I've been walking through this tutorial and kept getting errors — likely because I was typing it in manually — so I retried, executing it after entering in

# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb

# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=example,dc=local
olcDbDirectory: /var/lib/ldap

It worked, so I typed in the rest and re-executed:

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif

and now it says

ldap_add: Other (e.g., implementation specific) error (80)
    additional info: <olcSuffix> namingContext "dc=home,dc=local" already served by a preceding hdb database

Which, as I would guess, means that it can't complete the ldapadd because one already exists under the same name.

I tried deleting it using (from here):

sudo ldapdelete 'dc=example,dc=local'

and it's asking for a password, of which my password doesn't work and there was nothing set as the olcRootPW in the initial setup.

How do I use ldapdelete in this context so I can re-setup this database?

Best Answer

Generally the initial setup process for cn=config isn't very easy and there are plenty of ways to shoot yourself in the foot in the process. However, remember that cn=config is stored in LDIF format files in slapd.d (usually in ${prefix}/etc/openldap/) and can be edited by hand (carefully and while slapd isn't running). So if you've locked yourself out (no RootDN/RootPW) or completely mangled your cn=config somehow, you can always fix it there.

A good way to get a basic config going is to actually do it in the old style slapd.conf fashion and then convert it to slapd.d (using slaptest -f -F) once the basic stuff (databases, modules and a RootDN/RootPW) is sorted.

