Good point.  (I sent these in a follow on post that hasn't shown up yet  I'm also having an issue with reloading a slapd .ldif file from the previous server to this one.  It's giving me an 'insufficient privileges' access area and telling me I don't have permissions to the parent.  So.... I really need to figure this out.... I've done this quite a few times and now I'm having an issue.)
I have to assume that I don't have access to example.com or it's children.  I just don't understand what I'm missing.

TY!

P.

Ldap.conf:

BASE dc=example,dc=com

Slapd.conf:

access to attrs=userPassword
   by self         write
   by anonymous    auth
   by dn="uid=syncuser,dc=hq,dc=example,dc=com"       read
   by *    compare
access to attrs=sambaLMPassword,sambaNTPassword
   by dn="uid=syncuser,dc=hq,dc=example,dc=com" read
   by * none
access to *
   by self write
   by * read


access to dn.subtree="dc=hq,dc=example,dc=com"
    by self write
    by set="[cn=itlevel1,ou=Groups,dc=hq,dc=example,dc=com]/member* &
 user" write
    by set="[cn=ntadmins,ou=Groups,dc=hq,dc=example,dc=com]/member* &
 user" write
    by * break

authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
                "cn=root,dc=hq,dc=example,dc=com"


database        mdb
suffix          "dc=hq,dc=example,dc=com"
rootdn          "cn=root,dc=hq,dc=example,dc=com"



On Tuesday, September 10, 2019, 2:13:01 AM EDT, Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> wrote:


>>> Paul Pathiakis <pathiaki2@yahoo.com> schrieb am 09.09.2019 um 16:38 in
Nachricht <337690294.4382558.1568039882472@mail.yahoo.com>:
> Hi,
> I am trying to figure out all the various passwords and access controls.
> I seem unable to get my previously documented systems/configurations to
> work.
> I understand that slaptest is supposed to convert my slapd.conf to a new
> configuration and everything should be fine going forward.
> However, I'm having various password and access issues.
> Basically,
> I use my ldap.conf file and everything seems good.
> I start slapd and it works fine.
> I perform an ldap search and everything seems fine as it returns my domain.
> After that, I try to import my memberof.ldif file and it gives me an access
> issue.
> ldapadd -f /etc/openldap/memberof.ldif -v -D "cn=config" -H
> ldap://192.168.2.113 -W -c
>
> dn: cn=module,cn=config
> cn: module
> objectClass: olcModuleList
> objectclass: top
> olcModuleLoad: memberof.la
> olcModulePath: /usr/lib64/openldap
>
> dn: olcOverlay=memberof,olcDatabase={0}config,cn=config
> objectclass: olcconfig
> objectclass: olcMemberOf
> objectclass: olcoverlayconfig
> objectclass: top
> olcoverlay: memberof
>
> ldap_initialize( ldap://192.168.2.113:389/??base )
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> Obviously, that's a password problem.  My question is why?
> What step did I miss in my documentation?

Hard to say without knowing your ACL rules.


> Thank you!
> P.