Invalid Credential
Messaging Server 5.2 hf 1.21(W2k p4).
I have this error in the dir access log:
- conn=27616 op=0 BIND dn="cn=msg-xxx, cn=iPlanet Messaging Applications, cn=Server Group (2), cn=xxx.abc.com, ou=abc.com, o=NetscapeRoot" method=128 version=2
- conn=27616 op=0 RESULT err=49 tag=97 nentries=0 etime=0
I wonder what sitation could this result in err=49 (Invalid Crednetials) as I could not find any MOD operation on this entry. And pop, imap, webmail were not able to start up. I believe it is due to this invalid credential issue.
Appreciate your comment or advice. Thanks.
[607 byte] By [
smf6786a] at [2007-11-27 3:56:08]
# 1
Hi,
From http://www.directory-info.com/LDAP/LDAPErrorCodes.html, you can see that you get err=49 for a few different reasons:
LDAP_INVALID_CREDENTIALS: Indicates that during a bind operation one of the following occurred:
* The client passed either an incorrect DN or password.
* The password is incorrect because it has expired, intruder detection has locked the account, or some other similar reason.
So, have you:
1. Enabled password expiration for your directory server?
2. Changed the password for this user recently?
3. Checked that this DN still exists?
Regards,
Shane.
# 2
Hi Shane,
Thank you for responding to my issue. The binding of that is internal system operation between msg and dir server.
No password policy being set and no changes done on the entry as I checked through the dir access log . The DN is there.
Anything else that could lead to this error?
# 3
Hi,
> No password policy being set and no changes done on
> the entry as I checked through the dir access log .
> The DN is there.
>
> Anything else that could lead to this error?
Not that I have seen. Clearly directory server doesn't like the password that is being provided.. as a workaround you could change the password on the messaging server and directory server ends and see if that helps e.g.
(make sure to grab a snapshot of your ./configutil output first, just in case you need to restore values)
On the directory server side:
./ldapmodify -h <directory server> -D "cn=directory manager" -w <directory manager password>
dn: cn=msg-xxx, cn=iPlanet Messaging Applications, cn=Server Group (2), cn=xxx.abc.com, ou=abc.com, o=NetscapeRoot
changetype: modify
replace: userpassword
userpassword: <new password>
On the messaging server side:
./configutil -o local.service.pab.ldappasswd -v <new password>
./configutil -o local.ugldapbinddn -v <new password>
./configutil -o local.enduseradmincred -v <new password>
./imsimta cnbuild
./stop-msg;./start-msg
Regards,
Shane.
Message was edited by:
shane_hjorth
