Thanks for the version info, I have now compiled and installed 2.6.3.

Here is my slapd.ldif with the password redacted ...

#

# See slapd-config(5) for details on configuration options.

# This file should NOT be world readable.

#

dn: cn=config

objectClass: olcGlobal

cn: config

#

#

# Define global ACLs to disable default read access.

#

olcArgsFile: /usr/local/var/run/slapd.args

olcPidFile: /usr/local/var/run/slapd.pid

#

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#olcReferral: ldap://root.openldap.org

#

# Sample security restrictions

# Require integrity protection (prevent hijacking)

# Require 112-bit (3DES or better) encryption for updates

# Require 64-bit encryption for simple bind

#olcSecurity: ssf=1 update_ssf=112 simple_bind=64

#

# Load dynamic backend modules:

#

dn: cn=module,cn=config

objectClass: olcModuleList

cn: module

olcModulepath: /usr/local/libexec/openldap

olcModuleload: back_mdb.la

#olcModuleload: back_ldap.la

#olcModuleload: back_passwd.la

dn: cn=schema,cn=config

objectClass: olcSchemaConfig

cn: schema

include: file:///usr/local/etc/openldap/schema/core.ldif

#moose

include: file:///usr/local/etc/openldap/schema/cosine.ldif

include: file:///usr/local/etc/openldap/schema/nis.ldif

include: file:///usr/local/etc/openldap/schema/inetorgperson.ldif

# Frontend settings

#

dn: olcDatabase=frontend,cn=config

objectClass: olcDatabaseConfig

objectClass: olcFrontendConfig

olcAccess: {0}to dn.base="" by * read

olcAccess: {1}to dn.base="cn=Subschema" by * read

olcDatabase: frontend

#

# Sample global access control policy:

# Root DSE: allow anyone to read it

# Subschema (sub)entry DSE: allow anyone to read it

# Other DSEs:

# Allow self write access

# Allow authenticated users read access

# Allow anonymous users to authenticate

#

#olcAccess: to dn.base="" by * read

#olcAccess: to dn.base="cn=Subschema" by * read

#olcAccess: to *

# by self write

# by users read

# by anonymous auth

#

# if no access controls are present, the default policy

# allows anyone and everyone to read anything but restricts

# updates to rootdn. (e.g., "access to * by * read")

#

# rootdn can always read and write EVERYTHING!

#

#######################################################################

# LMDB database definitions

#######################################################################

#

dn: olcDatabase=mdb,cn=config

objectClass: olcDatabaseConfig

objectClass: olcMdbConfig

olcDatabase: mdb

olcDbMaxSize: 1073741824

olcSuffix: dc=my-domain,dc=com

olcRootDN: cn=Manager,dc=my-domain,dc=com

# Cleartext passwords, especially for the rootdn, should

# be avoided. See slappasswd(8) and slapd-config(5) for details.

# Use of strong authentication encouraged.

olcRootPW: PASSWORDNOTHERE

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

olcDbDirectory: /usr/local/var/openldap-data

# Indices to maintain

olcDbIndex: objectClass eq

dn: olcDatabase=monitor,cn=config

objectClass: olcDatabaseConfig

olcDatabase: monitor

olcRootDN: cn=config

olcMonitoring: FALSE

dn: olcDatabase=mdb,cn=config

objectClass: olcDatabaseConfig

objectClass: olcMdbConfig

olcDatabase: mdb

olcDbDirectory: /var/lib/ldap

olcSuffix: ou=people,o=emich.edu

olcAccess: {0}to attrs=userPassword by self write by * auth

olcAccess: {1}to attrs=shadowLastChange by self write by * read

olcAccess: {2}to attrs=userPKCS12 by self read by * none

olcAccess: {3}to * by * read

olcRootDN: cn=Administrator,ou=people,o=emich.edu

olcDbCacheSize: 10000

olcDbCheckpoint: 1024 5

olcDbMaxSize: 1073741824

olcSizeLimit: 50000

#olcDbConfig: {0}set_cachesize 0 15000000 1

#olcDbConfig: {1}set_lg_regionmax 262144

#olcDbConfig: {2}set_lg_bsize 2097152

#olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE

#olcDbConfig: {4}set_lk_max_locks 30000

#olcDbConfig: {5}set_lk_max_objects 30000

#olcDbIDLcacheSize: 30000

olcDbIndex: objectclass eq

olcDbIndex: uidNumber eq

olcDbIndex: gidNumber eq

olcDbIndex: member eq

olcDbIndex: memberUid eq

olcDbIndex: mail eq

olcDbIndex: cn eq,sub

olcDbIndex: displayName eq,sub

olcDbIndex: uid eq,sub

olcDbIndex: sn eq,sub

olcDbIndex: givenName eq,sub

structuralObjectClass: olcMdbConfig

entryUUID: b3baae2c-f8f6-1035-90eb-91daf978c9c3

creatorsName: cn=config

createTimestamp: 20160817184650Z

olcRootPW:: PASSWORDNOTHERE

entryCSN: 20160919185226.957088Z#000000#000#000000

modifiersName: cn=config

modifyTimestamp: 20160919185226Z

Thanks, Matt

On Tue, Feb 7, 2023 at 10:03 AM Quanah Gibson-Mount quanah@fast-mail.org wrote:

--On Monday, February 6, 2023 4:58 PM -0500 Matthew Goebel mgoebel@emich.edu wrote:

...

directory8.emich.edu : redhat ES 8 : hand rolled from source code ldap

[root@directory8.emich.edu:/root]# /usr/local/libexec/slapd -V

@(#) $OpenLDAP: slapd 2.6.X (Nov 15 2022 16:59:29) $

That's the engineering branch. It's not advised to run development code in production.

...

I can't seem to do global anonymous searches?

I don't understand ldap well enough to figure out what step or config

I've missed.

compile options used for openldap were

compile options should be irrelevant, this would be an ACL issue. You've not provided any information about the ACLs the deployment uses.

--Quanah