I have installed my system with kerberos authentication, when I emerged openldap, the slapd cannot accept encrypted password and I tried many kinds of encryption support. PS.: the command 'ldapsearch' and 'ldapsearch -x' works in the same way and 'ldapsearch' should return an error due to encrypted password. If I use clear text password in rootpw and userPassword attribute everything works fine. Reproducible: Always Steps to Reproduce: 1.emerge pam_krb5 nss_ldap pam_ldap 2.emerge openldap 3.configure /etc/openldap/slapd.conf (rootpw {MD5}Password ) and do authenticated search with ldapsearch -x -D"cn=manager,dc=mydomain,dc=com" -W Actual Results: in the stderr: ldap_bind: Invalid credentials (49) and in the slapd.log: slapd[22558]: conn=1 op=0 RESULT tag=97 err=49 text Expected Results: The software Openldap should accept encrypted passwords in the slapd.conf and in the attribute userPassword, performing search in the database.
please attach your slapd.conf, and emerge info output. As a test, put this in your slapd.conf: rootpw {SSHA}t9uHfJ6OwNI5DQXR8gQ7CYBmP+Q9NL5R (it's the hash of 'research') also specify what version of openldap you have installed.
I have used openldap-2.1.30-r2 and I realized that I have this problem when I use the command 'slappasswd -T file' putting the output in the slapd.conf. But when I use just 'slappasswd -s pasword' everything works fine. It makes sense?
yup, you hashed an entire file to generate a password. after that it's really hard to enter the password directly to match ;-).
