RE: ldap_bind: Invalid credentials at LDAPADD step in the QuickStart Guide

Quanah

Thank you so very much. Strangely, I could not see that difference in those 'dc' values. This now works:

# cat example.ldif dn: dc=my-domain,dc=com objectclass: dcObject objectclass: organization o: My Example Company dc: my-domain

dn: cn=Manager,dc=my-domain,dc=com objectclass: organizationalRole cn: Manager

/usr/local/bin/ldapadd -x -D "cn=Manager,dc=my-domain,dc=com" -w secret -f /usr/local/etc/openldap/example.ldif adding new entry "dc=my-domain,dc=com" adding new entry "cn=Manager,dc=my-domain,dc=com"

/usr/local/bin/ldapsearch -x -b 'dc=my-domain,dc=com' '(objectclass=*)' # my-domain.com dn: dc=my-domain,dc=com objectClass: dcObject objectClass: organization o: My Example Company dc: my-domain

# Manager, my-domain.com dn: cn=Manager,dc=my-domain,dc=com objectClass: organizationalRole cn: Manager

# search result search: 2 result: 0 Success

-----Original Message----- From: Quanah Gibson-Mount quanah@symas.com Sent: Monday, December 23, 2019 12:02 PM To: Dunne, Kenneth (SMO NAM RC-US RI PE PE-ENG OF) kenneth.dunne@siemens.com; openldap-technical@openldap.org Subject: RE: ldap_bind: Invalid credentials at LDAPADD step in the QuickStart Guide

--On Monday, December 23, 2019 5:34 PM +0000 "Dunne, Kenneth" <kenneth.dunne@siemens.commailto:kenneth.dunne@siemens.com> wrote:

olcSuffix: dc=my-domain,dc=com olcRootDN: cn=Manager,dc=my-domain,dc=com olcRootPW: secret

And what is your ldapadd line?

Also your LDIF has:

dn: dc=my-example,dc=com objectclass: dcObject objectclass: organization o: KEN Example Company dc: example

dn: cn=Manager,dc=my-example,dc=com objectclass: organizationalRole cn: Manager

which clearly does not match "dc=my-domain,dc=com". So even if you get the credentials right, the add will still fail, because you're trying to add a database for "dc=my-example,dc=com" into a namespace of "dc=my-domain,dc=com". You need to use a consistent namespace throughout the configuration, the credentials you will be using, and the database you will be loading.

Regards, Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.symas.com&data=02%7C01%7Ckenneth.dunne%40siemens.com%7C5734c2f900e64879018708d787d24d09%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637127209624839114&sdata=h6eh0QXNokPeXs%2FNwpoorIZAt9AoU9b2baWFLqKKV0c%3D&reserved=0