Univention-directory-manager / WebInterface / Ldap: Invalid credentials

I cannot call the web based user management console - after searching in the logfiles I found an entry in the



09.09.19 21:22:22.722 MAIN ( PROCESS ) : LDAP bind for user ‘uid=Administrator,cn=users,dc=XXX,dc=XXX’.
7 09.09.19 21:22:22.722 LDAP ( INFO ) : bind binddn=uid=Administrator,cn=users,dc=XXX,dc=XXX
8 09.09.19 21:22:22.733 LDAP ( ERROR ) : ldap_simple_bind: Invalid credentials

What is working:

univention-ldapsearch ‘(uid=Administrator)’ -x -D uid=Administrator,cn=users,$(ucr get ldap/base) -W
This is working using the (known) admin password.

ldapsearch -D $(ucr get ldap/hostdn) -y /etc/machine.secret
This command also shows a list of entries.

All used passwords are correct; login per web or ssh is also working correctly.

Within a console


offers some possibilities for providing the password:

general options:
–binddn bind DN
–bindpwd bind password
–bindpwdfile file containing bind password

However I cannot find any information about the bindpwdfile used by the udm in the chain web - udm (univention-management-console-server ?).
What is the difference between machine.secret and ldap.secret?