question Re: issue with openldap/kerberos in Archives of Support Questions (Read Only)

issue with openldap/kerberos

avijeetd — Fri, 16 Sep 2022 10:28:23 GMT

Hi All,

I have been trying to setup Openldap following steps

https://github.com/abajwa-hw/security-workshops/blob/master/Setup-OpenLDAP-PAM.md

However getting stuck at this error (also ldapadmin UI doesn't come up)

[root@sandbox ldif]# ldapsearch -W -h localhost -D "cn=admin,dc=hortonworks,dc=com" -b "dc=hortonworks,dc=com" Enter LDAP Password: ldap_bind: Invalid credentials (49)

Please let me know if any more information required. Thanks for any help.

Regards,

Avijeet

Re: issue with openldap/kerberos

ewalk — Sat, 02 Jul 2016 02:04:32 GMT

LDAP 49 errors can mean a lot of different things. Can you please check the logs from the LDAP server for the specific error cause? This is very likely a bad password error...

Atlassian has a good explanation of the different error codes: https://confluence.atlassian.com/kb/common-user-management-errors-820119309.html

Re: issue with openldap/kerberos

avijeetd — Mon, 04 Jul 2016 12:08:22 GMT

Thanks Eric,

I forgot to add the exact error I see in logs (after enabling tracing), It's DB_NOTFOUND: No matching key/data pair found (-30988)

Jun 23 06:06:59 sandbox slapd[17980]: >>> dnPrettyNormal: <cn=admin,dc=hortonworks,dc=com> Jun 23 06:06:59 sandbox slapd[17980]: <<< dnPrettyNormal: <cn=admin,dc=hortonworks,dc=com>, <cn=admin,dc=hortonworks,dc=com> Jun 23 06:06:59 sandbox slapd[17980]: conn=1002 op=0 BIND dn="cn=admin,dc=hortonworks,dc=com" method=128 Jun 23 06:06:59 sandbox slapd[17980]: do_bind: version=3 dn="cn=admin,dc=hortonworks,dc=com" method=128 Jun 23 06:06:59 sandbox slapd[17980]: ==> bdb_bind: dn: cn=admin,dc=hortonworks,dc=com Jun 23 06:06:59 sandbox slapd[17980]: bdb_dn2entry("cn=admin,dc=hortonworks,dc=com") Jun 23 06:06:59 sandbox slapd[17980]: => bdb_dn2id("cn=admin,dc=hortonworks,dc=com") Jun 23 06:06:59 sandbox slapd[17980]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988) Jun 23 06:06:59 sandbox slapd[17980]: send_ldap_result: conn=1002 op=0 p=3 Jun 23 06:06:59 sandbox slapd[17980]: send_ldap_result: err=49 matched="" text="" Jun 23 06:06:59 sandbox slapd[17980]: send_ldap_response: msgid=1 tag=97 err=49 Jun 23 06:06:59 sandbox slapd[17980]: conn=1002 op=0 RESULT tag=97 err=49 text= Jun 23 06:06:59 sandbox slapd[17980]: daemon: activity on 1 descriptor Jun 23 06:06:59 sandbox slapd[17980]: daemon: activity on:

Thanks,

Avijeet

Re: issue with openldap/kerberos

sshimpi — Mon, 04 Jul 2016 12:53:08 GMT

@Avijeet Dash

Can you please check this link and let me know if this helps -

https://community.hortonworks.com/content/kbentry/30653/openldap-setup.html

Re: issue with openldap/kerberos

avijeetd — Mon, 04 Jul 2016 17:37:13 GMT

Thanks Sagar, by doing step#5 and 7 - my openldap started working.

Re: issue with openldap/kerberos

ewalk — Tue, 05 Jul 2016 20:31:53 GMT

That sounds right given the error message.

Re: issue with openldap/kerberos

avijeetd — Thu, 21 Jul 2016 14:29:54 GMT

@Sagar Shimpi Hi Sagar, when I follow all the steps as in this document, I get the below error

[root@sandbox ldap]# ldapsearch –x –b “dc=example,dc=com” SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)

All other commands worked except ldapserach.

Thanks,

Avijeet

Re: issue with openldap/kerberos

avijeetd — Thu, 21 Jul 2016 17:14:01 GMT

@Sagar Shimpi

It worked fine with

ldapsearch -W -h localhost -D "cn=Manager,dc=example,dc=com" -b "dc=example,dc=com"

There is a bug in the document at step 5 - where it says

olcRootDN:cn=Manager,dc=dm,dc=com

It should be

olcRootDN:cn=Manager,dc=example,dc=com

Thanks,

Avijeet

Re: issue with openldap/kerberos

sshimpi — Thu, 21 Jul 2016 17:43:29 GMT

Thanks avijeet. I corrected this.