ldapadd gives “no global superior knowledge” on default config

Background:

I’m installing a Prosody XMPP server and Kaiwa webclient on a DigitalOcean droplet.

Kaiwa has a one-click deploy-to-DO-droplet tool using Docker that I tried first, but it didn’t work – probably because I’m using the 512MB minimum DO VPS and it ran out of memory with half of the Docker images started.

  • docker cannot specify container connection
  • Linking Containers via Docker Remote API
  • Docker Cloud Service Discovery Two Containers
  • docker nginx load balancing not working with Azure
  • I can't set up Kubernetes in Centos 7: Unable to update cni config
  • Development dependencies in Dockerfile or separate Dockerfiles for production and testing
  • I wiped all those images, made a 1GB swap file for my droplet and am now following (as suggested) the Kaiwa GitHub README for “manual” install – which is essentially pulling and configuring four Docker images: postgresql, slapd, kaiwa-server, and kaiwa. Setting up the PostgreSQL image went without a hitch, and I ran into trouble with the LDAP one.

    Problem:

    Here are the instructions for configuring the LDAP Docker image:

    $ docker pull nickstenning/slapd
    $ docker run -d \
                 --name ldap \
                 -p 389:389 \
                 -e LDAP_DOMAIN=myorga \
                 -e LDAP_ORGANISATION=MyOrganisation \
                 -e LDAP_ROOTPASS=mypassword \
                 nickstenning/slapd
    $ wget https://raw.githubusercontent.com/digicoop/kaiwa-server/master/users.ldif
    $ ldapadd -h localhost -x -D cn=admin,dc=myorga -w mypassword -f users.ldif
    

    (I’ve omitted a number of sed commands used to replace sample data in users.ldif with personal data; I get the same error with both datasets.)

    After running the ldapadd command, I get this:

    adding new entry "ou=users,dc=example.com"
    ldap_add: Server is unwilling to perform (53)
        additional info: no global superior knowledge
    

    Experimenting shows that if I call ldapadd with user user1 and password user1pass, or if I call it with user admin but with the wrong admin password, I get a different error:

    ldap_bind: Invalid credentials (49)
    

    I assume this means that the second, docker run command worked and my LDAP server recognizes that the admin user and password passed to ldapadd are correct, but for some reason I’m asking it to attach users to places that don’t exist in the tree.

    I’ve never used LDAP before and I’m probably making some silly mistake. I’ve read this SO question (openldap "no global superior knowledge") and my problem is probably similar – but I wouldn’t expect a typo to exist when I’m using the developers’ default config file, and I haven’t found one myself yet.

  • How can I run a command on an existing container in IBM Bluemix?
  • Docker error while creating couchbase - ulimit: open files: cannot modify limit: Operation not permitted
  • Active directory accounts inside a windows container (server 2016 TP5)
  • fetch all maven dependencies including plugin dependencies
  • Cannot connect to MongoDB via node.js in Docker
  • How to create an automated build after the DockerHub redesign?
  • One Solution collect form web for “ldapadd gives “no global superior knowledge” on default config”

    You seem to have named the root of your LDAP DIT as dc=myorga. So an entry that requires ou=users,DC=example.com isn’t going to work. You’ll have to change that accordingly.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.