1 (edited by jdlpc 2021-04-09 01:37:30)

Topic: olcRootPW OpenLDAP cn=config entry missing admin password

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): iRedMail Free
- Deployed with iRedMail Easy or the downloadable installer? Installer
- Linux/BSD distribution name and version:  UBuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Im trying to use ldapmodify to add some new OLC directives to "cn=config" file of the
  LDAP server, however im unable to do so with the credentials provided for  "cn=Manager" , i get the error

modifying entry "cn=config,dc=mydomain,dc=com"
ldap_modify: Insufficient access (50)

When i try to use "cn=admin,dc=mydomain,dc=com" i cant make it work because i dont know the password for the admin account.

The problem is that iRedMail installs by its own without giving you this password. I have checked the "tips" file  at the end of the installation and tried all the passwords there for  LDAP  but none of them belong to the dc=admin account , so...

What i need is the olcRootPW, where can i find it?

This is the same as the LDAP config administration password, where is it?

Im also unable to use ldapi  external authentication, i get this error

SASL/EXTERNAL authentication started
SASL username: gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
ldap_add: Insufficient access (50)

What Im trying to do is run the ldapadd/ldapmodify commands to setup a provider - consumer replication of the LDAP database :

ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif

Im considering buying the software but not before we can work this out,
Please advise

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: olcRootPW OpenLDAP cn=config entry missing admin password

iRedMail doesn't use slapd.d for configuration, it uses /etc/ldap/slapd.conf instead.

3 (edited by jdlpc 2021-04-13 04:39:52)

Re: olcRootPW OpenLDAP cn=config entry missing admin password

Thank you!

Im trying to setup replication (provider / consumer) scenario, being the iredmail ldap database the provider, i have installed another LDAP server on my premises (consumer) and im trying to fetch all LDAP objects (accounts and passwords too), im using these instructions.

https://3bmahv3xwn6030jbn72hlx3j-wpengi … ncrepl.pdf

Have you done something similar? Any ideas?

4

Re: olcRootPW OpenLDAP cn=config entry missing admin password

OpenLDAP website has document about replication. smile