Dan White wrote:
On 03/29/14 09:41 -0500, Peng Yu wrote:
On Sat, Mar 29, 2014 at 8:32 AM, Dan White dwhite@olp.net wrote:
On 03/28/14 22:21 -0500, Peng Yu wrote:
I get the following error.
pengy@openldapserver:~$ ldapadd -x -D cn=admin,cn=config -W -f ~/sudoWork/cn=sudo.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)
This means that either 'cn=admin,cn=config' does not match your oldRootDN, or (/and) the password you are providing does not match your oldRootPW. You may get an idea of which is the case by viewing your config with:
slapcat -n0
I assume that this should be run on the server not the client. Here is what I get. But I have no idea what to look at. Would you please help me understand how it can be used for debugging my case.
Read the fine manual:
See the slapd-config(5) manpage, and http://www.openldap.org/doc/admin24/slapdconf2.html
pengy@openldapserver:~$ sudo slapcat -n0
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break structuralObjectClass: olcDatabaseConfig entryUUID: a3343a42-465f-1033-9540-f5ee9a20f09d creatorsName: cn=config createTimestamp: 20140322224706Z entryCSN: 20140322224706.118986Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20140322224706Z
You have no olcRootDN listed for your configuration database, which, as I understand it, means you have no capability to modify your config using ldapadd. For a solution, see:
Not necessary, since he has an ACL giving access to Unix root over ldapi://
http://www.openldap.org/lists/openldap-technical/201211/msg00195.html