(ITS#9064) client tools not recognizing BINDDN from ldap.conf

[fabrice.ducos@gmail.com]

Full_Name: Fabrice Ducos
Version: 2.4.48
OS: OSX 10.14.6 Mojave
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (90.110.219.170)


I have installed OpenLDAP 2.4.48 from sources with SASL support.

For the moment, I am not using SASL.
I have created a small toy directory with a few records. I have got no problem
reading it with the local utilities (slap cat, etc). Now I am in the course of
playing with the client tools.

In my ldap.conf, I have got the following directives:

URI ldap://localhost
BASE dc=myrealm,dc=mydomain,dc=org
BINDDN cn=root,ou=users,dc=myrealm,dc=mydomain,dc=org

(root is the name I gave to my the rootdn account in slapd.conf)

The ldap.conf file has been put at the right place under
/usr/local/etc/openldap

When I perform the following command:
ldapsearch -x -W -D 'cn=root,ou=users,dc=myrealm,dc=mydomain,dc=org' 
(with -x to force a simple binding)
I get the results I expect from the directory, starting from BASE (no need for a
-b option).

However, when I test:
ldapsearch -x -W
(with -D), I would expect to get the same result, the binding DN being set up
from ldap.conf BINDDN.
However, it fails:
Enter LDAP Password: 
ldap_bind: Invalid credentials (49)
(this is not a problem of password, otherwise it would also fail in the first
test; I use the same password in both).

I put the example files under incoming/binddn_2019-08-18 on your ftp server.
The passwords are unencrypted in these sample files (encryption of passwords in
another topic), but it doesn't explain why the root password from slapd.conf is
recognised with -W -D and not with -W alone.

Thank for your assistance.