I've been using the Symas OpenLDAP debian packages, and following the Quick-Start guide for 2.5: https://www.openldap.org/doc/admin25/quickstart.html
Following steps 1 - 10 has been straight forward, but when I get to step 11 (Add initial entries to your directory), I run into trouble when running the ldapadd command:
root@openldap-x:/opt/symas/etc/openldap# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f bootstrap.ldif Enter LDAP Password: ldap_bind: Confidentiality required (13) additional info: confidentiality required root@openldap-x:/opt/symas/etc/openldap#
I used the provided slapd.ldif.default to seed the cn=config (updating it with the appropriate domain components), as per the instructions in the Quick-Start, so slapd isn't yet configured to run with ssl or starttls. Is there a default SSF factor that I should adjust to get past this bootstrapping failure? I don't see anything like that explicitly set in the configs that were rendered into /opt/symas/etc/openldap/slapd.d, from my slapd.ldif.
I'm not new to openldap, but this is the first time I've used the Symas packages and also the first time trying to use olc instead of a slapd.conf based configuration.
Ben
--On Wednesday, February 23, 2022 12:31 PM -0800 Ben Poliakoff benp@reed.edu wrote:
I've been using the Symas OpenLDAP debian packages, and following the Quick-Start guide for 2.5: https://www.openldap.org/doc/admin25/quickstart.html
Following steps 1 - 10 has been straight forward, but when I get to step 11 (Add initial entries to your directory), I run into trouble when running the ldapadd command:
Steps 1-7 involve building the software, which I would not expect you to be doing if you're using Symas' packages?
In any case, I have no idea what changes you made to the original LDIF. I have no such issue doing only the changes advised in the quickstart guide:
diff -u slapd.ldif.default slapd.ldif --- slapd.ldif.default 2022-01-27 18:23:12.000000000 +0000 +++ slapd.ldif 2022-02-23 20:40:22.476435514 +0000 @@ -79,8 +79,8 @@ objectClass: olcMdbConfig olcDatabase: mdb olcDbMaxSize: 1073741824 -olcSuffix: dc=my-domain,dc=com -olcRootDN: cn=Manager,dc=my-domain,dc=com +olcSuffix: dc=example,dc=com +olcRootDN: cn=Manager,dc=example,dc=com # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd-config(5) for details. # Use of strong authentication encouraged.
mkdir -p /opt/symas/etc/openldap/slapd.d slapadd -n 0 -l slapd.ldif -F /opt/symas/etc/openldap/slapd.d systemctl start slapd
cat bootstrap.ldif dn: dc=example,dc=com objectClass: dcObject objectClass: organization o: dc=example,dc=com dc: example
ldapadd -x -H ldap:/// -D cn=manager,dc=example,dc=com -W -f bootstrap.ldif Enter LDAP Password: adding new entry "dc=example,dc=com"
Regards, Quanah
openldap-technical@openldap.org