I am running OpenLdap server 2.5.18 on Red Hat Enterprise Linux release 8.10 (Ootpa) OS to enable multimaster replication on both nodes (node 1 and node 2). Currently on Node1 I am encountering the ldap_modify: Insufficient access (50) issue

Node1

# rpm -qa | grep openldap
symas-openldap-clients-2.5.18-1.el8.x86_64
symas-openldap-servers-selinux-1.0.6-2.el8.noarch
openldap-2.4.46-18.el8.x86_64
symas-openldap-servers-2.5.18-1.el8.x86_64
symas-openldap-libs-2.5.18-1.el8.x86_64

# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.10 (Ootpa)
#

# pwd
/opt/symas/etc/openldap
# ls -l
total 20
-rw-r--r-- 1 symas symas  247 May 23 20:21 ldap.conf.default
drwxr-xr-x 2 symas symas 4096 Jun 26 16:02 schema
-rw------- 1 symas symas 2901 Jun 27 17:55 slapd.conf
-rw------- 1 symas symas 2710 May 23 20:21 slapd.conf.default
-rw------- 1 symas symas 2761 May 23 20:21 slapd.ldif.default
#

# cat syncprov_mod.ldif
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov.la

dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov_mod.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=module{0},cn=config"
ldap_modify: Insufficient access (50)

[Windl, Ulrich]

(Sorry, Outlook is not good inline-quoting HTML mail)

It means that your ldapi:/// URL does not have the rights to modify cn=config.

Usually you authenticate with the cn=config user to do that.

Also for replication, you probably want to set up a replication user that can read everything…

#