我的目标是从命令行测试LDAP身份验证。我尝试使用ldapsearch
。ldapsearch - 无效凭证
我使用Centos 6.7
即使我用正确的凭据,下面的命令失败
[[email protected] html]# ldapsearch -x -h localhost -p 3389 -b "uid=john.martin,ou=Users,dc=company,dc=com" -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
以下命令工作正常,没有密码字段。
ldapsearch -x -h localhost -p 3389 -b "uid=john.martin,ou=Users,dc=company,dc=com"
在尝试提供密码时有什么我想念的吗?我可以请求帮助来找出问题吗?
修订
这里有一个用户帐户
ldapsearch -x -h 127.0.0.1 -p 3389 -b "ou=Users,dc=company,dc=com" -s sub | more
# john.martin, Users, company.com
dn: uid=john.martin,ou=Users,dc=company,dc=com
uid: john.martin
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: ldapPublicKey
shadowLastChange: 13306
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 509
homeDirectory: /home/john.martin
mail: [email protected]
gecos: john martin
sshPublicKey:: some key
gidNumber: 87
cn: John Martin
这里的该结构的搜索特定cn
ldapsearch -h 127.0.0.1 -p 3389 -x -b "dc=company,dc=com" "(&(objectClass=posixGroup)(cn=member_of_this_group))"
# extended LDIF
#
# LDAPv3
# base <dc=company,dc=com> with scope subtree
# filter: (&(objectClass=posixGroup)(cn=member_of_this_group))
# requesting: ALL
#
# member_of_this_group, groups, company.com
dn: cn=member_of_this_group,ou=groups,dc=company,dc=com
objectClass: posixGroup
objectClass: top
cn: member_of_this_group
description:: some characters bla bla
memberUid: john.martin
memberUid: kyle.miller
memberUid: robert.dangie
memberUid: smith.collins
memberUid: ian.bell
gidNumber: 54787
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
你缺少的是正确的密码。也许该帐户没有一个。 – EJP
你好 - 谢谢。该帐户确实有密码。当我使用用户名尝试ssh到服务器时,它确实接受密码。这是一个LDAP认证。但是,当我尝试LDAP搜索时,它不接受相同的密码 – usert4jju7