Can’t access cn=config through Apache Directory Studio GUI

openldap

I am quite familiar with openldap. The dynamic configuration is quite new to me. So I wanted to make life easier and change openldap configuration through Apache Directory Studio GUI.

Openldap is installed on Debian Jessie and Version slapd 2.4.40+dfsg-1+deb8u1 amd64

Tried to follow this way:
http://gos.si/blog/installing-openldap-on-debian-squeeze-with-olc

But I can't access it:

ldapsearch -b cn=config -D cn=admin,dc=domain -W
result: 32 No such object

First I thought it has to do with the ACLs and removed everything, but no change.

ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config works

So why does the olcRootDN have no rights? Also in the GUI I don't see the cn=config.
Thanks in advance for any help!

Best Answer

So I answer it by myself, got it now, big confusion and misunderstanding of the dynamic configuration. Maybe someone has the same problem:

There is a difference between olcRootDN in dn: olcDatabase={1}mdb,cn=config and dn: olcDatabase={0}config,cn=config

in my case the olcRootDN in olcDatabase={0}config,cn=config was not set at all. So I added it like explained in the link and also olcRootPW.

Now I can access the cn=config in Apache Directory Studio GUI and edit it comfortable. It is good to have two different Passwords to not accidently delete something in cn=config

Best Answer

Related Solutions

Ldap – Change SAMBA password in LDAP with Apache Directory Studio

Ldap – can’t get “memberof” to work in the OpenLDAP config

Related Topic