I am trying to configure Openldap v2.4 on Centos 7. I have installed slapd
and have configuring the server. I have generated the password and add to my configuration via the modify command. This all work fine and I can add to the service and enter my password when prompted. The problem I have is when I restart the service via systemctl restart/start slapd
that my password is not recognised. I get the following error:
ldapadd -x -W -D "cn=ldapadm,dc=nrdevopspoc,dc=com" -f base.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
What am I missing here?
I basically performed the following steps:
yum install openldap openldap-servers openldap-clients
I then started the system via systemctl start slapd
.
I then set the slapd password via slappasswd and copied the SSHA key.
I then created a db configuration file with the following:
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=itzgeek,dc=local
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=itzgeek,dc=local
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}d/thexcQUuSfe3rx3gRaEhHpNJ52N8D3
I then modify the ldap db by
ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
This worked fine and accepted the password. At this point I restarted the slapd service via systemctl restart slapd
.
Whenever I run a modify command again I get invalid credentials and it doesn't accept my ldap password as it did before the restart.
Best Answer
According to your edit:
You should be using
cn=ldapadm,dc=itzgeek,dc=local
as your binddn, notcn=ldapadm,dc=nrdevopspoc,dc=com
. That is, if your "base.ldif" file is trying to modifyitzgeek,dc=local
.If you're trying to do more
cn=config
manipulation, you should still be usingldapmodify -Y EXTERNAL -H ldapi:///
, as it doesn't seem like you've replaced the defaultcn=config
access control.