conf as per your suggestion. Best regards and thank you again for your assistance! On Sun, Oct 31, 2010 at 8:26 PM, Quanah Gibson-Mount <[email protected]> wrote: > --On Saturday, October 30, 2010 8:51 AM -0400 Tim Dunphy > <[email protected]> wrote: > >> Oct 29 22:49:41 LBSD2 slapd[1085]: <= bdb_equality_candidates: (uid) not >> indexed Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1001 op=7 SEARCH RESULT >> tag=101 err=0 nentries=1 text= >> Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=4 BIND >> dn="uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com" >> method=128 >> Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=4 RESULT tag=97 err=49 >> text= >> tag=97 > > Tag's are not error messages, they are information purpose. > > Error messages are prefixed with "err=", in this case, your log clearly > shows the wrong password was used, or the binddn is wrong, or both. > > Thus the LDAP server returns "ERROR 49" very clearly in your log for > connection 1002. > > You likely should also create an equality index on uid, since apparently > your dns are uid based. > > --Quanah > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration > -- Here's my RSA Public key: gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9 Share and enjoy!!
