I understand this error has been asked quite a few times on Server Fault and I have done some extensive googling, however, I can not, for the life of me, figure out exactly why I am unable to ldapsearch.
My ultimate goal is to use the adLDAP php script on a debian box that is joined to a windows domain through openLDAP. openLDAP works properly on the debian box and I have my domain users able to log in and such. However, any time I try to ldapsearch or run the adLDAP script I receive the same error which is
ldap_bind: Invalid credentials (49)
The ldapsearch I am using is the following:
ldapsearch -D "cn=test" -w Test123 -h DomainCont.example.local -b "dc=example,dc=local" -s sub "(objectclass=*)"
I'm tearing out my hair here. Running the debug parameter doesn't seem to be helping either as it shows
** ld 0x8e6410 Connections:
host: DomainCont.example.local port: 389 (default)
refcnt: 2 status: Connected
last used: Thu Jan 10 12:45:48 2013
Any help would be greatly appreciated.
Best Answer
The server returns the error, so debugging on the client won't help very much. Unfortunately your example may be too obfuscated to troubleshoot; I am going to assume that you really do not have a suffix appended to "cn=test" per your example.
If you're binding to AD,
cn=test
needs to contain the full LDAP path. (in this case,cn=test,ou=container,dc=example,dc=local
)For AD users, you can use an alternate syntax of(edit: they're not actually binding against Active Directory)'DOMAIN\samaccountname'
-- remember that the backslash needs to be escaped if you're not using single quotes.It would be beneficial to review how the system is authenticating against LDAP and try to mirror that as closely as possible. I suggest modifying your post to include those details if this is not helpful.