All
I am new to LDAP, reading through the quickstart guide, and the first 6 chapters of the OpenLDAP Admin Guide leaves me with being unable to add entries into LDAP.
I’ve compiled from sources per chapter 4, and also tried the YUM installed versions of the ldap client and server on my CentOS-7, with the same result.
Summarized, the steps I am performing after the build/install of both master (as of Dec-19-2019) and tag OPENLDAP_REL_ENG_2_4_48 are:
sudo mkdir /usr/local/etc/openldap/slapd.d
sudo chmod 777 /usr/local/etc/openldap/slapd.d
sudo mkdir /usr/local/var/openldap-data
sudo chmod 700 /usr/local/var/openldap-data
# succeeds: using the install-provided- slapd.ldif (see below)
sudo /usr/local/sbin/slapadd -n 0 -F /usr/local/etc/openldap/slapd.d -l /usr/local/etc/openldap/slapd.ldif
# succeeds:
sudo /usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.d
# succeeds:
sudo /usr/local/bin/ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# NOTE not sudo, per the quickstart guide, FAILS with “ldap_bind: Invalid credentials (49)”
/usr/local/bin/ldapadd -x -D "cn=Manager,dc=example,dc=com" -w secret -f /usr/local/etc/openldap/example.ldif
Example.ldif per the quickstart guide: ---------------------
dn: dc=my-example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example
dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager
slapd.ldif per the install ---------------------
#
# See slapd-config(5) for details on configuration options.
# This file should NOT be world readable.
#
dn: cn=config
objectClass: olcGlobal
cn: config
#
#
# Define global ACLs to disable default read access.
#
olcArgsFile: /usr/local/var/run/slapd.args
olcPidFile: /usr/local/var/run/slapd.pid
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#olcReferral: ldap://root.openldap.org
#
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 64-bit encryption for simple bind
#olcSecurity: ssf=1 update_ssf=112 simple_bind=64
#
# Load dynamic backend modules:
#
#dn: cn=module,cn=config
#objectClass: olcModuleList
#cn: module
#olcModulepath: /usr/local/libexec/openldap
#olcModuleload: back_mdb.la
#olcModuleload: back_ldap.la
#olcModuleload: back_passwd.la
#olcModuleload: back_shell.la
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include:
file:///usr/local/etc/openldap/schema/core.ldif
# Frontend settings
#
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
#
# Sample global access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#olcAccess: to dn.base="" by * read
#olcAccess: to dn.base="cn=Subschema" by * read
#olcAccess: to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#
#######################################################################
# LMDB database definitions
#######################################################################
#
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbMaxSize: 1073741824
olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=Manager,dc=my-domain,dc=com
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd-config(5) for details.
# Use of strong authentication encouraged.
olcRootPW: secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
olcDbDirectory: /usr/local/var/openldap-data
# Indices to maintain
olcDbIndex: objectClass eq