我的目標是從命令行測試LDAP身份驗證。我嘗試使用ldapsearch
。ldapsearch - 無效憑證
我使用Centos 6.7
即使我用正確的憑據,下面的命令失敗
[[email protected] html]# ldapsearch -x -h localhost -p 3389 -b "uid=john.martin,ou=Users,dc=company,dc=com" -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
以下命令工作正常,沒有密碼字段。
ldapsearch -x -h localhost -p 3389 -b "uid=john.martin,ou=Users,dc=company,dc=com"
在嘗試提供密碼時有什麼我想念的嗎?我可以請求幫助來找出問題嗎?
修訂
這裏有一個用戶帳戶
ldapsearch -x -h 127.0.0.1 -p 3389 -b "ou=Users,dc=company,dc=com" -s sub | more
# john.martin, Users, company.com
dn: uid=john.martin,ou=Users,dc=company,dc=com
uid: john.martin
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: ldapPublicKey
shadowLastChange: 13306
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 509
homeDirectory: /home/john.martin
mail: [email protected]
gecos: john martin
sshPublicKey:: some key
gidNumber: 87
cn: John Martin
這裏的該結構的搜索特定cn
ldapsearch -h 127.0.0.1 -p 3389 -x -b "dc=company,dc=com" "(&(objectClass=posixGroup)(cn=member_of_this_group))"
# extended LDIF
#
# LDAPv3
# base <dc=company,dc=com> with scope subtree
# filter: (&(objectClass=posixGroup)(cn=member_of_this_group))
# requesting: ALL
#
# member_of_this_group, groups, company.com
dn: cn=member_of_this_group,ou=groups,dc=company,dc=com
objectClass: posixGroup
objectClass: top
cn: member_of_this_group
description:: some characters bla bla
memberUid: john.martin
memberUid: kyle.miller
memberUid: robert.dangie
memberUid: smith.collins
memberUid: ian.bell
gidNumber: 54787
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
你缺少的是正確的密碼。也許該帳戶沒有一個。 – EJP
你好 - 謝謝。該帳戶確實有密碼。當我使用用戶名嘗試ssh到服務器時,它確實接受密碼。這是一個LDAP認證。但是,當我嘗試LDAP搜索時,它不接受相同的密碼 – usert4jju7