Hi Ulrich,

No.  It was that I was tired and neglected to include the "-Y EXTERNAL" flag on my search.

And now it is more problems.  Slapcat of cn=config indicated that ppolicy module was not loaded while ldapsearch indicated that it was.  I applied the ppolicy overlay as follows:

dn: olcOverlay=ppolicy,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverLay: ppolicy
olcPPolicyDefault: cn=default,ou=policies,dc=mydomain,dc=com

and now, slapcat -n 0 returns the following:

5ede54b5 UNKNOWN attributeDescription "OLCPPOLICYDEFAULT" inserted.
5ede54b5 config error processing olcOverlay={1}ppolicy,olcDatabase={2}hdb,cn=config:
slapcat: bad configuration file!

I assume this is because there is no olcModuleLoad attribute in the ldif for ppolicy.  Would it be appropriate to remove the olcOverlay={1}ppolicy,oldDatabase={2}hdb.ldif file - since by my understanding ldapdelete does not work against cn=config

John Alexander

On Sun, Jun 7, 2020 at 10:57 PM Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> wrote:
>>> "John Alexander" <jalexander@concentricsky.com> schrieb am 06.06.2020 um 18:45
in Nachricht
> Hi Howard,
> Well, that is interesting.
> [root@ldap3 ~]# ldapsearch -x -b cn=module{0},cn=config -H ldapi:///
> # extended LDIF
> #
> # LDAPv3
> # base <cn=module{0},cn=config> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
> # search result
> search: 2
> result: 32 No such object

Could it be that your user is not allowed to search/list that object?

> Would this indicate that LDAP does not think that there are any modules
> loaded?  slapcat -n 0 | grep olcModuleLoad  shows
> olcModuleLoad: {0}back_bdb
> olcModuleLoad: {1}syncprov
> I'm out of my depth on path forward now.
> John Alexander

John Alexander
Systems Administrator
E: jalexander@concentricsky.com
Concentric Sky, Inc