[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: persisting ldap_bind: Invalid credentials (49)

Maximilian Wilhelm:
> Am Montag, den 23. Mai hub Geert Stappers folgendes in die Tasten:
> 
> Hi!
> 
> > stappers@tw89:~
> > $ ldapsearch -xw foo -D cn=smbadmin,ou=people,dc=gst,dc=stappers,dc=nl \ 
> > -b dc=gst,dc=stappers,dc=nl 
> > ldap_bind: Invalid credentials (49)
> > stappers@tw89:~
> > $
> > 
> 
> Try to add a -ZZ and ensure the ldap is used as hostname, to allow usage
> of SSL.
> As far as I know SSL is force for authenticating.

-ZZ is for TLS. TLS != SSL. If you want to use SSL - do so by issuing a
ldap-url like ldaps://tjener.intern:636  where an ssl-enabled slapd is
listening on port 636, while tls runs with plain ldap on port 389. 

-ZZ can be used with "-H ldap://tjener.intern"; and "-h tjener.intern"
You can check slapd.conf, the ACL for userPassword wether it requires
encrypted connection or not (ssf=128 for example). Allowing/using
non-encrypted bind for authentication or write-request is a bad idea in
general.

-- 
Regards
 
Bjørn Ove Grøtan
Reply to: