ldapadd gives “no global superior knowledge” on default config


I’m installing a Prosody XMPP server and Kaiwa webclient on a DigitalOcean droplet.

Kaiwa has a one-click deploy-to-DO-droplet tool using Docker that I tried first, but it didn’t work – probably because I’m using the 512MB minimum DO VPS and it ran out of memory with half of the Docker images started.

  • Collect only from STDERR when using Docker syslog logging driver
  • Docker on mac with VirtualBox VM in Bridged mode
  • Kubernetes pod not binding volumes to container
  • Kafka producer configuration and docker
  • Docker container doesn't reload Angular app
  • AWS EC2 - connection refused running docker container
  • I wiped all those images, made a 1GB swap file for my droplet and am now following (as suggested) the Kaiwa GitHub README for “manual” install – which is essentially pulling and configuring four Docker images: postgresql, slapd, kaiwa-server, and kaiwa. Setting up the PostgreSQL image went without a hitch, and I ran into trouble with the LDAP one.


    Here are the instructions for configuring the LDAP Docker image:

    $ docker pull nickstenning/slapd
    $ docker run -d \
                 --name ldap \
                 -p 389:389 \
                 -e LDAP_DOMAIN=myorga \
                 -e LDAP_ORGANISATION=MyOrganisation \
                 -e LDAP_ROOTPASS=mypassword \
    $ wget https://raw.githubusercontent.com/digicoop/kaiwa-server/master/users.ldif
    $ ldapadd -h localhost -x -D cn=admin,dc=myorga -w mypassword -f users.ldif

    (I’ve omitted a number of sed commands used to replace sample data in users.ldif with personal data; I get the same error with both datasets.)

    After running the ldapadd command, I get this:

    adding new entry "ou=users,dc=example.com"
    ldap_add: Server is unwilling to perform (53)
        additional info: no global superior knowledge

    Experimenting shows that if I call ldapadd with user user1 and password user1pass, or if I call it with user admin but with the wrong admin password, I get a different error:

    ldap_bind: Invalid credentials (49)

    I assume this means that the second, docker run command worked and my LDAP server recognizes that the admin user and password passed to ldapadd are correct, but for some reason I’m asking it to attach users to places that don’t exist in the tree.

    I’ve never used LDAP before and I’m probably making some silly mistake. I’ve read this SO question (openldap "no global superior knowledge") and my problem is probably similar – but I wouldn’t expect a typo to exist when I’m using the developers’ default config file, and I haven’t found one myself yet.

  • Install gems on docker
  • Locale.Error with building python based docker
  • GitLab CE Docker SMTP
  • docker volume: subdirectories are missing
  • Docker-compose volumes doesn't copy any files
  • Kubernetes how to run container only after volume(nfs) is mounted
  • One Solution collect form web for “ldapadd gives “no global superior knowledge” on default config”

    You seem to have named the root of your LDAP DIT as dc=myorga. So an entry that requires ou=users,DC=example.com isn’t going to work. You’ll have to change that accordingly.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.