Ubuntu
openldap package

ldapsearch -y option does not work

Bug #582812 reported by أحمد المحمودي (Ahmed El-Mahmoudy)
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
Invalid
Low
Unassigned

Bug Description

sudo ldapsearch -y /etc/ldap.secrets -D <mybinddn> -b <search base> -xH "ldap://localhost"

 does not work, as I get this error:
ldap_bind: Invalid credentials (49)

yet, if I run:

sudo ldapsearch -w $(sudo cat /etc/ldap.secrets) -D <mybinddn> -b <search base> -xH "ldap://localhost"

it works. So that rules out the possibility that /etc/ldap.secrets has a wrong password.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: ldap-utils 2.4.21-0ubuntu5
ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic i686
Architecture: i386
Date: Wed May 19 15:17:42 2010
ProcEnviron:
 LANGUAGE=en_US:en
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: openldap

Revision history for this message
أحمد المحمودي (Ahmed El-Mahmoudy) (aelmahmoudy) wrote :
Revision history for this message
Adam Sommer (asommer) wrote :

Thank you for reporting this bug and making Ubuntu better. Did you create the /etc/ldap.secrets file using a text editor such as Vim or nano? If so the editor probably added a CR or LF to the end of the line. If there is such characters the ldap utilities won't recognize the string as a legit password.

Can you try creating /etc/ldap.secrets using:

  sudo sh -c "echo -n 'secret' > /etc/ldap.secrets"

Replacing 'secret' with your correct password. Then retry your ldapsearch commands. Using echo with the -n will not add new line characters.

Revision history for this message
C de-Avillez (hggdh2) wrote :

Marking Incomplete/Low, waiting for feedback from OP.

Changed in openldap (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
أحمد المحمودي (Ahmed El-Mahmoudy) (aelmahmoudy) wrote :

I tried creating the ldap.secrets using echo -n 'passwd' > /etc/ldap.secrets , but still I get the error:

ldap_bind: Invalid credentials (49)

Changed in openldap (Ubuntu):
status: Incomplete → New
Revision history for this message
أحمد المحمودي (Ahmed El-Mahmoudy) (aelmahmoudy) wrote :

Btw, I don't think that vim would create a CR or LF unless I actually press enter at the end of the line.

Revision history for this message
أحمد المحمودي (Ahmed El-Mahmoudy) (aelmahmoudy) wrote :

Sorry, you are right ! The file is actually ldap.secret (not secrets) !

Changed in openldap (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.