Setting up LDAP

Michael S. Peek peek at tiem.utk.edu
Thu Sep 11 13:28:00 UTC 2008 

Hi guys,

I posted a few days ago w/ a problem re/ LDAP.  And I think the root of 
the problem is that I don't know what I'm doing, but I'm trying to 
figure it out.

I installed ldap-auth-config, entering a password when debconf prompted.

I installed slapd, entering the same password when debconf prompted.

I edited /etc/default/slapd thusly:
> SLAPD_SERVICES="ldap://127.0.0.1:389/ ldap://ldap.my-domain.org:389/ 
> ldaps://ldap.my-domain.org:636/ ldapi:///"

I edited /etc/ldap/slapd.conf and set rootdn and rootpw, using 
'slappasswd -h {md5}' and the same password I entered for the debconf 
prompts above.

I started slapd.

I can run the command:
> $ ldapsearch -x -b 'dc=my-domain,dc=org' 'objectClass=*' # extended LDIF
> #
> # LDAPv3
> # base <dc=my-domain,dc=org> with scope subtree
> # filter: objectClass=*
> # requesting: ALL
> #
>
> # my-domain.org
> dn: dc=my-domain,dc=org
> objectClass: top
> objectClass: dcObject
> objectClass: organization
> o: my-domain.org
> dc: my-domain
>
> # admin, my-domain.org
> dn: cn=admin,dc=my-domain,dc=org
> objectClass: simpleSecurityObject
> objectClass: organizationalRole
> cn: admin
> description: LDAP administrator
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 3
> # numEntries: 2

But I get an error when trying to run the command:
> $ ldapsearch -H ldap://ldap.my-domain.org:389/ -b 
> 'dc=my-domain,dc=org' 'objectClass=*'
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
And entering my password.

I also tried:
> $ ldapsearch -H ldap://ldap.my-domain.org:389/ -b 
> 'cn=admin,dc=my-domain,dc=org' 'objectClass=*'
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Invalid credentials (49)

In the log files, I see the following:
> slapd[17861]: conn=2 op=2 BIND dn="" method=163
> slapd[17861]: SASL [conn=2] Error: unable to open Berkeley db 
> /etc/sasldb2: No such file or directory
> slapd[17861]: SASL [conn=2] Failure: no secret in database
> slapd[17861]: conn=2 op=2 RESULT tag=97 err=49 text=SASL(-13): user 
> not found: no secret in database

Why am I seeing this error?  Why is ldap trying to verify my password 
against /etc/sasldb2 when I set rootpw in the /etc/ldap/slapd.conf?

Thanks for any help you can give,

Michael

More information about the ubuntu-users mailing list