No such object (32) error is occuring:ldapsearch -x -LLL -H ldap://IP -D "cn=admin,dc=mynewdomain,dc=com" -W -b cn=config "(objectClass=*)"

Question

i have configured OpenLdap server and client, connection is successful, becouse i created a user and i logged in to that user account on ubuntu desktop. But when i type command like:

ldapsearch -x -LLL -H ldap://mynewdomain.com -D "cn=admin,dc=mynewdomain,dc=com" -W -b cn=config "(objectClass=olcDatabaseConfig)"

after some halt, Output:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Actually, after configuring OpenLdap, i wanted to make ACL for testing purposes:

command:

sudo ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn: olcDatabase={1}mdb,cn=config  # Replace {X} with the appropriate number for your database
changetype: modify
replace: olcAccess
olcAccess: {1}to dn.base="" by * read
EOF

output:

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}mdb,cn=config  # Replace {X} with the appropriate number for your database"
ldap_modify: Server is unwilling to perform (53)
        additional info: no global superior knowledge

i just want to know how to write and implement ACLs, but this error is occuring And then i googled it little bit, and it chained to that problem given above. Please help me, i am so stuck

Answer 1

after some halt, Output:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

A delay or timeout sounds like your firewall is blocking connections to the LDAP service.

You can make the ldap* commands more verbose by adding -d <level>, e.g. ldapsearch -d 7. (This is useful to reveal e.g. TLS certificate-related error messages.) In this case, though, it really looks like the service is literally not answering on port 389.

modifying entry "olcDatabase={1}mdb,cn=config  # Replace {X} with the appropriate number for your database"
ldap_modify: Server is unwilling to perform (53)
        additional info: no global superior knowledge

You forgot to delete the # comment from the LDIF file. (LDIF doesn't support "inline" comments; only full-line comments are recognized as such, and whoever wrote the tutorial ought to have used a full-line comment.) So because the comment is still there, the LDAP server thinks that you're trying to edit an entry under cn=config # Replace the X instead of the expected cn=config.

"No global superior knowledge" basically means "I don't have a matching database for this DN". (The wording of the error message actually implies "...and I also can't redirect you upwards to another server", because it's a relic of 1980s X.500 which imagined all directories would be interconnected, but you can ignore all that and treat it as a "No matching DB for this DN" error message.)