How to Fix ldap_bind: Invalid credentials (49) error on RHEL9?
by Mo_ from LinuxQuestions.org on (#6MDCV)
Hi Community,
I installed and configured openldap on a server. However, I am getting "ldap_bind: Invalid credentials (49)" when I run the ldapadd or ldapsearch command. I am a visual learner, so I couldn't find a video about setting up OpenLDAP in RHEL9. I am using the developer version. The documentation I found on the Red Hat website was for RHEL7. I have been reviewing a lot of documentation to configure the LDAP, so I need something else. I tried to configure it a few months ago, then gave up. I started from scratch yesterday. Here are the steps I took.
1. I installed openldap-server
2. There wasn't a DB_CONFIG.example file in /usr/share/openldap-servers/ to copy to /var/lib/ldap/ so I created DB_CONFIG from scratch and changed ownership to ldap. Below is the content of the file.
Code:# Example DB_CONFIG file for OpenLDAP
# Set the size of the database caches (in bytes)
set_cachesize 0 52428800 1
# Set the maximum size of the database (in bytes)
set_lg_max 10485760
# Set the maximum number of locks
set_lk_max_objects 1500
set_lk_max_locks 1500
set_lk_max_lockers 15003. Ran command ldapmodify -Y EXTERNAL -H ldapi:/// -a -f /etc/openldap/schema/cosine.ldif
4. Ran command ldapmodify -Y EXTERNAL -H ldapi:/// -a -f /etc/openldap/schema/nis.ldif
5. Ran command ldapmodify -Y EXTERNAL -H ldapi:/// -a -f /etc/openldap/schema/inetorgperson.ldif
6. Created domain. ldif file and added the contents below
Code:dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=homelab,dc=local7. Ran command ldapmodify -Y EXTERNAL -H ldapi:/// -f domain.ldif
8. ran the command "slappasswd -s myPassword"
9. I created the admin_password.ldif file and added the contents below.
Code:dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}abcdefgh12345678910. Ran command "ldapmodify -Y EXTERNAL -H ldapi:/// -f admin_password.ldif"
11. started and enabled slapd.service
12. I created the test.ldif and added the contents below. Initially, I didn't add the password.
Code:dn: dc=homelab,dc=local
objectClass: top
objectClass: dcObject
objectclass: organization
o: Home Lab
dc: homelab
dn: cn=admin,dc=homelab,dc=local
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: {SSHA}abcdefgh12345678913.With is this command ldapadd -x -D cn=admin,dc=homelab,dc=local -W -f test.ldif I am getting the below error.
Code:[root@ldap openldap]# ldapadd -x -D cn=admin,dc=homelab,dc=local -W -f /etc/openldap/test.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)I updated the password and added an updated hash to the file. I thought I mistyped the password initially, but I'm still getting the error. I get the same error if I run "ldapsearch -x -D "cn=admin,dc=homelab,dc=local" -W -b "dc=homelab,dc=local" -H ldapi:///."I exhausted all of my options and can't figure it out. Though I wrote down all of the above steps yesterday, today I reset the server and started again, but still getting same error. I am including log file information. Do you happen to know what the issue could be? Appreciate your help!
Code:Apr 27 09:39:49 ldap-server-01 slapd[3938]: conn=1009 fd=13 ACCEPT from IP=[::1]:50366 (IP=[::]:389)
Apr 27 09:39:49 ldap-server-01 slapd[3938]: conn=1009 op=0 BIND dn="cn=admin,dc=homelab,dc=local" method=128
Apr 27 09:39:49 ldap-server-01 slapd[3938]: conn=1009 op=0 RESULT tag=97 err=49 qtime=0.000060 etime=0.002148 text=
Apr 27 09:39:49 ldap-server-01 slapd[3938]: conn=1009 op=1 UNBIND
Apr 27 09:39:49 ldap-server-01 slapd[3938]: conn=1009 fd=13 closed
Apr 27 09:40:05 ldap-server-01 slapd[3938]: conn=1010 fd=13 ACCEPT from PATH=/var/run/ldapi (PATH=/var/run/ldapi)
Apr 27 09:40:05 ldap-server-01 slapd[3938]: conn=1010 op=0 BIND dn="cn=admin,dc=homelab,dc=local" method=128
Apr 27 09:40:05 ldap-server-01 slapd[3938]: conn=1010 op=0 RESULT tag=97 err=49 qtime=0.000076 etime=0.002036 text=
Apr 27 09:40:05 ldap-server-01 slapd[3938]: conn=1010 op=1 UNBIND
Apr 27 09:40:05 ldap-server-01 slapd[3938]: conn=1010 fd=13 closed
I installed and configured openldap on a server. However, I am getting "ldap_bind: Invalid credentials (49)" when I run the ldapadd or ldapsearch command. I am a visual learner, so I couldn't find a video about setting up OpenLDAP in RHEL9. I am using the developer version. The documentation I found on the Red Hat website was for RHEL7. I have been reviewing a lot of documentation to configure the LDAP, so I need something else. I tried to configure it a few months ago, then gave up. I started from scratch yesterday. Here are the steps I took.
