Thanks Alex for replying,
I was rather optimistic about this until I realized I have bigger problems now,
I had been putting the subordinate directive in the definition for the
back_ldap db, not the normal hdb on openldap
OK so I have a whole lot of problems at this point.
I believe I have seriously broken something in trying to slaptest or ldapadd a
bunch of slapd.conf/ldif files, following various tutorials. Tried to follow
your steps this morning but found I was getting -
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
and more often than not was unable to authenticate, either in CLI or by Apache
directory studio.
So once again I apt-get purge --auto-remove slapd ldap-utils and installed
again, however I found that all the broken configuration I had tried so far was
immediately back in /etc/ldap/slapd.d again as soon as I installed. (not the
default config which would be in there immediately after install, the big list
of faulty databases I had added erroneously before). I had checked and the
whole /etc/ldap directory WAS removed during the purge.
So I ran the purge again, then ran a find and deleted /var/lib/ldap and
/usr/lib/ldap, then installed again.
Now, when I tried to start again, following
http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html to start with,
I can't even get off the starting line!
My first step, running sudo ldapadd -Y EXTERNAL -H ldapi:/// -f
/etc/ldap/schema/cosine.ldif returns -
ldap_add: Other (e.g., implementation specific) error (80)
additional info: olcAttributeTypes: Duplicate attributeType:
"0.9.2342.19200300.100.1.2"
and I get the same response ldapadding pretty much anything, with a different
value for attributeType. Again it appears that purging and reinstalling does
not get me back to a default installation but I am not sure what else I need to
delete.
On another note, following your advice, this is essentially what I have boiled
my slapd.conf down to (for once I can actually use openLDAP again). Do you see
any glaring omissions or obvious errors here?
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
moduleload back_ldap.la
moduleload back_hdb.la
# Specify first database
database hdb
suffix "dc=external users,dc=companyname,dc=local"
rootdn "cn=admin,dc=companyname,dc=local"
rootpw secret
directory /var/lib/ldap/
subordinate advertise
# Specify other databases
database ldap
suffix "dc=companyname,dc=local"
rootdn "cn=admin,dc=companyname,dc=local"
uri ldap://companyname.local/
rebind-as-user TRUE
chase-referrals TRUE
