Error: `ldap_bind: Invalid credentials (49)`

### Problem

Migrating from an old unmaintained OpenLDAP image [`osixia/docker-openldap`](https://github.com/osixia/docker-openldap), users added via LDIF fail to authenticate with _"Invalid credentials (49)"_.

### Reproduction

`ldapwhoami` and `ldapsearch` commands within the same running container (`docker exec -it ldap-test bash`) are both sufficient at illustrating the problem.

```console
# Default internal admin user is successful:
$ ldapwhoami -v -H 'ldap://ldap.example.test' -D 'cn=admin,dc=example,dc=test' -w adminpassword

ldap_initialize( ldap://ldap.example.test:389/??base )
dn:cn=admin,dc=example,dc=test
Result: Success (0)

# Custom user added is not:
$ ldapwhoami -v -H 'ldap://ldap.example.test' -D 'userid=john.doe,ou=people,dc=example,dc=test' -w secret

ldap_initialize( ldap://ldap.example.test:389/??base )
ldap_bind: Invalid credentials (49)
```

Admin user can query the LDIF record successfully:

```console
$ ldapsearch -v -x -H 'ldap://ldap.example.test' -b 'ou=people,dc=example,dc=test' -D 'cn=admin,dc=example,dc=test' -w adminpassword  '(&(userid=john.doe)(mailEnabled=TRUE))'

ldap_initialize( ldap://ldap.example.test:389/??base )
filter: (&(userid=john.doe)(mailEnabled=TRUE))
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=example,dc=test> with scope subtree
# filter: (&(userid=john.doe)(mailEnabled=TRUE))
# requesting: ALL
#

# john.doe, people, example.test
dn: uid=john.doe,ou=people,dc=example,dc=test
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: PostfixBookMailAccount
objectClass: extensibleObject
cn: John Doe
givenName: John
sn: Doe
uid: john.doe
userPassword:: c2VjcmV0
mail: john.doe@example.test
mailEnabled: TRUE
mailUidNumber: 5000
mailGidNumber: 5000
mailAlias: postmaster@example.test
mailGroupMember: employees@example.test
mailHomeDirectory: /var/mail/example.test/john.doe/
mailStorageDirectory: maildir:/var/mail/example.test/john.doe/
mailQuota: 10240

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
```

Where `userPassword` is base64 encoded in the response to `c2VjcmV0` (aka `secret`).

<details>
<summary>Related log output from the `ldapsearch` command</summary>

```
64dc88f8 conn=1008 fd=12 ACCEPT from IP=172.17.0.2:54138 (IP=0.0.0.0:389)
64dc88f8 conn=1008 op=0 BIND dn="cn=admin,dc=example,dc=test" method=128
64dc88f8 conn=1008 op=0 BIND dn="cn=admin,dc=example,dc=test" mech=SIMPLE ssf=0
64dc88f8 conn=1008 op=0 RESULT tag=97 err=0 text=
64dc88f8 conn=1008 op=1 SRCH base="ou=people,dc=example,dc=test" scope=2 deref=0 filter="(&(uid=john.doe)(mailEnabled=TRUE))"
64dc88f8 <= mdb_equality_candidates: (uid) not indexed
64dc88f8 <= mdb_equality_candidates: (mailEnabled) not indexed
64dc88f8 conn=1008 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
64dc88f8 conn=1008 op=2 UNBIND
64dc88f8 conn=1008 fd=12 closed
```

</details>

Whereas the equivalent for the custom user fails with:


```console
$ ldapsearch -v -x -H 'ldap://ldap.example.test' -b 'ou=people,dc=example,dc=test' -D 'userid=john.doe,ou=people,dc=example,dc=test' -w secret  '(&(userid=john.doe)(mailEnabled=TRUE))'

ldap_initialize( ldap://ldap.example.test:389/??base )
ldap_bind: Invalid credentials (49)


# Related log output from container logs:
64dc8a08 conn=1010 fd=12 ACCEPT from IP=172.17.0.2:42226 (IP=0.0.0.0:389)
64dc8a08 conn=1010 op=0 BIND dn="uid=john.doe,ou=people,dc=example,dc=test" method=128
64dc8a08 conn=1010 op=0 RESULT tag=97 err=49 text=
64dc8a08 conn=1010 op=1 UNBIND
64dc8a08 conn=1010 fd=12 closed
```

