cannot ldapadd in freebsd prompt, but ldap_add() in php is ok ?

under freebsd prompt, I typed
ldapadd -f tester.ldif -x -D "uid=tester, ou=People, dc=aitc, dc=com,
dc=tw" -w orson
then
ldap_bind: Invalid credentials (49)
using whoami, I am root, so I think I have the right to do that
I use ldapsearch to search other entries is ok.

my tester.ldif is
dn: dc=aitc, dc=com, dc=tw
objectClass: top
objectClass: account
objectClass: posixAccount
dc: aitc

dn: uid=tester, ou=People, dc=aitc, dc=com, dc=tw
cn= Tester


but when I looked at the /usr/local/etc/openldap/slapd.conf
, the rootpw is orson (cleartext, I am testing)

but when I use php to write some code to add user, it works (I use
ldapbrowser to see the added entry)

<?php
$ldapServer="ldap://192.168.1.211";
$ldapPort="389";
$ldapconn=ldap_connect($ldapServer,$ldapPort);
$ldaprdn="uid=root, ou=People, dc=aitc, dc=com, dc=tw";
$ldappass="orson";

if($ldapconn){
echo "connect to ".$ldapServer." successfully \n<br>";
}else{
echo "can't connect to LDAP server!\n<br>";
}
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);

if ($ldapconn) {
// binding to ldap server to give update access
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP binding successful...\n";
} else {
echo "LDAP binding failed...\n";
}
}

//data preparation
//I am not very sure what attribute should be filled
$data["uid"]="tester";
$data["cn"]="Tester 1";
$data["objectclass"][0]="account";
$data["objectclass"][1]="posixAccount";
$data["objectclass"][2]="top";
$data["userpassword"]="";
$data["loginshell"]="/usr/local/bin/bash";
$data["uidnumber"]=3100;
$data["gidnumber"]=3100;
$data["homedirectory"]="/home/tester";
$data["gecos"]="Tester 1";

// Before ldap_add(), should check the user already exists or not
if(!ldap_add($ldapconn,"uid=tester, ou=People, dc=aitc, dc=com,
dc=tw", $data)){
echo "There is a problem to create the account\n";
echo "Please contact your administrator!\n";
exit;
}else{
echo "account creation successfully";
}
ldap_close($ldapconn);
?>

Does anyone know what's wrong with it?
I use openldap mount in freebsd

Thanks in advance.

-jiing-

jiing wrote:
> under freebsd prompt, I typed
> ldapadd -f tester.ldif -x -D "uid=tester, ou=People, dc=aitc, dc=com,
> dc=tw" -w orson
> then
> ldap_bind: Invalid credentials (49)
> using whoami, I am root, so I think I have the right to do that
> I use ldapsearch to search other entries is ok.
>
> my tester.ldif is
> dn: dc=aitc, dc=com, dc=tw
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> dc: aitc
>
> dn: uid=tester, ou=People, dc=aitc, dc=com, dc=tw
> cn= Tester
Continuation lines as above need to start with white space.

Steve
>
>
> but when I looked at the /usr/local/etc/openldap/slapd.conf
> , the rootpw is orson (cleartext, I am testing)
>
> but when I use php to write some code to add user, it works (I use
> ldapbrowser to see the added entry)
>
> <?php
> $ldapServer="ldap://192.168.1.211";
> $ldapPort="389";
> $ldapconn=ldap_connect($ldapServer,$ldapPort);
> $ldaprdn="uid=root, ou=People, dc=aitc, dc=com, dc=tw";
> $ldappass="orson";
>
> if($ldapconn){
> echo "connect to ".$ldapServer." successfully \n<br>";
> }else{
> echo "can't connect to LDAP server!\n<br>";
> }
> ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
>
> if ($ldapconn) {
> // binding to ldap server to give update access
> $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
> // verify binding
> if ($ldapbind) {
> echo "LDAP binding successful...\n";
> } else {
> echo "LDAP binding failed...\n";
> }
> }
>
> //data preparation
> //I am not very sure what attribute should be filled
> $data["uid"]="tester";
> $data["cn"]="Tester 1";
> $data["objectclass"][0]="account";
> $data["objectclass"][1]="posixAccount";
> $data["objectclass"][2]="top";
> $data["userpassword"]="";
> $data["loginshell"]="/usr/local/bin/bash";
> $data["uidnumber"]=3100;
> $data["gidnumber"]=3100;
> $data["homedirectory"]="/home/tester";
> $data["gecos"]="Tester 1";
>
> // Before ldap_add(), should check the user already exists or not
> if(!ldap_add($ldapconn,"uid=tester, ou=People, dc=aitc, dc=com,
> dc=tw", $data)){
> echo "There is a problem to create the account\n";
> echo "Please contact your administrator!\n";
> exit;
> }else{
> echo "account creation successfully";
> }
> ldap_close($ldapconn);
> ?>
>
> Does anyone know what's wrong with it?
> I use openldap mount in freebsd
>
> Thanks in advance.
>
> -jiing-

Steve wrote:
> jiing wrote:
>
>> under freebsd prompt, I typed
>> ldapadd -f tester.ldif -x -D "uid=tester, ou=People, dc=aitc, dc=com,
>> dc=tw" -w orson
You're also trying to bind to the directory using the credentials of the
user that you want to add, as opposed to root, which you're using in the
php example.


