Thread: ldapadd error

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Posts
    4
    Rep Power
    0

    ldapadd error


    Hi,

    I can't add entries to ldap
    When I run ldapadd, it returns this error:

    /usr/bin/ldapadd -x -D "cn="Manager,dc=example,dc=com" -W -f example.ldif
    Enter LDAP Password:
    ldap_bind: Invalid credentials (49)


    And returns another error when i drop -x

    ldapadd -D "cn=Manager,dc=example,dc=com" -w openldap -f example.ldif
    (OR ldapadd -D "cn=Manager,dc=example,dc=com" -W -f example.ldif)
    SASL/GSSAPI authentication started
    ldap_sasl_interactive_bind_s: Local error (82)
    additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous



    example.ldif
    --------------------------------------------------
    dn:dc=example,dc=com
    objectclass:dcObject
    objectclass: organization
    o:Example Company
    dc:example
    dn:cn=Manager,dc=example,dc=com
    objectclass: organizationalRole
    cn:Manager
    userPassword:{MD5}rssBNsI8slRlLAErpm5eVw==
    ---------------------------------------------------

    slapd.conf
    ---------------------------------------------------
    # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 ku
    rt Exp $
    #
    # See slapd.conf(5) for details on configuration options.
    # This file should NOT be world readable.
    #
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/nis.schema
    include /etc/openldap/schema/redhat/autofs.schema

    # Allow LDAPv2 client connections. This is NOT the default.
    allow bind_v2

    # Do not enable referrals until AFTER you have a working directory
    # service AND an understanding of referrals.
    #referral ldap://root.openldap.org

    pidfile /var/run/slapd.pid
    #argsfile //var/run/slapd.args
    # Load dynamic backend modules:
    # modulepath /usr/sbin/openldap
    # moduleload back_bdb.la
    # moduleload back_ldap.la
    # moduleload back_ldbm.la
    # moduleload back_passwd.la
    # moduleload back_shell.la

    # The next three lines allow use of TLS for connections using a dummy test
    # certificate, but you should generate a proper certificate by changing to
    # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
    # slapd.pem so that the ldap user or group can read it.
    # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
    # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
    # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

    # Sample security restrictions
    # Require integrity protection (prevent hijacking)
    # Require 112-bit (3DES or better) encryption for updates
    # Require 63-bit encryption for simple bind
    # security ssf=1 update_ssf=112 simple_bind=64
    # Sample access control policy:
    # Root DSE: allow anyone to read it
    # Subschema (sub)entry DSE: allow anyone to read it
    # Other DSEs:
    # Allow self write access
    # Allow authenticated users read access
    # Allow anonymous users to authenticate
    # Directives needed to implement policy:
    # access to dn.base="" by * read
    # access to dn.base="cn=Subschema" by * read
    # access to *
    # by self write
    # by users read
    # by anonymous auth
    #
    # if no access controls are present, the default policy is:
    # Allow read by all
    #
    # rootdn can always write!

    #######################################################################
    # ldbm and/or bdb database definitions
    #######################################################################

    password-hash {MD5}
    #database ldbm
    database bdb
    suffix "dc=example,dc=com"
    rootdn "cn=Manager,dc=example,dc=com"
    rootpw {MD5}rssBNsI8slRlLAErpm5eVw==
    # Cleartext passwords, especially for the rootdn, should
    # be avoided. See slappasswd(8) and slapd.conf(5) for details.
    # Use of strong authentication encouraged.
    #rootpw secret
    #rootpw {crypt}ijFYNcSNctBYg

    # The database directory MUST exist prior to running slapd AND
    # should only be accessible by the slapd and slap tools.
    # Mode 700 recommended.
    directory /var/lib/ldap

    # Indices to maintain for this database
    index objectClass eq,pres
    index ou,cn,mail,surname,givenname eq,pres,sub
    index uidNumber,gidNumber,loginShell eq,pres
    index uid,memberUid eq,pres,sub
    index nisMapName,nisMapEntry eq,pres,sub
    # Replicas of this database
    #replogfile /var/lib/ldap/openldap-master-replog
    #replica host=ldap-1.example.com:389 tls=yes
    # bindmethod=sasl saslmech=GSSAPI
    # authcId=host/ldap-master.example.com@EXAMPLE.COM

    -----------------------------------------------------------

    Please help me out

    thanks!!
  2. #2
  3. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    Originally Posted by daisywu
    Hi,
    /usr/bin/ldapadd -x -D "cn="Manager,dc=example,dc=com" -W -f example.ldif
    Enter LDAP Password:
    ldap_bind: Invalid credentials (49)
    Your password is incorrect.

    Originally Posted by daisywu
    rootdn "cn=Manager,dc=example,dc=com"
    rootpw {MD5}rssBNsI8slRlLAErpm5eVw==
    Try setting rootpw to a plaintext password then see if you can log in, if so take that password and MD5 it and put the MD5 hash there.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Posts
    4
    Rep Power
    0
    I set rootpw to a plaintext , but the msg is the same.
  6. #4
  7. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    perhaps try entering it on the command line

    /usr/bin/ldapadd -x -D "cn="Manager,dc=example,dc=com" -w passwordgoeshere -h yourhost.com

    (take off the ldif till you figure it out)

    Maybe it's trying to access a different server doesn't hurt to add a -h yourhost.com it can be an ip or localhost or whatever. Try different combanations. If still having problems post back.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Posts
    4
    Rep Power
    0
    Thank you ..
    The pwd error is OK!!
    but, still have another error :

    [root@king bin]# ./ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif
    Enter LDAP Password:
    adding new entry "dc=example,dc=com"
    ldapadd: update failed: dc=example,dc=com
    ldap_add: Undefined attribute type (17)
    additional info: dn: attribute type undefined



    and my example.ldif
    =======================
    dn:dc=example,dc=com
    objectclass:dcObject
    objectclass: organization
    o:Example Company
    dc:example
    dn:cn=Manager,dc=example,dc=com
    objectclass: organizationalRole
    cn:Manager
    =======================

    What's wrong ?
  10. #6
  11. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    Put a hard enter between entries.

    Code:
    dn:dc=example,dc=com
    objectclass:dcObject
    objectclass: organization
    o:Example Company
    dc:example
    
    dn:cn=Manager,dc=example,dc=com
    objectclass: organizationalRole
    cn:Manager
    There always has to be at least one newline between entries.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Posts
    4
    Rep Power
    0
    Thank you very much !!
    It's OK to insert entries ~
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2009
    Posts
    1
    Rep Power
    0
    Originally Posted by daisywu
    Thank you very much !!
    It's OK to insert entries ~
    hi daisywu..i am having exactly the same problem with ldapadd..
    could u kindly explain in detail how you solved this problem?
    thanks

IMN logo majestic logo threadwatch logo seochat tools logo