#### `docker run`

```bash
docker run --rm --name ldap-test \
  --env LDAP_ROOT='dc=example,dc=test' \
  --env LDAP_HASH_PASSWORD='NONE' \
  --env LDAP_PORT_NUMBER=389 \
  --env BITNAMI_DEBUG=true \
  --volume '/tmp/ldif/:/migrations/:ro' \
  --hostname 'ldap.example.test' \
  registry.gitlab.com/bitspur/rock8s/docker-openldap
```

- The hash method is set to `NONE` just to keep it simple. I tried `SHA` for a predictable SHA-1 (due to no salt, `slappasswd  -s secret -h '{SHA}'` always outputs `{SHA}5en6G6MezRroT3XKqkdPOmY/BfQ=`), but I am unsure why credentials are "invalid".
- The custom `.ldif` files are mounted to `/migrations` as your README advises due to using `changetype` to do so. It doesn't seem to make any difference either way.

<details>
<summary>Log output during startup</summary>

```
rm: cannot remove '/opt/bitnami/openldap/ldifs': Permission denied
 08:21:29.93 INFO  ==> ** Starting LDAP setup **
 08:21:29.95 INFO  ==> Validating settings in LDAP_* env vars
 08:21:29.95 INFO  ==> Initializing OpenLDAP...
 08:21:29.95 DEBUG ==> Ensuring expected directories/files exist...
 08:21:29.96 INFO  ==> Creating LDAP online configuration
 08:21:29.96 INFO  ==> Creating slapd.ldif
 08:21:29.98 INFO  ==> Starting OpenLDAP server in background
64dc8709 @(#) $OpenLDAP: slapd 2.4.57+dfsg-3+deb11u1 (May 14 2022 18:32:57) $
        Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
64dc8709 slapd starting
 08:21:30.99 INFO  ==> Configure LDAP credentials for admin user
SASL/EXTERNAL authentication started
64dc870a conn=1000 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870a conn=1000 op=0 BIND dn="" method=163
64dc870a conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870a conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870a conn=1000 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870a conn=1000 op=1 MOD dn="olcDatabase={2}mdb,cn=config"
64dc870a conn=1000 op=1 MOD attr=olcSuffix
64dc870a conn=1000 op=1 RESULT tag=103 err=0 text=
64dc870a conn=1000 op=2 MOD dn="olcDatabase={2}mdb,cn=config"
64dc870a conn=1000 op=2 MOD attr=olcRootDN
64dc870a conn=1000 op=2 RESULT tag=103 err=0 text=
64dc870a conn=1000 op=3 MOD dn="olcDatabase={2}mdb,cn=config"
64dc870a conn=1000 op=3 MOD attr=olcRootPW
64dc870a conn=1000 op=3 RESULT tag=103 err=0 text=
64dc870a conn=1000 op=4 MOD dn="olcDatabase={1}monitor,cn=config"
64dc870a conn=1000 op=4 MOD attr=olcAccess
64dc870a conn=1000 op=4 RESULT tag=103 err=0 text=
64dc870a conn=1000 op=5 UNBIND
64dc870a conn=1000 fd=12 closed
modifying entry "olcDatabase={2}mdb,cn=config"

modifying entry "olcDatabase={2}mdb,cn=config"

modifying entry "olcDatabase={2}mdb,cn=config"

modifying entry "olcDatabase={1}monitor,cn=config"

 08:21:30.99 INFO  ==> Adding LDAP extra schemas
SASL/EXTERNAL authentication started
64dc870b conn=1001 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870b conn=1001 op=0 BIND dn="" method=163
64dc870b conn=1001 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870b conn=1001 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870b conn=1001 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870b conn=1001 op=1 ADD dn="cn=cosine,cn=schema,cn=config"
64dc870b conn=1001 op=1 RESULT tag=105 err=0 text=
adding new entry "cn=cosine,cn=schema,cn=config"

64dc870b conn=1001 op=2 UNBIND
64dc870b conn=1001 fd=12 closed
SASL/EXTERNAL authentication started
64dc870b conn=1002 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870b conn=1002 op=0 BIND dn="" method=163
64dc870b conn=1002 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870b conn=1002 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870b conn=1002 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870b conn=1002 op=1 ADD dn="cn=inetorgperson,cn=schema,cn=config"
64dc870b conn=1002 op=1 RESULT tag=105 err=0 text=
adding new entry "cn=inetorgperson,cn=schema,cn=config"

64dc870b conn=1002 op=2 UNBIND
64dc870b conn=1002 fd=12 closed
SASL/EXTERNAL authentication started
64dc870b conn=1003 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870b conn=1003 op=0 BIND dn="" method=163
