I'm new to OpenLDAP (but not Microsoft Active Directory) and reading zytrax's openldap guide. I'm using OpenLDAP 2.4.44 on CentOS 7.4, as shown here:
@(#) $OpenLDAP: slapd 2.4.44 (Aug 4 2017 14:23:27) $
[email protected]:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
I want to add cosine (and later inetorgperson) schemas, but this fails:
ldapadd -f /etc/openldap/schema/cosine.ldif
ldap_sasl_interactive_bind_s: No such attribute (16)
Whereas this works:
ldapadd -H ldapi:/// -Y EXTERNAL -f /etc/openldap/schema/cosine.ldif
Can anybody explain why? Apparently, ldapi:// -Y EXTERNAL seems to indicate SASL, but I haven't found zytrax's explanation of why/when to use ldapi:// instead of ldapadd commands in OLC.
You use
ldapadd -H ldapi:/// -Y EXTERNAL ...
when you want to modifycn=config
- the LDAP config itself. LDAP schema is a part ofcn=config
.-H ldapi:///
- use UNIX-domain socket (/var/run/ldapi
)-Y EXTERNAL
- use EXTERNAL mechanism for SASLI'm not an expert in SASL mechanisms but in this case authentication will succeed if user has UID and GID equal to 0 - is a root.