I've been attempting to set up a directory using openldap, and I've
run into a roadblock.
Working through the quick-start section of
http://www.openldap.org/doc/admin22/quickstart.html, I can't get by
step 2, "Add initial entries to your directory."
$ ldapadd -w secret -x -D "cn=Manager,dc=s,dc=com" -f record.ldif
Enter LDAP Password: [type `secret' here]
ldap_bind: Inappropriate authentication (48)
I can add the initial entries via slapadd, but not via the server.
After spending several hours trying to figure out why, I still haven't
been able to get around the problem. Below are my slapd.conf and the
record.ldif (from above).
I started with no `access to' directives - the ones below were taken
from http://www.openldap.org/faq/data/cache/171.html, and mailing list
posts I've found via google.
Running slapd with `-d 192' I can see it reading the rootdn and rootpw
attributes from slapd.conf, but it still doesn't seem to accept the
`rootpw' value.
Help?
------------ uname ----------------------
# using openldap that comes with the `Client' version Mac OS 10.3
# (version 2.1.22)
$ uname -a Darwin spud.local 7.5.0 Darwin Kernel Version 7.5.0: Thu Aug 5 19:26:16 PDT 2004; root:xnu/xnu-517.7.21.obj~3/RELEASE_PPC Power Macintosh powerpc
-----------------------------------------
------------ record.ldif ----------------
dn: dc=s,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: s
dn: cn=Manager,dc=s,dc=com
objectclass: organizationalRole
cn: Manager
------------------------------------------
------------- slapd.conf -----------------
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to dn.base="" by * read
access to dn.base="dc=s,dc=com" by * read
access to attr=userpassword
by self write
by anonymous auth
by * none
access to *
by self write
by users read
by anonymous auth
allow bind_v2
#######################################################################
# BDB database definitions
#######################################################################
database dbd
Suffix "dc=s,dc=com"
rootdn "cn=Manager,dc=s,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/lib/openldap-data
# Indices to maintain
index objectClass eq
--------------------------------------------