ldapsearch 提示登录失败(无效凭证(49))

tag-icon tag-icon openldap centos7 ldap
ldapsearch 提示登录失败(无效凭证(49))

我从 LDAP 开始,并尝试逐步配置本教程中的所有内容:http://wiki.openiam.com/pages/viewpage.action?pageId=7635198

但是当我处于第 10 步时:

ldapsearch -h localhost -D "cn=Manager,dc=openiamdemo,dc=com" -w openiam -b "dc=openiamdemo,dc=com" -s sub "objectclass=*"

抛出一个错误(登录错误): ldap_bind: Invalid credentials (49)

我检查了一些 StackOverflow 问题,但并未解决问题。

ldap配置文件文件:

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

TLS_CACERTDIR   /etc/openldap/certs

# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON    on

slapd.conf:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/nis.schema
#
# Added for policy
include     /etc/openldap/schema/ppolicy.schema
#
# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral   ldap://root.openldap.org
#
pidfile     /var/run/openldap/slapd.pid
argsfile    /var/run/openldap/slapd.args
#
# Load dynamic backend modules:
# modulepath    /usr/lib64/openldap
#
# Modules available in openldap-servers-overlays RPM package
# Module syncprov.la is now statically linked with slapd and there
# is no need to load it here
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload denyop.la
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload lastmod.la
# moduleload pcache.la
#
moduleload ppolicy.la
#
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload smbk5pwd.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la
#
# modules available in openldap-servers-sql RPM package:
# moduleload back_sql.la
#
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.  Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
#
# Sample security restrictions
#   Require integrity protection (prevent hijacking)
#   Require 112-bit (3DES or better) encryption for updates
#   Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
#
# Sample access control policy:
#   Root DSE: allow anyone to read it
#   Subschema (sub)entry DSE: allow anyone to read it
#   Other DSEs:
#       Allow self write access
#       Allow authenticated users read access
#       Allow anonymous users to authenticate
#   Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#   by self write
#   by users read
#   by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
#
database    bdb
suffix      "dc=openiamdemo,dc=com"
rootdn      "cn=Manager,dc=openiamdemo,dc=com"
rootpw      {SSHA}fC3sxHp0URvsSNagOwIRBaG1CzJZG3pq
#
#
#
# PPolicy Configuration
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=openiamdemo,dc=com"
ppolicy_use_lockout
ppolicy_hash_cleartext

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory   /var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

我也检查过syslog/var/log,但没有找到有关这方面的内容。

首先,我用生成了 ldap 密码,slappasswd并将 SSHA 包含在内slap.conf

有什么提示可以解决它吗?

PD:我正在使用 CentOS 7,我的openldap目录中有这些文件:

# ls
certs                ldap.conf           ppolicy.ldif  slapd.conf
check_password.conf  ldap.conf.original  schema        slapd.d.original

相关内容