You are, of course, correct about my having not compiled slapd, I misspoke. 

 

 I sorted out what was happening. I was using the ldapadd command syntax from the Quick-Start guide, which doesn't use the '-H ldap:///' parameter, so ldapadd was picking up defaults from /etc/ldap/ldap.conf and happily talking to our existing production slapd, running on a different server (which of course does require secure binds).

However, when I added '-H ldap:///' to the ldapadd command, ensuring that the ldap traffic was now going to the correct server (headpalm), the command fails with "ldap_bind: Invalid credentials (49)". 

At this point the olcRootPW in my slapd.ldif is the default ("secret"), and I can see that the base64 encoded olcRootPW in "slapd.d/cn=config/olcDatabase={1}mdb.ldif" is "olcRootPW:: c2VjcmV0" (which is, in fact the base64 encoding for "secret").

Does anyone have debugging approaches that might help me sort out why slapd isn't happy with the password?  Also with regard to this mailing list's protocol, would it be better to ask this question in a separate thread?

(It's humbling to be asking such phenomenally basic questions, having built and managed our existing openldap servers for many many years.)

Ben