ldapadd gives “no global superior knowledge” on default config

Background:

I’m installing a Prosody XMPP server and Kaiwa webclient on a DigitalOcean droplet.

Kaiwa has a one-click deploy-to-DO-droplet tool using Docker that I tried first, but it didn’t work – probably because I’m using the 512MB minimum DO VPS and it ran out of memory with half of the Docker images started.

  • How to enable SCM polling with the Jenkins Pipeline plugin
  • Explanation about Supervisor and tail over Apache's error.log
  • Sending spark-submit inside a docker container to a YARN cluster
  • Resend messages from RabbitMQ works strange
  • Heroku-docker not working on osx
  • Mount a volume while using a docker container in Azure App Service
  • I wiped all those images, made a 1GB swap file for my droplet and am now following (as suggested) the Kaiwa GitHub README for “manual” install – which is essentially pulling and configuring four Docker images: postgresql, slapd, kaiwa-server, and kaiwa. Setting up the PostgreSQL image went without a hitch, and I ran into trouble with the LDAP one.

    Problem:

    Here are the instructions for configuring the LDAP Docker image:

    $ docker pull nickstenning/slapd
    $ docker run -d \
                 --name ldap \
                 -p 389:389 \
                 -e LDAP_DOMAIN=myorga \
                 -e LDAP_ORGANISATION=MyOrganisation \
                 -e LDAP_ROOTPASS=mypassword \
                 nickstenning/slapd
    $ wget https://raw.githubusercontent.com/digicoop/kaiwa-server/master/users.ldif
    $ ldapadd -h localhost -x -D cn=admin,dc=myorga -w mypassword -f users.ldif
    

    (I’ve omitted a number of sed commands used to replace sample data in users.ldif with personal data; I get the same error with both datasets.)

    After running the ldapadd command, I get this:

    adding new entry "ou=users,dc=example.com"
    ldap_add: Server is unwilling to perform (53)
        additional info: no global superior knowledge
    

    Experimenting shows that if I call ldapadd with user user1 and password user1pass, or if I call it with user admin but with the wrong admin password, I get a different error:

    ldap_bind: Invalid credentials (49)
    

    I assume this means that the second, docker run command worked and my LDAP server recognizes that the admin user and password passed to ldapadd are correct, but for some reason I’m asking it to attach users to places that don’t exist in the tree.

    I’ve never used LDAP before and I’m probably making some silly mistake. I’ve read this SO question (openldap "no global superior knowledge") and my problem is probably similar – but I wouldn’t expect a typo to exist when I’m using the developers’ default config file, and I haven’t found one myself yet.

  • Jenkins - Cannot run program “docker”
  • Viewing output of stopped Docker container
  • Docker Build: Missing Dependency
  • Redis as session storage for WordPress in docker
  • How do I expose Docker a Docker port via Kubernetes in Google Cloud?
  • Create a ASP.net Core project with Docker Support for Windows
  • One Solution collect form web for “ldapadd gives “no global superior knowledge” on default config”

    You seem to have named the root of your LDAP DIT as dc=myorga. So an entry that requires ou=users,DC=example.com isn’t going to work. You’ll have to change that accordingly.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.