On Mon, 2006-01-09 at 17:15 +1100, Peter Kitchener wrote: > Everyone, > > We currently are running a Centos3 directory server, I am currently > testing centos4 as an upgrade of this machine in the future. There is a > special user we have called cn=samba,ou=special in our directory, this > user is for samba to use when binding to the directory. On the > production replica server, i have taken an offline slapcat ldif of the > entire tree. I then copied this file to the test centos4 machine running > ldap with the same configuration as the centos3 production server. I did > a slapadd of this ldif file, then fixed some minor import errors as a > result. The problem occurs now when we try to bind to the test machine, > with ldapsearch or smbd, as this special samba user, ldap comes back and > tells me the credentials are incorrect. From what i understand about the > userPassword attribute is that it is outputted by slapcat as a base64 > encoded MD5 hash. I have compared the hashes between the production > server and the test server, and they are both identical. I can however > do all this successfully with the admin user. I am lost as to the cause > of this error. ---- simplify this to make it easier... # ldapsearch -x -h localhost -D 'uid=test2,ou=People,dc=azapple,dc=com' -W '(uid=test2)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base <> with scope sub # filter: (uid=test2) # requesting: ALL # # test2, People, azapple.com dn: uid=test2,ou=People,dc=azapple,dc=com sambaNTPassword: 7C273E51DE2020E0BBC2C2B70CAB7B45 sambaLMPassword: AA9C761F0E1E2E7FAAD3B435B51404EE givenName: Test2 sn: User sambaProfilePath: \\srv1\profiles\test2 sambaLogonScript: logon.bat etc... bind from the command line using ldapsearch In theory, your understanding is correct. In practice, it may not be entirely correct since it may not be MD5 encryption - it depends on your slapd.conf and the mechanics of how that password was put there for the user. The easiest thing to do is to set the password from the command line but it would have to be a real posix user... # passwd test2 Changing password for user test2. New UNIX password: BAD PASSWORD: it is too short Retype new UNIX password: LDAP password information changed for test2 passwd: all authentication tokens updated successfully. then I ***know*** that openldap is happy with the password. Craig