LDAP Authentication Invalid Credentials

This is a snipet of information to help people getting an Invalid Credentials error when accessing an LDPA database used to maintain users integrated with SuSE user admin in YaST.
Probably best applies to people that did not choose LDAP when installing SuSE but are working through YaST to get a database of users up and running.

The problem I was having that resulted in this post was I could run ldapsearch using the admin CN but not with any of the LDAP users I created with YaST.
I would get the infamous “Invalid Credentials” error.
All my users had the clear text {exop}secret in the UserPassword attribute of the LDAP database.
If I changed the “Password Change Protocol” to crypt in the LDAP Client module of YaST everything worked fine. (after resetting the password for the user in user maintenance) but if I changed the Protocol back to exop the Credential error repeated.

Therefore if you can query your database (ldapsearch or YaST LDAP Browse) using the admin DN but not using the users you added through YaST this may help you.

in Yast under LDAP Client
“Advanced Options” button
“Administration Settings” tab
check “Create Default Configuration Objects”
click OK twice

This will create the default attributes and templates used by SuSE to add, access, and maintain users via LDAP through YaST.
Any new LDAP users added through YaST will be added to your LDAP database under “people”

I think you only run into this issue if you skip the LDAP option when first installing SuSE.
Like a lot of other newbies I did not know enough about LDAP to choose that SuSE install option.

Only needs to be run once per LDAP database used for user authentication.
if you decide to change the name of your database (base DN) (i.e. create a new database) because you have learned more about LDAP then you have to run the option on the new database.
You need to run the option before you add LDAP users through YaST.
If not, they will disappear from the user list in YaST when you run the option and you will have to re-add them.
The users added before running the option will be in the database but not under “people” and their passwords will be clear text.

another snipet: the fully qualified name to use for a search or browse will be “-D uid=USERNAME,ou=people,dc=example,dc=com”. This is a little different than what you use for the administrator. replace USERNAME with the name of the user you created in YaST. Alse replace dc=example,dc=com with the base DN you created for your database.