Groups | Search | Server Info | Login | Register

Groups > comp.protocols.kerberos > #5428

bind to LDAP server produces "invalid credentials" error

Show all headers | View raw

On Thu, Aug 21, 2025 at 10:56 AM Greg Hudson <ghudson@mit.edu> wrote:
>
> On 8/20/25 23:43, Travis Bean wrote:
> > “Cannot bind to LDAP server ldapi:/// as
> > ‘cn=kdc-srv,cn=krbContainer,dc=example,dc=local’: Invalid credentials
> > - while initializing database.”
>
> This means libkdb_ldap called ldap_sasl_bind_s() and got back an
> LDAP_INVALID_CREDENTIALS response, most likely indicating that the LDAP
> server didn't match the password from the service stash file.

I found out that krb5-admin-server is failing with the exact same
error as krb5-kdc. This time krb5-admin-server references
cn=adm-srv,cn=krbContainer,dc=example,dc=local, which is referenced in
my krb5.conf as ldap_kadmind_dn as well as referenced by
kdb5_ldap_util for my service stash file.

When attempting to start krb5-admin-server and krb5-kdc, syslog
doesn't log anything substantial—it only logs "Failed with result
'exit-code'."

If this is a problem with my service stash file, how do I fix this? I
double-checked the kdb5_ldap_util syntax for creating the service
stash file, and there are no errors on my part.

My OpenLDAP/Kerberos code used to work just fine in the past. My test
Bash script is part of a larger project located at
launchpad.net/linuxha. Nothing substantial has changed with my
OpenLDAP/Kerberos Bash code for LinuxHA. In fact, all minor changes,
such as an upgraded krb5.conf, were rolled back to a previous revision
for testing, but to no avail.

Kind regards,

Travis Bean

Back to comp.protocols.kerberos | Previous | Next | Find similar

Thread

bind to LDAP server produces "invalid credentials" error Travis Bean <tbean74@gmail.com> - 2025-08-22 09:52 -0700

csiph-web