64dc870b conn=1003 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870b conn=1003 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870b conn=1003 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870b conn=1003 op=1 ADD dn="cn=misc,cn=schema,cn=config"
64dc870b conn=1003 op=1 RESULT tag=105 err=0 text=
adding new entry "cn=misc,cn=schema,cn=config"

64dc870b conn=1003 op=2 UNBIND
64dc870b conn=1003 fd=12 closed
SASL/EXTERNAL authentication started
64dc870b conn=1004 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870b conn=1004 op=0 BIND dn="" method=163
64dc870b conn=1004 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870b conn=1004 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870b conn=1004 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870b conn=1004 op=1 ADD dn="cn=nis,cn=schema,cn=config"
64dc870b conn=1004 op=1 RESULT tag=105 err=0 text=
64dc870b conn=1004 op=2 UNBIND
64dc870b conn=1004 fd=12 closed
adding new entry "cn=nis,cn=schema,cn=config"

SASL/EXTERNAL authentication started
64dc870b conn=1005 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870b conn=1005 op=0 BIND dn="" method=163
64dc870b conn=1005 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870b conn=1005 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870b conn=1005 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870b conn=1005 op=1 ADD dn="cn=ppolicy,cn=schema,cn=config"
64dc870b conn=1005 op=1 RESULT tag=105 err=0 text=
64dc870b conn=1005 op=2 UNBIND
64dc870b conn=1005 fd=12 closed
adding new entry "cn=ppolicy,cn=schema,cn=config"

 08:21:31.02 INFO  ==> Adding custom schemas : /opt/bitnami/openldap/schemas ...
64dc870b daemon: shutdown requested and initiated.
64dc870b slapd shutdown: waiting for 0 operations/tasks to finish
64dc870b slapd stopped.
 08:21:32.21 INFO  ==> Starting OpenLDAP server in background
64dc870c @(#) $OpenLDAP: slapd 2.4.57+dfsg-3+deb11u1 (May 14 2022 18:32:57) $
        Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
64dc870c slapd starting
 08:21:33.22 INFO  ==> Creating LDAP default tree
64dc870d conn=1000 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870d conn=1000 op=0 BIND dn="cn=admin,dc=example,dc=test" method=128
64dc870d conn=1000 op=0 BIND dn="cn=admin,dc=example,dc=test" mech=SIMPLE ssf=0
64dc870d conn=1000 op=0 RESULT tag=97 err=0 text=
64dc870d conn=1000 op=1 ADD dn="dc=example,dc=test"
64dc870d conn=1000 op=1 RESULT tag=105 err=0 text=
64dc870d conn=1000 op=2 ADD dn="ou=users,dc=example,dc=test"
64dc870d conn=1000 op=2 RESULT tag=105 err=0 text=
64dc870d conn=1000 op=3 ADD dn="cn=user01,ou=users,dc=example,dc=test"
64dc870d conn=1000 op=3 RESULT tag=105 err=0 text=
64dc870d conn=1000 op=4 ADD dn="cn=user02,ou=users,dc=example,dc=test"
64dc870d conn=1000 op=4 RESULT tag=105 err=0 text=
64dc870d conn=1000 op=5 ADD dn="cn=readers,ou=users,dc=example,dc=test"
64dc870d conn=1000 op=5 RESULT tag=105 err=0 text=
64dc870d conn=1000 op=6 UNBIND
64dc870d conn=1000 fd=12 closed
adding new entry "dc=example,dc=test"

adding new entry "ou=users,dc=example,dc=test"

adding new entry "cn=user01,ou=users,dc=example,dc=test"

adding new entry "cn=user02,ou=users,dc=example,dc=test"

adding new entry "cn=readers,ou=users,dc=example,dc=test"

64dc870d daemon: shutdown requested and initiated.
64dc870d slapd shutdown: waiting for 0 operations/tasks to finish
64dc870d slapd stopped.

 08:21:34.28 INFO  ==> ** LDAP setup finished! **
 08:21:34.30 INFO  ==> ** Starting slapd **
64dc870e @(#) $OpenLDAP: slapd 2.4.57+dfsg-3+deb11u1 (May 14 2022 18:32:57) $
        Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
64dc870e slapd starting
64dc870e conn=1000 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870e conn=1000 op=0 BIND dn="" method=163
64dc870e conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870e conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870e conn=1000 op=0 RESULT tag=97 err=0 text=
64dc870e conn=1000 op=1 EXT oid=1.3.6.1.4.1.4203.1.11.3
64dc870e conn=1000 op=1 WHOAMI
64dc870e conn=1000 op=1 RESULT oid= err=0 text=
dn:gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
64dc870e conn=1000 op=2 UNBIND
64dc870e conn=1000 fd=12 closed
ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/bitnami/openldap/migrations/00-access.ldif
SASL/EXTERNAL authentication started
64dc870e conn=1001 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870e conn=1001 op=0 BIND dn="" method=163
64dc870e conn=1001 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870e conn=1001 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870e conn=1001 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870e conn=1001 op=1 MOD dn="olcDatabase={2}mdb,cn=config"
64dc870e conn=1001 op=1 MOD attr=olcAccess
64dc870e conn=1001 op=1 RESULT tag=103 err=0 text=
modifying entry "olcDatabase={2}mdb,cn=config"

64dc870e conn=1001 op=2 UNBIND
64dc870e conn=1001 fd=12 closed
ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/bitnami/openldap/migrations/01_mail-tree.ldif
SASL/EXTERNAL authentication started
64dc870e conn=1002 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870e conn=1002 op=0 BIND dn="" method=163
64dc870e conn=1002 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870e conn=1002 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870e conn=1002 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870e conn=1002 op=1 ADD dn="ou=people,dc=example,dc=test"
64dc870e conn=1002 op=1 RESULT tag=105 err=0 text=
64dc870e conn=1002 op=2 UNBIND
adding new entry "ou=people,dc=example,dc=test"

64dc870e conn=1002 fd=12 closed
ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/bitnami/openldap/migrations/02_user-email.ldif
SASL/EXTERNAL authentication started
64dc870e conn=1003 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870e conn=1003 op=0 BIND dn="" method=163
64dc870e conn=1003 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870e conn=1003 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870e conn=1003 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870e conn=1003 op=1 ADD dn="uid=john.doe,ou=people,dc=example,dc=test"
64dc870e conn=1003 op=1 RESULT tag=105 err=0 text=
64dc870e conn=1003 op=2 UNBIND
64dc870e conn=1003 fd=12 closed
adding new entry "userid=john.doe,ou=people,dc=example,dc=test"

ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/bitnami/openldap/migrations/auditlog.ldif
SASL/EXTERNAL authentication started
64dc870e conn=1004 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870e conn=1004 op=0 BIND dn="" method=163
64dc870e conn=1004 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870e conn=1004 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870e conn=1004 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870e conn=1004 op=1 UNBIND
64dc870e conn=1004 fd=12 closed
ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/bitnami/openldap/migrations/ppolicy.ldif
SASL/EXTERNAL authentication started
64dc870e conn=1005 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870e conn=1005 op=0 BIND dn="" method=163
64dc870e conn=1005 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870e conn=1005 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870e conn=1005 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870e conn=1005 op=1 UNBIND
64dc870e conn=1005 fd=12 closed
ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/bitnami/openldap/migrations/smbkrb5pwd.ldif
SASL/EXTERNAL authentication started
64dc870e conn=1006 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870e conn=1006 op=0 BIND dn="" method=163
64dc870e conn=1006 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870e conn=1006 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870e conn=1006 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870e conn=1006 op=1 UNBIND
64dc870e conn=1006 fd=12 closed
ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/bitnami/openldap/migrations/syncrepl.ldif
SASL/EXTERNAL authentication started
64dc870e conn=1007 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870e conn=1007 op=0 BIND dn="" method=163
64dc870e conn=1007 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870e conn=1007 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870e conn=1007 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870e conn=1007 op=1 UNBIND
64dc870e conn=1007 fd=12 closed
```

