客户端身份validation“无效凭据”LDAP

我已经使用本手册安装了LDAP客户端身份validation，但在我的/var/log/auth.log文件中出现此错误：

Sep 5 14:08:59 workstation01 nscd: nss_ldap: failed to bind to LDAP server ldap://c-hack00:389: Invalid credentials Sep 5 14:08:59 workstation01 nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)... Sep 5 14:09:00 workstation01 nscd: nss_ldap: failed to bind to LDAP server ldap://c-hack00:389: Invalid credentials Sep 5 14:09:00 workstation01 nscd: nss_ldap: could not search LDAP server - Server is unavailable 

我的/etc/ldap.conf：

 # Your LDAP server. Must be resolvable without using LDAP. # Multiple hosts may be specified, each separated by a # space. How long nss_ldap takes to failover depends on # whether your LDAP client library supports configurable # network or connect timeouts (see bind_timelimit). #host c-hack00 # The distinguished name of the search base. base dc=c-hack,dc=de # Another way to specify your LDAP server is to provide an uri ldap://c-hack00:389 # Unix Domain Sockets to connect to a local LDAP Server. #uri ldap://127.0.0.1/ #uri ldaps://127.0.0.1/ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3 # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. binddn cn=proxyuser,dc=c-hack,dc=de #"proxuser" is an existing LDAP user I've created # The credentials to bind with. # Optional: default is no credential. bindpw mypasswort # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) rootbinddn cn=manager,dc=SPG # The port. # Optional: default is 389. #port 389 # The search scope. #scope sub 

我认为客户端能够连接到服务器，但凭据的凭据是错误的…我该如何解决这个问题？

• 如何使用ldapmodify命令更改ldap目录的所有条目的属性值？
• sssd一个LDAP服务器进行身份validation，一个用于自动安装，这可能吗？
• 如果posixAccount objectClass不可用，如何使用LDAP对CentOS7进行身份validation？
• Samba需要从LDAP获取有效帐户的内容？
• 在Open Ldap for 400K用户中将纯文本密码更新为ssha的方法