1. I installed openldap-server
2. There wasn't a DB_CONFIG.example file in /usr/share/openldap-servers/ to copy to /var/lib/ldap/ so I created DB_CONFIG from scratch and changed ownership to ldap. Below is the content of the file.
Code:# Example DB_CONFIG file for OpenLDAP
# Set the size of the database caches (in bytes)
set_cachesize 0 52428800 1
# Set the maximum size of the database (in bytes)
set_lg_max 10485760
# Set the maximum number of locks
set_lk_max_objects 1500
set_lk_max_locks 1500
set_lk_max_lockers 15003. Ran command ldapmodify -Y EXTERNAL -H ldapi:/// -a -f /etc/openldap/schema/cosine.ldif
4. Ran command ldapmodify -Y EXTERNAL -H ldapi:/// -a -f /etc/openldap/schema/nis.ldif
5. Ran command ldapmodify -Y EXTERNAL -H ldapi:/// -a -f /etc/openldap/schema/inetorgperson.ldif
6. Created domain. ldif file and added the contents below
Code:dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=homelab,dc=local7. Ran command ldapmodify -Y EXTERNAL -H ldapi:/// -f domain.ldif
8. ran the command "slappasswd -s myPassword"
9. I created the admin_password.ldif file and added the contents below.
Code:dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}abcdefgh12345678910. Ran command "ldapmodify -Y EXTERNAL -H ldapi:/// -f admin_password.ldif"
11. started and enabled slapd.service
12. I created the test.ldif and added the contents below. Initially, I didn't add the password.
Code:dn: dc=homelab,dc=local
objectClass: top
objectClass: dcObject
objectclass: organization
o: Home Lab
dc: homelab
dn: cn=admin,dc=homelab,dc=local
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: {SSHA}abcdefgh12345678913.With is this command ldapadd -x -D cn=admin,dc=homelab,dc=local -W -f test.ldif I am getting the below error.
Code:[root@ldap openldap]# ldapadd -x -D cn=admin,dc=homelab,dc=local -W -f /etc/openldap/test.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)I updated the password and added an updated hash to the file. I thought I mistyped the password initially, but I'm still getting the error. I get the same error if I run "ldapsearch -x -D "cn=admin,dc=homelab,dc=local" -W -b "dc=homelab,dc=local" -H ldapi:///."I exhausted all of my options and can't figure it out. Though I wrote down all of the above steps yesterday, today I reset the server and started again, but still getting same error. I am including log file information. Do you happen to know what the issue could be? Appreciate your help!
Code:Apr 27 09:39:49 ldap-server-01 slapd[3938]: conn=1009 fd=13 ACCEPT from IP=[::1]:50366 (IP=[::]:389)
Apr 27 09:39:49 ldap-server-01 slapd[3938]: conn=1009 op=0 BIND dn="cn=admin,dc=homelab,dc=local" method=128
Apr 27 09:39:49 ldap-server-01 slapd[3938]: conn=1009 op=0 RESULT tag=97 err=49 qtime=0.000060 etime=0.002148 text=
Apr 27 09:39:49 ldap-server-01 slapd[3938]: conn=1009 op=1 UNBIND
Apr 27 09:39:49 ldap-server-01 slapd[3938]: conn=1009 fd=13 closed
Apr 27 09:40:05 ldap-server-01 slapd[3938]: conn=1010 fd=13 ACCEPT from PATH=/var/run/ldapi (PATH=/var/run/ldapi)
Apr 27 09:40:05 ldap-server-01 slapd[3938]: conn=1010 op=0 BIND dn="cn=admin,dc=homelab,dc=local" method=128
Apr 27 09:40:05 ldap-server-01 slapd[3938]: conn=1010 op=0 RESULT tag=97 err=49 qtime=0.000076 etime=0.002036 text=
Apr 27 09:40:05 ldap-server-01 slapd[3938]: conn=1010 op=1 UNBIND
Apr 27 09:40:05 ldap-server-01 slapd[3938]: conn=1010 fd=13 closed