</details>

<details>
<summary>Relevant snippet from above log (for the two custom LDIF files)</summary>

```
ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/bitnami/openldap/migrations/01_mail-tree.ldif
SASL/EXTERNAL authentication started
64dc870e conn=1002 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870e conn=1002 op=0 BIND dn="" method=163
64dc870e conn=1002 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870e conn=1002 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870e conn=1002 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870e conn=1002 op=1 ADD dn="ou=people,dc=example,dc=test"
64dc870e conn=1002 op=1 RESULT tag=105 err=0 text=
64dc870e conn=1002 op=2 UNBIND
adding new entry "ou=people,dc=example,dc=test"

64dc870e conn=1002 fd=12 closed
ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/bitnami/openldap/migrations/02_user-email.ldif
SASL/EXTERNAL authentication started
64dc870e conn=1003 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
64dc870e conn=1003 op=0 BIND dn="" method=163
64dc870e conn=1003 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64dc870e conn=1003 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
64dc870e conn=1003 op=0 RESULT tag=97 err=0 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
64dc870e conn=1003 op=1 ADD dn="uid=john.doe,ou=people,dc=example,dc=test"
64dc870e conn=1003 op=1 RESULT tag=105 err=0 text=
64dc870e conn=1003 op=2 UNBIND
64dc870e conn=1003 fd=12 closed
adding new entry "userid=john.doe,ou=people,dc=example,dc=test"
```

</details>

#### Custom LDIF

Minimized to the two files below (_2nd relies on the `postfix-book.schema` this image already provides_). Creates a single mail user account to test against.

**`01_mail-tree.ldif`:**

```
dn: ou=people,dc=example,dc=test
changetype: add
objectClass: organizationalUnit
objectClass: top
ou: people
```

**`02_user-email.ldif`:**

```
# --------------------------------------------------------------------
# Create mail accounts
# --------------------------------------------------------------------
# John Doe
dn: userid=john.doe,ou=people,dc=example,dc=test
changetype: add
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: PostfixBookMailAccount
objectClass: extensibleObject
cn: John Doe
givenName: John
surname: Doe
userid: john.doe
userPassword: secret
mail: john.doe@example.test
# postfix-book.schema:
mailEnabled: TRUE
mailUidNumber: 5000
mailGidNumber: 5000
mailAlias: postmaster@example.test
mailGroupMember: employees@example.test
mailHomeDirectory: /var/mail/example.test/john.doe/
mailStorageDirectory: maildir:/var/mail/example.test/john.doe/
mailQuota: 10240
```

### Background

Over the past two days (no LDAP experience), I've been trying to migrate the `docker-mailserver` LDAP test away from the [`osixia/docker-openldap`](https://github.com/osixia/docker-openldap) image (_we've used an old pinned version from many years ago, the latest just crashes_).

That image was last maintained 2 years ago, and the bitnami openldap image seems to be one of the only actively maintained ones I came across that seemed suitable. However I ran into some compatibility issues there and my inexperience with LDAP... but this variant image with improvements is almost working, last roadblock is getting created users to successfully authenticate.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Error: `ldap_bind: Invalid credentials (49)` #1

Problem

Reproduction

`docker run`

Custom LDIF

Background

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Error: ldap_bind: Invalid credentials (49) #1

Description

Problem

Reproduction

docker run

Custom LDIF

Background

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

Error: `ldap_bind: Invalid credentials (49)` #1

`docker run`