I am working on a ec2 instance running amazon linux (similar to centos). I have a ldap server set up using open ldap. It appears to be working, but I can only authenticate the admin user, not other users i attempt to add.
If i attempt to test the authentication for the admin users with:
ldapwhoami -x -D "cn=Manager,dc=mydomain,dc=com" -w mypassword
it works just fine. This is a good start!
But I also need to be able to test user authentication. For example I've added a test user tsmith. I attempt to query this user with:
ldapwhoami -x -D "uid=tsmith,ou=users,dc=mydomain,dc=com" -w testuserspassword
I get the response:
ldap_bind: Invalid credentials (49)
I've made sure that the ldap server contains the users and groups that I expect it to. Using "ldapsearch -x -b dc=mydomain,dc=com" i can see the correct users, in the correct groups. The user I'm interested in appears as:
# Test Smith, users, air.local
dn: cn=Test Smith,ou=users,dc=air,dc=local
cn: Test Smith
sn: Smith
objectClass: inetOrgPerson
userPassword:: [password hash here]
uid: tsmith
Does anyone have any tips about what I might be doing wrong?
Best Answer
uid=tsmith,ou=users,dc=mydomain,dc=com
is NOT the DN, that iscn=Test Smith,ou=users,dc=air,dc=local
and you need to use a DN to make a bind with a-D