| Summary: | slapd don't accept encrypted passwords, it just reply : 'ldap_bind: Invalid credentials (49)' | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | gessy <gessyjr> |
| Component: | [OLD] Unspecified | Assignee: | Robin Johnson <robbat2> |
| Status: | RESOLVED INVALID | ||
| Severity: | major | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
please attach your slapd.conf, and emerge info output.
As a test, put this in your slapd.conf:
rootpw {SSHA}t9uHfJ6OwNI5DQXR8gQ7CYBmP+Q9NL5R
(it's the hash of 'research')
also specify what version of openldap you have installed.
I have used openldap-2.1.30-r2 and I realized that I have this problem when I use the command 'slappasswd -T file' putting the output in the slapd.conf. But when I use just 'slappasswd -s pasword' everything works fine. It makes sense? yup, you hashed an entire file to generate a password. after that it's really hard to enter the password directly to match ;-). |
I have installed my system with kerberos authentication, when I emerged openldap, the slapd cannot accept encrypted password and I tried many kinds of encryption support. PS.: the command 'ldapsearch' and 'ldapsearch -x' works in the same way and 'ldapsearch' should return an error due to encrypted password. If I use clear text password in rootpw and userPassword attribute everything works fine. Reproducible: Always Steps to Reproduce: 1.emerge pam_krb5 nss_ldap pam_ldap 2.emerge openldap 3.configure /etc/openldap/slapd.conf (rootpw {MD5}Password ) and do authenticated search with ldapsearch -x -D"cn=manager,dc=mydomain,dc=com" -W Actual Results: in the stderr: ldap_bind: Invalid credentials (49) and in the slapd.log: slapd[22558]: conn=1 op=0 RESULT tag=97 err=49 text Expected Results: The software Openldap should accept encrypted passwords in the slapd.conf and in the attribute userPassword, performing search in the database.