Thanks Alex for replying,

 

I was rather optimistic about this until I realized I have bigger problems now, I had been putting the subordinate directive in the definition for the back_ldap db, not the normal hdb on openldap

 

OK so I have a whole lot of problems at this point.

 

I believe I have seriously broken something in trying to slaptest or ldapadd a bunch of slapd.conf/ldif files, following various tutorials. Tried to follow your steps this morning but found I was getting -

 

ldap_add: Server is unwilling to perform (53)

        additional info: no global superior knowledge

 

and more often than not was unable to authenticate, either in CLI or by Apache directory studio.

So once again I apt-get purge --auto-remove slapd ldap-utils and installed again, however I found that all the broken configuration I had tried so far was immediately back in /etc/ldap/slapd.d again as soon as I installed. (not the default config which would be in there immediately after install, the big list of faulty databases I had added erroneously before). I had checked and the whole /etc/ldap directory WAS removed during the purge.

 

So I ran the purge again, then ran a find and deleted /var/lib/ldap and /usr/lib/ldap, then installed again.

 

Now, when I tried to start again, following http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html to start with, I can't even get off the starting line!

My first step, running sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif returns -

 

ldap_add: Other (e.g., implementation specific) error (80)

additional info: olcAttributeTypes: Duplicate attributeType: "0.9.2342.19200300.100.1.2"

 

and I get the same response ldapadding pretty much anything, with a different value for attributeType. Again it appears that purging and reinstalling does not get me back to a default installation but I am not sure what else I need to delete.

 

On another note, following your advice, this is essentially what I have boiled my slapd.conf down to (for once I can actually use openLDAP again). Do you see any glaring omissions or obvious errors here?

 

include /etc/openldap/schema/core.schema

include /etc/openldap/schema/cosine.schema

include /etc/openldap/schema/inetorgperson.schema

moduleload back_ldap.la

moduleload back_hdb.la

 

# Specify first database

 

database hdb

suffix "dc=external users,dc=companyname,dc=local"

rootdn "cn=admin,dc=companyname,dc=local"

rootpw secret

directory /var/lib/ldap/

subordinate advertise

 

# Specify other databases

 

database ldap

suffix "dc=companyname,dc=local"

rootdn "cn=admin,dc=companyname,dc=local"

uri ldap://companyname.local/

rebind-as-user TRUE

chase-referrals TRUE