LDAP Root Login - Unable

Raise/discuss any potential issues with MailEnable for consideration in project issue register.
Post Reply
frontdist
Posts: 17
Joined: Tue Mar 05, 2013 7:12 pm

LDAP Root Login - Unable

Post by frontdist » Fri Mar 08, 2019 8:04 pm

I am unable to login as the root user for LDAP address retrieval from an anti-spam appliance we are using as a mail gateway (the device uses LDAP for email verification and bounces unregistered addresses or aliases as DHA attempts if not in LDAP).

Right now, I have had to set every single domain up with the postmaster@domain.tld username and postmaster password to retrieve LDAP entries. I have had absolutely no success in retrieving the LDAP by making a single server entry and using the root credentials. I have also tried in Softerra and another LDAP browser to access via the root without success.

I have edited the rootpw in SLAPD.conf to a simple entry to avoid typos (and restarted the LDAP service), but I still can't get in.

I have tried, as a username (because there is absolutely no guidance on the site or forum):

root
Root
ROOT
rootdn
RootDN
RootDN

And 100 other combinations as I don't even know if the username is case sensitive.

The other issue is that I keep getting errors about the baseDN that it is incorrect, however in my slapd.conf I see the following:

database mailenable
suffix ""
rootdn "cn=Directory Manager,o=MailEnable"

I am using the rootdn and getting nowhere.

So what gives?

manalain
Posts: 1
Joined: Mon Mar 25, 2019 6:49 am

Re: LDAP Root Login - Unable

Post by manalain » Mon Mar 25, 2019 7:07 am

Try to invoke your id after logging in. It will look like this: uid=0(root) gid=0(root) groups=0(root). Your uid value should be the case.
Advanced management: https://www.enteros.com/.

frontdist
Posts: 17
Joined: Tue Mar 05, 2013 7:12 pm

Re: LDAP Root Login - Unable

Post by frontdist » Wed Apr 24, 2019 11:38 am

Just to stop everyone from wanting to kill themselves, the username is actually this: "cn=Directory Manager,o=MailEnable"

Not that such a fact is specified anywhere unless you do some serious scouring to of the internet regarding OpenLDAP setup parameters.

Hope this helps someone!

Post Reply