ldapadd gives “no global superior knowledge” on default config
I’m installing a Prosody XMPP server and Kaiwa webclient on a DigitalOcean droplet.
Kaiwa has a one-click deploy-to-DO-droplet tool using Docker that I tried first, but it didn’t work – probably because I’m using the 512MB minimum DO VPS and it ran out of memory with half of the Docker images started.
I wiped all those images, made a 1GB swap file for my droplet and am now following (as suggested) the Kaiwa GitHub README for “manual” install – which is essentially pulling and configuring four Docker images:
kaiwa. Setting up the PostgreSQL image went without a hitch, and I ran into trouble with the LDAP one.
Here are the instructions for configuring the LDAP Docker image:
$ docker pull nickstenning/slapd $ docker run -d \ --name ldap \ -p 389:389 \ -e LDAP_DOMAIN=myorga \ -e LDAP_ORGANISATION=MyOrganisation \ -e LDAP_ROOTPASS=mypassword \ nickstenning/slapd $ wget https://raw.githubusercontent.com/digicoop/kaiwa-server/master/users.ldif $ ldapadd -h localhost -x -D cn=admin,dc=myorga -w mypassword -f users.ldif
(I’ve omitted a number of
sed commands used to replace sample data in
users.ldif with personal data; I get the same error with both datasets.)
After running the
ldapadd command, I get this:
adding new entry "ou=users,dc=example.com" ldap_add: Server is unwilling to perform (53) additional info: no global superior knowledge
Experimenting shows that if I call
ldapadd with user
user1 and password
user1pass, or if I call it with user
admin but with the wrong admin password, I get a different error:
ldap_bind: Invalid credentials (49)
I assume this means that the second,
docker run command worked and my LDAP server recognizes that the admin user and password passed to
ldapadd are correct, but for some reason I’m asking it to attach users to places that don’t exist in the tree.
I’ve never used LDAP before and I’m probably making some silly mistake. I’ve read this SO question (openldap "no global superior knowledge") and my problem is probably similar – but I wouldn’t expect a typo to exist when I’m using the developers’ default config file, and I haven’t found one myself yet.
One Solution collect form web for “ldapadd gives “no global superior knowledge” on default config”
You seem to have named the root of your LDAP DIT as
dc=myorga. So an entry that requires
ou=users,DC=example.com isn’t going to work. You’ll have to change that accordingly.