>> then ldap_bind: Invalid credentials (49)
>> using whoami, I am root, so I think I have the right to do that
>> I use ldapsearch to search other entries is ok.
>>
>> my tester.ldif is dn: dc=aitc, dc=com, dc=tw
>> objectClass: top
>> objectClass: account
>> objectClass: posixAccount
>> dc: aitc
>>
>> dn: uid=tester, ou=People, dc=aitc, dc=com, dc=tw
>> cn= Tester
>
> Continuation lines as above need to start with white space.
>
> Steve
>
>>
>>
>> but when I looked at the /usr/local/etc/openldap/slapd.conf
>> , the rootpw is orson (cleartext, I am testing)
>>
>> but when I use php to write some code to add user, it works (I use
>> ldapbrowser to see the added entry)
>>
>> <?php
>> $ldapServer="ldap://192.168.1.211";
>> $ldapPort="389";
>> $ldapconn=ldap_connect($ldapServer,$ldapPort);
>> $ldaprdn="uid=root, ou=People, dc=aitc, dc=com, dc=tw";
>> $ldappass="orson";
>>
>> if($ldapconn){
>> echo "connect to ".$ldapServer." successfully \n<br>";
>> }else{
>> echo "can't connect to LDAP server!\n<br>";
>> }
>> ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
>> if ($ldapconn) {
>> // binding to ldap server to give update access
>> $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
>> // verify binding
>> if ($ldapbind) {
>> echo "LDAP binding successful...\n";
>> } else {
>> echo "LDAP binding failed...\n";
>> }
>> }
>> //data preparation
>> //I am not very sure what attribute should be filled
>> $data["uid"]="tester";
>> $data["cn"]="Tester 1";
>> $data["objectclass"][0]="account";
>> $data["objectclass"][1]="posixAccount";
>> $data["objectclass"][2]="top";
>> $data["userpassword"]="";
>> $data["loginshell"]="/usr/local/bin/bash";
>> $data["uidnumber"]=3100;
>> $data["gidnumber"]=3100;
>> $data["homedirectory"]="/home/tester"; $data["gecos"]="Tester 1";
>> // Before ldap_add(), should check the user already exists or not
>> if(!ldap_add($ldapconn,"uid=tester, ou=People, dc=aitc, dc=com,
>> dc=tw", $data)){
>> echo "There is a problem to create the account\n";
>> echo "Please contact your administrator!\n";
>> exit;
>> }else{
>> echo "account creation successfully";
>> }
>> ldap_close($ldapconn);
>> ?>
>>
>> Does anyone know what's wrong with it?
>> I use openldap mount in freebsd
>>
>> Thanks in advance.
>>
>> -jiing-

thanks a lot
Steve wrote:
> Steve wrote:
> > jiing wrote:
> >
> >> under freebsd prompt, I typed
> >> ldapadd -f tester.ldif -x -D "uid=tester, ou=People, dc=aitc,
dc=com,
> >> dc=tw" -w orson
> You're also trying to bind to the directory using the credentials of
the
> user that you want to add, as opposed to root, which you're using in
the
> php example.
>
>
> >> then ldap_bind: Invalid credentials (49)
> >> using whoami, I am root, so I think I have the right to do that
> >> I use ldapsearch to search other entries is ok.
> >>
> >> my tester.ldif is dn: dc=aitc, dc=com, dc=tw
> >> objectClass: top
> >> objectClass: account
> >> objectClass: posixAccount
> >> dc: aitc
> >>
> >> dn: uid=tester, ou=People, dc=aitc, dc=com, dc=tw
> >> cn= Tester
> >
> > Continuation lines as above need to start with white space.
> >
> > Steve
> >
> >>
> >>
> >> but when I looked at the /usr/local/etc/openldap/slapd.conf
> >> , the rootpw is orson (cleartext, I am testing)
> >>
> >> but when I use php to write some code to add user, it works (I use
> >> ldapbrowser to see the added entry)
> >>
> >> <?php
> >> $ldapServer="ldap://192.168.1.211";
> >> $ldapPort="389";
> >> $ldapconn=ldap_connect($ldapServer,$ldapPort);
> >> $ldaprdn="uid=root, ou=People, dc=aitc, dc=com, dc=tw";
> >> $ldappass="orson";
> >>
> >> if($ldapconn){
> >> echo "connect to ".$ldapServer." successfully \n<br>";
> >> }else{
> >> echo "can't connect to LDAP server!\n<br>";
> >> }
> >> ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
> >> if ($ldapconn) {
> >> // binding to ldap server to give update access
> >> $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
> >> // verify binding
> >> if ($ldapbind) {
> >> echo "LDAP binding successful...\n";
> >> } else {
> >> echo "LDAP binding failed...\n";
> >> }
> >> }
> >> //data preparation
> >> //I am not very sure what attribute should be filled
> >> $data["uid"]="tester";
> >> $data["cn"]="Tester 1";
> >> $data["objectclass"][0]="account";
> >> $data["objectclass"][1]="posixAccount";
> >> $data["objectclass"][2]="top";
> >> $data["userpassword"]="";
> >> $data["loginshell"]="/usr/local/bin/bash";
> >> $data["uidnumber"]=3100;
> >> $data["gidnumber"]=3100;
> >> $data["homedirectory"]="/home/tester";
$data["gecos"]="Tester 1";
> >> // Before ldap_add(), should check the user already exists or
not
> >> if(!ldap_add($ldapconn,"uid=tester, ou=People, dc=aitc, dc=com,
> >> dc=tw", $data)){
> >> echo "There is a problem to create the account\n";
> >> echo "Please contact your administrator!\n";
> >> exit;
> >> }else{
> >> echo "account creation successfully";
> >> }
> >> ldap_close($ldapconn);
> >> ?>
> >>
> >> Does anyone know what's wrong with it?
> >> I use openldap mount in freebsd
> >>
> >> Thanks in advance.
> >>
> >> -jiing-