Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Simple Bind failed error invalid credentials message

807573Jun 21 2004
I am trying to connect to a DS5.2 patch 2 on a Solaris 8 server but receive the simple bind failed invalid credentials error message. This is a strange message in that as I monitor the progress of the bind and authorization attempts via snoop and truss, I see all kinds of interaction between the DS server and the client.

I have patched both the client and server as current as possible to include 108993-36.

I've added the following to the ns_ldap_service_auth_method:

pam_ldap:simple
passwd_cmd:simple

also:

ns_ldap_auth = simple and ns_ldap_credential_level = proxy

I haven't created any tls credential yet (could this be what the error message is referring to?)

The actual message reads:

login: libsldap: status: 49 Mesg: openConnection: Simple Bind failed - Invalid Credentials.

When I run the login command, I am prompted for a password followed by another prompt for the LDAP password. After entering the LDAP password, login recycles and prompts me for a userid.

another thing: from the output of the ldap_cachmgr -g command includes the following lines:

server = none, status ERROR
error message: can't connect to the LDAP server
it lists the correct server ip adress, and status: up

but again, if I look at the access log on the server, I see all kinds of interaction, including the login information and correct passwords of both the proxyagent and user I am trying to login as.

As far as pam.conf, I have it configured as per page 268 of the Solaris 9 Naming administration guide for PAM_LDAP: (I used this as I am configuring for DS 5.2 and all other versions of Solaris documentation refers to 5.1)

login auth required pam_authtok_get.so.1
login auth required dhkeys.so.1
login auth required dial_auth.so.1
login auth sufficient pam_unix_auth.so.1 debug
login auth required pam_ldap_get.so.1 try_first_pass debug

...

other account requisite pam_roles.so.1
other account required pam_projects.so.1
other account binding pam_unix_account.so.1 server_policy
other account optional pam_ldap_so.1 debug
...

Any help would be greatly appreciated,
Thanks in advance
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jul 19 2004
Added on Jun 21 2004
#identity-management, #oracle-unified-directory-oud-oracle-directory-server-enterprise-edition-sun-dsee
0 comments
679 views