-D should be the rootdn in your example On Sep 10, 2017 13:02, "JC" <[email protected]> wrote:
> I have just installed the OpenLDAP server, version 2.4.42, in my Linux. I > have done some basic configuration for a fictitious domain owns4.com. My > slapd.conf has the following contents: > > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/own.schema > > pidfile /var/run/openldap/slapd.pid > > argsfile /var/run/openldap/slapd.args > > modulepath /usr/libexec/openldap > moduleload back_bdb.la > > database bdb > suffix "dc=owns4,dc=com" > > rootdn "uid=root,ou=People,dc=owns4,dc=com" > > rootpw xyzabc > > directory /var/lib/openldap > > dbconfig set_cachesize 0 2097152 0 > > index objectClass eq > > lastmod on > > access to attrs=userPassword,shadowLastChange > by dn="cn=root,dc=owns4,dc=com" write > by anonymous auth > by self write > by * none > > access to dn.base="" by * read > > access to * > by dn="cn=root,dc=owns4,dc=com" write > by * read > > > > After launching the slapd daemon with > > /usr/libexec/slapd -d 7 > > I can issue a few commands that are apparently successful: > > # ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts -LLL > dn: > namingContexts: dc=owns4,dc=com > > # ldapwhoami -x -H ldap://myipaddress > anonymous > > myipaddress is the IP address of the system where I am issuing the > commands, which is the same as where the OpenLDAP daemon is running. > > However, the next command is not successful: > > # ldapwhoami -x -H ldap://myipaddress -D "dc=owns4,dc=com" -w xyzabc > ldap_bind: Invalid credentials (49) > > It elicits the following output from slapd: > > 59b4713e slap_listener_activate(7): > 59b4713e >>> slap_listener(ldap:///) > 59b4713e connection_get(13) > 59b4713e connection_get(13): got connid=1001 > 59b4713e connection_read(13): checking for input on id=1001 > ber_get_next > ldap_read: want=8, got=8 > 0000: 30 21 02 01 01 60 1c 02 0!...`.. > > ldap_read: want=27, got=27 > 0000: 01 03 04 0f 64 63 3d 6f 77 6e 73 34 2c 64 63 3d > ....dc=owns4,dc= > 0010: 63 6f 6d 80 06 78 79 7a 61 62 63 com..xyzabc > > ber_get_next: tag 0x30 len 33 contents: > 59b4713e op tag 0x60, time 1504997694 > ber_get_next > ldap_read: want=8 error=Resource temporarily unavailable > 59b4713e conn=1001 op=0 do_bind > ber_scanf fmt ({imt) ber: > ber_scanf fmt (m}) ber: > 59b4713e >>> dnPrettyNormal: <dc=owns4,dc=com> > => ldap_bv2dn(dc=owns4,dc=com,0) > <= ldap_bv2dn(dc=owns4,dc=com)=0 > => ldap_dn2bv(272) > <= ldap_dn2bv(dc=owns4,dc=com)=0 > => ldap_dn2bv(272) > <= ldap_dn2bv(dc=owns4,dc=com)=0 > 59b4713e <<< dnPrettyNormal: <dc=owns4,dc=com>, <dc=owns4,dc=com> > 59b4713e do_bind: version=3 dn="dc=owns4,dc=com" method=128 > 59b4713e ==> bdb_bind: dn: dc=owns4,dc=com > 59b4713e bdb_dn2entry("dc=owns4,dc=com") > 59b4713e => bdb_dn2id("dc=owns4,dc=com") > 59b4713e <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair > found > (-30988) > 59b4713e send_ldap_result: conn=1001 op=0 p=3 > 59b4713e send_ldap_result: err=49 matched="" text="" > 59b4713e send_ldap_response: msgid=1 tag=97 err=49 > ber_flush2: 14 bytes to sd 13 > ldap_write: want=14, written=14 > 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... > > 59b4713e connection_get(13) > 59b4713e connection_get(13): got connid=1001 > 59b4713e connection_read(13): checking for input on id=1001 > ber_get_next > ldap_read: want=8, got=7 > 0000: 30 05 02 01 02 42 00 0....B. > > ber_get_next: tag 0x30 len 5 contents: > 59b4713e op tag 0x42, time 1504997694 > ber_get_next > ldap_read: want=8, got=0 > > 59b4713e ber_get_next on fd 13 failed errno=0 (Success) > 59b4713e conn=1001 op=1 do_unbind > 59b4713e connection_close: conn=1001 sd=13 > > Isn't the argument to -w in this command supposed to be the same as the > value of rootpw in slapd.conf? If so, why is this not working? What are the > " > ldap_read: want=8 error=Resource temporarily unavailable" and "bdb_dn2id: > get failed: DB_NOTFOUND: No matching key/data pair found " diagnostics all > about? > > >
