Support Questions
Find answers, ask questions, and share your expertise

issue with openldap/kerberos

Solved Go to solution

issue with openldap/kerberos

Expert Contributor

Hi All,

I have been trying to setup Openldap following steps

https://github.com/abajwa-hw/security-workshops/blob/master/Setup-OpenLDAP-PAM.md

However getting stuck at this error (also ldapadmin UI doesn't come up)

[root@sandbox ldif]# ldapsearch -W -h localhost -D "cn=admin,dc=hortonworks,dc=com" -b "dc=hortonworks,dc=com" Enter LDAP Password: ldap_bind: Invalid credentials (49)

Please let me know if any more information required. Thanks for any help.

Regards,

Avijeet

1 ACCEPTED SOLUTION

Accepted Solutions

Re: issue with openldap/kerberos

8 REPLIES 8

Re: issue with openldap/kerberos

Contributor

LDAP 49 errors can mean a lot of different things. Can you please check the logs from the LDAP server for the specific error cause? This is very likely a bad password error...

Atlassian has a good explanation of the different error codes: https://confluence.atlassian.com/kb/common-user-management-errors-820119309.html

Re: issue with openldap/kerberos

Expert Contributor

Thanks Eric,

I forgot to add the exact error I see in logs (after enabling tracing), It's DB_NOTFOUND: No matching key/data pair found (-30988)

Jun 23 06:06:59 sandbox slapd[17980]: >>> dnPrettyNormal: <cn=admin,dc=hortonworks,dc=com> Jun 23 06:06:59 sandbox slapd[17980]: <<< dnPrettyNormal: <cn=admin,dc=hortonworks,dc=com>, <cn=admin,dc=hortonworks,dc=com> Jun 23 06:06:59 sandbox slapd[17980]: conn=1002 op=0 BIND dn="cn=admin,dc=hortonworks,dc=com" method=128 Jun 23 06:06:59 sandbox slapd[17980]: do_bind: version=3 dn="cn=admin,dc=hortonworks,dc=com" method=128 Jun 23 06:06:59 sandbox slapd[17980]: ==> bdb_bind: dn: cn=admin,dc=hortonworks,dc=com Jun 23 06:06:59 sandbox slapd[17980]: bdb_dn2entry("cn=admin,dc=hortonworks,dc=com") Jun 23 06:06:59 sandbox slapd[17980]: => bdb_dn2id("cn=admin,dc=hortonworks,dc=com") Jun 23 06:06:59 sandbox slapd[17980]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988) Jun 23 06:06:59 sandbox slapd[17980]: send_ldap_result: conn=1002 op=0 p=3 Jun 23 06:06:59 sandbox slapd[17980]: send_ldap_result: err=49 matched="" text="" Jun 23 06:06:59 sandbox slapd[17980]: send_ldap_response: msgid=1 tag=97 err=49 Jun 23 06:06:59 sandbox slapd[17980]: conn=1002 op=0 RESULT tag=97 err=49 text= Jun 23 06:06:59 sandbox slapd[17980]: daemon: activity on 1 descriptor Jun 23 06:06:59 sandbox slapd[17980]: daemon: activity on:

Thanks,

Avijeet

Re: issue with openldap/kerberos

Re: issue with openldap/kerberos

Expert Contributor

Thanks Sagar, by doing step#5 and 7 - my openldap started working.

Re: issue with openldap/kerberos

Contributor

That sounds right given the error message.

Re: issue with openldap/kerberos

Expert Contributor

@Sagar Shimpi Hi Sagar, when I follow all the steps as in this document, I get the below error

[root@sandbox ldap]# ldapsearch –x –b “dc=example,dc=com” SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)

All other commands worked except ldapserach.

Thanks,

Avijeet

Re: issue with openldap/kerberos

Expert Contributor

@Sagar Shimpi

It worked fine with

ldapsearch -W -h localhost -D "cn=Manager,dc=example,dc=com" -b "dc=example,dc=com"

There is a bug in the document at step 5 - where it says

  1. olcRootDN:cn=Manager,dc=dm,dc=com

It should be

  1. olcRootDN:cn=Manager,dc=example,dc=com

Thanks,

Avijeet

Re: issue with openldap/kerberos

Thanks avijeet. I corrected this.