RE: ldap_bind: Invalid credentials at LDAPADD step in the QuickStart Guide

[Dunne, Kenneth]

Quanah

  Thank you so very much.  Strangely,  I could not see that difference in those 
'dc' values.
This now works:

# cat example.ldif
      dn: dc=my-domain,dc=com
      objectclass: dcObject
      objectclass: organization
      o: My Example Company
      dc: my-domain

      dn: cn=Manager,dc=my-domain,dc=com
      objectclass: organizationalRole
      cn: Manager

/usr/local/bin/ldapadd -x -D "cn=Manager,dc=my-domain,dc=com" -w secret -f 
/usr/local/etc/openldap/example.ldif
      adding new entry "dc=my-domain,dc=com"
      adding new entry "cn=Manager,dc=my-domain,dc=com"

/usr/local/bin/ldapsearch -x -b 'dc=my-domain,dc=com' '(objectclass=*)'
      # my-domain.com
      dn: dc=my-domain,dc=com
      objectClass: dcObject
      objectClass: organization
      o: My Example Company
      dc: my-domain

      # Manager, my-domain.com
      dn: cn=Manager,dc=my-domain,dc=com
      objectClass: organizationalRole
      cn: Manager

      # search result
      search: 2
      result: 0 Success

-----Original Message-----
From: Quanah Gibson-Mount <qua...@symas.com>
Sent: Monday, December 23, 2019 12:02 PM
To: Dunne, Kenneth (SMO NAM RC-US RI PE PE-ENG OF) <kenneth.du...@siemens.com>; 
openldap-technical@openldap.org
Subject: RE: ldap_bind: Invalid credentials at LDAPADD step in the QuickStart 
Guide



--On Monday, December 23, 2019 5:34 PM +0000 "Dunne, Kenneth"
<kenneth.du...@siemens.com<mailto:kenneth.du...@siemens.com>> wrote:

> olcSuffix: dc=my-domain,dc=com
> olcRootDN: cn=Manager,dc=my-domain,dc=com
> olcRootPW: secret

And what is your ldapadd line?

Also your LDIF has:

dn: dc=my-example,dc=com
objectclass: dcObject
objectclass: organization
o: KEN Example Company
dc: example

dn: cn=Manager,dc=my-example,dc=com
objectclass: organizationalRole
cn: Manager

which clearly does not match "dc=my-domain,dc=com".  So even if you get the 
credentials right, the add will still fail, because you're trying to add a 
database for "dc=my-example,dc=com" into a namespace of "dc=my-domain,dc=com".  
You need to use a consistent namespace throughout the configuration, the 
credentials you will be using, and the database you will be loading.

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.symas.com&amp;data=02%7C01%7Ckenneth.dunne%40siemens.com%7C5734c2f900e64879018708d787d24d09%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637127209624839114&amp;sdata=h6eh0QXNokPeXs%2FNwpoorIZAt9AoU9b2baWFLqKKV0c%3D&amp;reserved=0>