Hello-
Thanks to the help of Michael and others I was able to migrate my root dn user from slapd.conf to the database. (BTW should I file a bug for bad documentation on example from 7.1 from [1]?)
Here's how I did it (for the curious and benefit of future users/searchers)::
Add rootdn user to ldif (/tmp/entries.ldif)::
# Organization for Example Corporation dn: dc=example,dc=com objectClass: dcObject objectClass: organization dc: example o: Example Corporation description: The Example Corporation
# Organizational Role for Directory Manager dn: cn=Manager,dc=example,dc=com objectClass: organizationalRole objectClass: simpleSecurityObject cn: Manager description: Directory Manager userPassword: secret
load it::
ldapadd -x -D "cn=Manager,dc=example,dc=com" -w secret -f /tmp/entries.ldif
stop ldap
comment out "rootdn" and "rootpw" from slapd.conf
start ldap
test user from db::
ldapwhoami -x -D "cn=Manager,dc=example,dc=com" -w secret
Yeah! It works!
So, now back to my original issue. Updating the rootdn password. When I try the following it fails:: ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com cn=Manager,dc=example,dc=com New password: Re-enter new password: ldap_initialize( <DEFAULT> ) Result: Insufficient access (50)
I also have another user that I added and tried to update his password and got the same error::
ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com cn=s2searchuser,ou=InternalPerson,cn=Manager,dc=example,dc=com New password: Re-enter new password: ldap_initialize( <DEFAULT> ) Result: Insufficient access (50)
If I stop ldap, put rootdn/rootpw back in slapd, start ldap and re-run the above and it works::
$ ldappasswd -x -v -S -w secret -D cn=Manager,dc=example,dc=com cn=s2searchuser,ou=InternalPerson,cn=Manager,dc=example,dc=com New password: Re-enter new password: ldap_initialize( <DEFAULT> ) Result: Success (0)
I'm sure I'm missing something that is probably obvious to the seasoned veterans, but frustrating to a newbie like me. If anyone can point me further in the right direction that'd be great.
thanks much
-matt