h1

Avamar LDAP Integration: LDAP_BIND: Invalid Credentials (49) error

August 4, 2010

I recently had an issue where I was trying to setup LDAP integration at a client site, and we were 100% sure everything was setup correctly, but we continued to get ldap_bind: Invalid credentials errors in relation to the distinguished name in the ldap.conf file.

I recreated the issue in our lab with the same end result, if the Avamar user was located in an OU underneath a Parent OU, for example, the Avamar user was located in a OU named Users within an OU named Avamar, (cn=Avmar,ou=Users,ou=Avamar,dc=domainname,dc=com), then I was not able to search the LDAP database or log into Avamar using that Avamar AD account.

After a little research it turns out that there is a known bug with RHEL 4 (Bug 11501). The patch can be found at:

ftp://avamar_ftp:anonymous@ftp.avamar.com/software/openldap_rhel4patch.tgz

Copy the patch over to the Avamar utility node and extract the patch with the following command:
tar -xzvf openldap_rhel4patch.tgz

Now change to the directory where the patch extracted and run the following command:
rpm -vF *.rpm

Once completed, Restart the lm service:
service lm restart

Once I completed the steps above, I was then able to both successfully search LDAP and log into Avamar Administrator using the AD account.

Here is the CLI command I used to search the LDAP database:

ldapsearch -x -W -h dcserver.domainname.com -b dc=domainname,dc=com -D cn=Avamar,ou=Users,ou=Avamar,dc=domainname,dc=com


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: