ldapsearch returns Invalid credentials when using a passwdfile
Hello there,
After Configuring LDAP User Stores from the Command Line I like to test the connection with ldapsearch.
When using ldapsearch with the parameter '-W' I was ask for the password, entered it on the command line and got the expected result of my search. Now I put the password into an passwdfile and restricted the file pemissions to read-only access for user root. When I run the search with 'ldapsearch -vvv -h hostname -y passwdfile [...]' and the same parameters from my first search I got the following error:
ldap_initialize( ldap://ldapbackend )
ldap_bind: Invalid credentials (49)
I used VIM to create the passwdfile. It contains nothing else than the password. What is wrong here?
Kind regards,
Joerg K.
Responses
I have successfully used 'ldapsearch ... -y passwdfile...' on both RHEL 5 and RHEL 6; I don't think I've done it on RHEL 7 (I rarely need to use the -y option), but your symptom matches an error I found when I first tried using it a few years ago: the "passwdfile" must not have an end-of-line character.
Are you sure 'vim' didn't add a line ending (\n) character? The password file must contain /only/ the password, and not any EOL character(s).
When I created a single-word file with 'vim' (or 'vi', same behavior), it auto-appended a newline character:
$ vim foo
$ cat foo
bar
$ od -c foo
0000000 b a r \n
0000004
This can be avoided by generating the file with "echo -n (string) > file"
$ echo -n "quux" > baz
$ od -c baz
0000000 q u u x
0000004
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
