Solutions
Archived

Invalid Credentials response in OpenDJ 3.5 when dsreplication commands fail

Last updated Jan 5, 2021

The purpose of this article is to provide assistance if dsreplication commands fail in OpenDJ 3.5 with an "Invalid Credentials" error. This can happen if the global admin account password is different to the Directory Manager password (The password provided by the user did not match any password(s) stored in the user's entry) or the rootDN is not cn=Directory Manager (Unable to bind to the Directory Server because no such user exists in the server).

1 reader recommends this article
Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

You will see the following errors depending on your use case:

  • The admin account password is different to the Directory Manager password; the following error is shown in the access log: [21/Oct/2016:15:11:29 +0100] BIND REQ conn=11 op=0 msgID=1 version=3 type=SIMPLE dn="cn=Directory Manager" [21/Oct/2016:15:11:29 +0100] BIND RES conn=11 op=0 msgID=1 result=49 authFailureReason="The password provided by the user did not match any password(s) stored in the user's entry" authDN="cn=Directory Manager" etime=1 The following error is shown in response to a dsreplication command: The provided credentials are not valid in server opendj.example.com:4444. Details: [LDAP: error code 49 - Invalid Credentials]
  • The rootDN is not cn=Directory Manager; the following is shown in the access log: [21/Oct/2016:15:11:29 -0100] BIND REQ conn=9 op=0 msgID=1 version=3 type=SIMPLE dn="cn=Directory Manager" [21/Oct/2016:15:11:29 -0100] BIND RES conn=9 op=0 msgID=1 result=49 authFailureReason="Unable to bind to the Directory Server because no such user exists in the server" authDN="cn=Directory Manager" etime=0

Recent Changes

Upgraded to, or installed OpenDJ 3.5.

Changed the admin account password.

Installed an OpenDJ instance using a rootDN other than "cn=Directory Manager".

Causes

The dsreplication command attempts to bind with "cn=Directory Manager" regardless of whether it should be binding with the admin account or a different rootDN. Since the password and/or user do not match, the dsreplication command fails.

Solution

This issue can be resolved by upgrading to OpenDJ 3.5.1 or later; you can download this from BackStage.

If the issue is caused by the global admin and Directory Manager passwords being different, you can update them so they match as a workaround.

See Also

How do I change the admin account password used for replication in DS 6.x?

Replication in DS

Related Training

N/A

Related Issue Tracker IDs

OPENDJ-3231 (dsreplication status uses wrong bind DN)

Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.