Hi Ulrich,

No. It was that I was tired and neglected to include the "-Y EXTERNAL" flag on my search.

And now it is more problems. Slapcat of cn=config indicated that ppolicy module was not loaded while ldapsearch indicated that it was. I applied the ppolicy overlay as follows:

dn: olcOverlay=ppolicy,olcDatabase={2}hdb,cn=config

objectClass: olcOverlayConfig

objectClass: olcPPolicyConfig

olcOverLay: ppolicy

olcPPolicyDefault: cn=default,ou=policies,dc=mydomain,dc=com

and now, slapcat -n 0 returns the following:

5ede54b5 UNKNOWN attributeDescription "OLCPPOLICYDEFAULT" inserted.
5ede54b5 config error processing olcOverlay={1}ppolicy,olcDatabase={2}hdb,cn=config:
slapcat: bad configuration file!

I assume this is because there is no olcModuleLoad attribute in the ldif for ppolicy. Would it be appropriate to remove the olcOverlay={1}ppolicy,oldDatabase={2}hdb.ldif file - since by my understanding ldapdelete does not work against cn=config

John Alexander

On Sun, Jun 7, 2020 at 10:57 PM Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> wrote:

>>> "John Alexander" <jalexander@concentricsky.com> schrieb am 06.06.2020 um 18:45
in Nachricht
<17901_1591478669_5EDC098C_17901_24_1_20200606164545.849.61910@hypatia.openldap.
rg>:
> Hi Howard,
>
> Well, that is interesting.
>
> [root@ldap3 ~]# ldapsearch -x -b cn=module{0},cn=config -H ldapi:///
> # extended LDIF
> #
> # LDAPv3
> # base <cn=module{0},cn=config> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object

Could it be that your user is not allowed to search/list that object?

>
> Would this indicate that LDAP does not think that there are any modules
> loaded? slapcat -n 0 | grep olcModuleLoad shows
> olcModuleLoad: {0}back_bdb
> olcModuleLoad: {1}syncprov
>
> I'm out of my depth on path forward now.
>
> John Alexander