ldapadd gives “no global superior knowledge” on default config

Background:

I’m installing a Prosody XMPP server and Kaiwa webclient on a DigitalOcean droplet.

Kaiwa has a one-click deploy-to-DO-droplet tool using Docker that I tried first, but it didn’t work – probably because I’m using the 512MB minimum DO VPS and it ran out of memory with half of the Docker images started.

  • Docker-compose mysql: import .sql
  • Run Hadoop with Docker (for both DEV and PROD environments)
  • Rename a project by keeping containers
  • How to handle permission inside a volume from docker?
  • Add SSL support to docker container
  • Docker image size not matching the announced size on https://github.com/docker-library/repo-info
  • I wiped all those images, made a 1GB swap file for my droplet and am now following (as suggested) the Kaiwa GitHub README for “manual” install – which is essentially pulling and configuring four Docker images: postgresql, slapd, kaiwa-server, and kaiwa. Setting up the PostgreSQL image went without a hitch, and I ran into trouble with the LDAP one.

    Problem:

    Here are the instructions for configuring the LDAP Docker image:

    $ docker pull nickstenning/slapd
    $ docker run -d \
                 --name ldap \
                 -p 389:389 \
                 -e LDAP_DOMAIN=myorga \
                 -e LDAP_ORGANISATION=MyOrganisation \
                 -e LDAP_ROOTPASS=mypassword \
                 nickstenning/slapd
    $ wget https://raw.githubusercontent.com/digicoop/kaiwa-server/master/users.ldif
    $ ldapadd -h localhost -x -D cn=admin,dc=myorga -w mypassword -f users.ldif
    

    (I’ve omitted a number of sed commands used to replace sample data in users.ldif with personal data; I get the same error with both datasets.)

    After running the ldapadd command, I get this:

    adding new entry "ou=users,dc=example.com"
    ldap_add: Server is unwilling to perform (53)
        additional info: no global superior knowledge
    

    Experimenting shows that if I call ldapadd with user user1 and password user1pass, or if I call it with user admin but with the wrong admin password, I get a different error:

    ldap_bind: Invalid credentials (49)
    

    I assume this means that the second, docker run command worked and my LDAP server recognizes that the admin user and password passed to ldapadd are correct, but for some reason I’m asking it to attach users to places that don’t exist in the tree.

    I’ve never used LDAP before and I’m probably making some silly mistake. I’ve read this SO question (openldap "no global superior knowledge") and my problem is probably similar – but I wouldn’t expect a typo to exist when I’m using the developers’ default config file, and I haven’t found one myself yet.

  • How to create a Docker image of centos provisioned with apache?
  • Pyfora Initialization error
  • How can I deal with security updates in my docker containers?
  • docker attach vs lxc-attach
  • Attaching network storage to a Docker container for Gitlab (ssh issue) [closed]
  • Docker-compose Adding Postgres Password
  • One Solution collect form web for “ldapadd gives “no global superior knowledge” on default config”

    You seem to have named the root of your LDAP DIT as dc=myorga. So an entry that requires ou=users,DC=example.com isn’t going to work. You’ll have to change that accordingly.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.