Openldap: getting error as ldap_bind: Invalid credentials (49)

Report
Posts
1
Registration date
Monday October 28, 2019
Status
Member
Last seen
October 28, 2019
-
 more_stupidness -
Hi,

we are setting up an hadoop environment in Azure. we are having java 7 installed and below steps which i have completed and getting error while as "ldap_bind: Invalid credentials (49)" doing ldapsearch
1. I have installed openldap-servers.x86_64 openldap-clients.x86_64 krb5-server-ldap.x86_64 cyrus-sasl cyrus-sasl-ldap
2. sudo /bin/grep -q "^%cloudera-scm\ *ALL=NOPASSWD:.*slapd" /etc/sudoers || echo "%cloudera-scm ALL=NOPASSWD:/etc/init.d/slapd , /sbin/service slapd *" | sudo /usr/bin/tee -a /etc/sudoers > /dev/null
3. sudo chkconfig slapd on
4. service slapd start
5. [root@*********** openldap]# slappasswd
New password:
Re-enter new password:
{SSHA}teRNPA8jxcxAPArWAaVNIbh07N33x0WT
6. [root@******* ~]# cd /etc/openldap/
[root@******* openldap]# ls -ltr
total 12
-rw-r--r-- 1 root root 121 Dec 18 2018 check_password.conf
drwxr-xr-x 2 root root 90 Oct 20 01:14 certs
drwxr-xr-x 2 root root 4096 Oct 24 06:19 schema
drwxr-x--- 3 ldap ldap 45 Oct 24 06:19 slapd.d
-rw-r--r-- 1 root root 489 Oct 24 08:18 ldap.conf

7.Create LDAP cn=Manager account in initial DB and update the base dn of your ldap base
root@********* openldap]# cat ldapmanager.ldif
dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=np,dc=bigdata,dc=eqh
-
replace: olcRootDN
olcRootDN: cn=Manager,dc=np,dc=bigdata,dc=eqh
-
add: olcRootPW
olcRootPW: {SSHA}teRNPA8jxcxAPArWAaVNIbh07N33x0WT==> same password setup earlier

8. [root@****** openldap]# sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f ldapmanager.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}bdb,cn=config"
ldap_modify: No such object (32)
matched DN: cn=config
9. [root@******** openldap]# cat changemanageracl.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
-
add: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn.base="cn=Manager,dc=np,dc=bigdata,dc=eqh" manage by * none

10. [root@******* openldap]# sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f changemanageracl.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={0}config,cn=config"

11.we have added the below ldif files
[root@******** cn=schema]# ls -ltrh
total 100K
-rw------- 1 ldap ldap 16K Oct 24 06:19 cn={0}core.ldif
-rw------- 1 ldap ldap 1.4K Oct 25 08:55 cn={1}corba.ldif
-rw------- 1 ldap ldap 12K Oct 25 08:55 cn={2}cosine.ldif
-rw------- 1 ldap ldap 4.5K Oct 25 08:56 cn={3}duaconf.ldif
-rw------- 1 ldap ldap 1.8K Oct 25 08:56 cn={4}dyngroup.ldif
-rw------- 1 ldap ldap 2.9K Oct 25 08:56 cn={5}inetorgperson.ldif
-rw------- 1 ldap ldap 2.7K Oct 25 08:57 cn={6}java.ldif
-rw------- 1 ldap ldap 1.6K Oct 25 08:58 cn={7}misc.ldif
-rw------- 1 ldap ldap 1.4K Oct 25 08:58 cn={8}openldap.ldif
-rw------- 1 ldap ldap 3.9K Oct 25 08:58 cn={9}ppolicy.ldif
-rw------- 1 ldap ldap 1.6K Oct 25 08:59 cn={10}collective.ldif
-rw------- 1 ldap ldap 11K Oct 25 08:59 cn={11}kerberos.ldif
-rw------- 1 ldap ldap 6.5K Oct 27 22:17 org-cn={12}nis.ldif-org
-r--r--r-- 1 root root 9.5K Oct 27 23:05 cn={12}rfc2307bis.ldif

12. [root@****** cn=schema]# service slapd restart ==> started successfully
13. [root@lvmbgmnp1008 ~]# ldapsearch -x -D "cn=Manager,dc=np,dc=bigdata,dc=eqh" -W -H ldapi:// -b dc=np,dc=bigdata,dc=eqh
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

14.
[root@lvmbgmnp1008 openldap]# cat ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

URI ldap://lvmbgmnp1008.np.bigdata.eqh
BASE dc=np,dc=bigdata,dc=eqh
#URI ldaps://localhost
#BINDDN cn=manager,dc=bigdata,dc=eqh
#TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT demand

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

#TLS_CACERTDIR /etc/pki/tls/certs

# Turning this off breaks GSSAPI used with krb5 when rdns = false
#SASL_NOCANON on

1 reply


Just to let you know, no one will answer your question, because it doesn't have an article written to link to, so I will answer it for you:

"ldap_bind: Invalid credentials (49)" = WRONG PASSWORD!