Openldap: getting error as ldap_bind: Invalid credentials (49)

Hi,

we are setting up an hadoop environment in Azure. we are having java 7 installed and below steps which i have completed and getting error while as "ldap_bind: Invalid credentials (49)" doing ldapsearch

1. I have installed openldap-servers.x86_64 openldap-clients.x86_64 krb5-server-ldap.x86_64 cyrus-sasl cyrus-sasl-ldap

sudo /bin/grep -q "^%cloudera-scm\ *ALL=NOPASSWD:.*slapd" /etc/sudoers || echo "%cloudera-scm ALL=NOPASSWD:/etc/init.d/slapd , /sbin/service slapd *" | sudo /usr/bin/tee -a /etc/sudoers > /dev/null

3. sudo chkconfig slapd on
4. service slapd start

 [root@*********** openldap]# slappasswd
New password:
Re-enter new password:
{SSHA}teRNPA8jxcxAPArWAaVNIbh07N33x0WT

 [root@******* ~]# cd /etc/openldap/
[root@******* openldap]# ls -ltr
total 12
-rw-r--r-- 1 root root  121 Dec 18  2018 check_password.conf
drwxr-xr-x 2 root root   90 Oct 20 01:14 certs
drwxr-xr-x 2 root root 4096 Oct 24 06:19 schema
drwxr-x--- 3 ldap ldap   45 Oct 24 06:19 slapd.d
-rw-r--r-- 1 root root  489 Oct 24 08:18 ldap.conf

7.Create LDAP cn=Manager account in initial DB and update the base dn of your ldap base

root@********* openldap]# cat ldapmanager.ldif
dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=np,dc=bigdata,dc=eqh
-
replace: olcRootDN
olcRootDN: cn=Manager,dc=np,dc=bigdata,dc=eqh
-
add: olcRootPW
olcRootPW: {SSHA}teRNPA8jxcxAPArWAaVNIbh07N33x0WT==> same password setup earlier

[root@****** openldap]# sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f ldapmanager.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}bdb,cn=config"
ldap_modify: No such object (32)
        matched DN: cn=config

 [root@******** openldap]# cat changemanageracl.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
-
add: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn.base="cn=Manager,dc=np,dc=bigdata,dc=eqh" manage by * none

 [root@******* openldap]# sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f changemanageracl.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={0}config,cn=config"

11.we have added the below ldif files

[root@******** cn=schema]# ls -ltrh
total 100K
-rw------- 1 ldap ldap  16K Oct 24 06:19 cn={0}core.ldif
-rw------- 1 ldap ldap 1.4K Oct 25 08:55 cn={1}corba.ldif
-rw------- 1 ldap ldap  12K Oct 25 08:55 cn={2}cosine.ldif
-rw------- 1 ldap ldap 4.5K Oct 25 08:56 cn={3}duaconf.ldif
-rw------- 1 ldap ldap 1.8K Oct 25 08:56 cn={4}dyngroup.ldif
-rw------- 1 ldap ldap 2.9K Oct 25 08:56 cn={5}inetorgperson.ldif
-rw------- 1 ldap ldap 2.7K Oct 25 08:57 cn={6}java.ldif
-rw------- 1 ldap ldap 1.6K Oct 25 08:58 cn={7}misc.ldif
-rw------- 1 ldap ldap 1.4K Oct 25 08:58 cn={8}openldap.ldif
-rw------- 1 ldap ldap 3.9K Oct 25 08:58 cn={9}ppolicy.ldif
-rw------- 1 ldap ldap 1.6K Oct 25 08:59 cn={10}collective.ldif
-rw------- 1 ldap ldap  11K Oct 25 08:59 cn={11}kerberos.ldif
-rw------- 1 ldap ldap 6.5K Oct 27 22:17 org-cn={12}nis.ldif-org
-r--r--r-- 1 root root 9.5K Oct 27 23:05 cn={12}rfc2307bis.ldif

 [root@****** cn=schema]# service slapd restart ==> started successfully 

 [root@lvmbgmnp1008 ~]# ldapsearch -x -D "cn=Manager,dc=np,dc=bigdata,dc=eqh" -W -H ldapi://  -b dc=np,dc=bigdata,dc=eqh
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

[root@lvmbgmnp1008 openldap]# cat ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

URI ldap://lvmbgmnp1008.np.bigdata.eqh
BASE    dc=np,dc=bigdata,dc=eqh
#URI     ldaps://localhost
#BINDDN cn=manager,dc=bigdata,dc=eqh
#TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT demand

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

#TLS_CACERTDIR  /etc/pki/tls/certs

# Turning this off breaks GSSAPI used with krb5 when rdns = false
#SASL_NOCANON   on

Please post the exact command you ran and the error message your saw.

Thanks.

Hi Neo,
whatever password i have set it up during SLAPPASSWD same password i have given on olcRootPW in ldapmanager.ldif . but i was trying to do add the ldapbase at that time it was asking for ldap password and when i was trying to give the same password its not taking .please find the below details

[root@******** openldap]# ldapadd -x -D "cn=Manager,dc=np,dc=bigdata,dc=eqh" -W -H ldapi:// -f ldapbase.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

[root@******** openldap]# cat ldapbase.ldif
dn: dc=np,dc=bigdata,dc=eqh
changetype: add
objectClass: dcObject
objectClass: organization
dc: bigdata
o: bigdata

dn: ou=Services,dc=np,dc=bigdata,dc=eqh
objectClass: organizationalUnit
ou: Services

dn: uid=cloudera-service,ou=Services,dc=np,dc=bigdata,dc=eqh
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Cloudera service account
sn: Cloudera service account
uid: cloudera-service
userPassword: Y2xvdWRlcmE=

dn: ou=Kerberos,dc=np,dc=bigdata,dc=eqh
changetype: add
objectClass: organizationalRole
objectClass: top
cn: Kerberos Realms
ou: Kerberos

dn: cn=kdc-service,ou=Services,dc=np,dc=bigdata,dc=eqh
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: kdc-service
sn: KDC Service
userPassword: {SSHA}twkthDCFWL/KNzcIWpxb6OjLlw6+RoVI

dn: cn=adm-service,ou=Services,dc=np,dc=bigdata,dc=eqh
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: adm-service
sn: KDC Adm Service
userPassword: {SSHA}twkthDCFWL/KNzcIWpxb6OjLlw6+RoVI

dn: ou=Users,dc=np,dc=bigdata,dc=eqh
objectClass: organizationalUnit
ou: Users

LDAPSEARCH also not working getting the same error
**********************************************************************
[root@******** ~]# ldapsearch -x -D "cn=Manager,dc=np,dc=bigdata,dc=eqh" -W -H ldapi://  -b dc=np,dc=bigdata,dc=eqh
Enter LDAP Password:
ldap_bind: Invalid credentials (49)