1

I'm following the steps in this thread: Basic openldap setup using slapd.d configuration

I created and saved my own .ldif file with the changes I needed and saved it as changes.ldif. Here is the contents of the file I made:

dn: olcDatabase={2}hdb,cn=config
changetype: modify

add: olcRootPW
olcRootPW: {SSHA}oRvzr9r1qQ7Cn3xN/efmeKJQzwS0wK6z

replace: olcRootDN
olcRootDN: cn=admin,dc=softura,dc=com

replace: olcSuffix
olcSuffix: dc=softura,dc=com

Then I executed the ldapmodify command:

ldapmodify -a -Q -Y EXTERNAL -H ldapi:/// -f changes.ldif

And I was told:

modifying entry "olcDatabse={2}hdb,cn=config"

So far so good, right? But if I then open the file olcDatabse={2}hdb.ldib... nothing has changed.

EDIT:

I've changed the content of my ldif file to:

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}oRvzr9r1qQ7Cn3xN/efmeKJQzwS0wK6z
-
replace: olcRootDN
olcRootDN: cn=admin,dc=softura,dc=com
-
replace: olcSuffix
olcSuffix: dc=softura,dc=com

Now when I execute the command, I get this:

ldap_modify: Inappropriate matching (18)

additional info: modify/add: olcRootPW: no equality matching rule

Community
  • 1
Casey Crookston
  • 333
  • 1
  • 3
  • 14

2 Answers2

2

Check the syntax of your changes.ldif. In my example, there are lines with just a - in there. These denote the end of the data block for an LDAP operation (like add or replace).

See man 5 ldif and RFC 2849.

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}oRvzr9r1qQ7Cn3xN/efmeKJQzwS0wK6z
-
replace: olcRootDN
olcRootDN: cn=admin,dc=softura,dc=com
-
replace: olcSuffix
olcSuffix: dc=softura,dc=com

LDIF files are quite arcane...

Community
  • 1
Sven
  • 97,248
  • 13
  • 177
  • 225
  • Thanks Sven! See the edit to my op. – Casey Crookston Sep 05 '19 at 14:38
  • Also, YES! This is very arcane. I tried yesterday to set up Apache Directory Studio, but I have NO IDEA what values to enter for all of the options, and I can't get it connected. I'm going to have to fight that battle next, but I want to get this solved first. – Casey Crookston Sep 05 '19 at 14:40
  • The error message I am now getting seems to imply that the change has already been made. Is there a reason I don't see the changes when I open the file `olcDatabase={2}hdb.ldif`? – Casey Crookston Sep 05 '19 at 15:07
0

The root of my problem was that a row for olcRootPW already existed. This seemed to be causing an abort at that point, as none of the following two replace commands were happening.

So, the immediate problem has been resolved.

However.... Now, olcRootDN and olcSuffix are being properly replaced. But, the existing row:

olcRootPW: e1NTSEF9b1J2enI5cjFxUTdDbjN4Ti9lZm1lS0pRendTMHdLNno=..

is being replaced NOT with:

olcRootPW: {SSHA}oRvzr9r1qQ7Cn3xN/efmeKJQzwS0wK6z

It just remains the same. I will open a new post for this.

Casey Crookston
  • 333
  • 1
  • 3
  • 14