To clarify some:
As I understand it, the interface I use is for admin purposes only, doing changes from root@localhost without any cn credentials. In fact, I created an admin account from the same interface, which could import schemas, create OU and CN entries, and generally behaving like expected for everything except enabling modules. I used this guide: http://albanianwizard.org/ubuntu-10-0-4-lucid-lynx-ldap-configuration-the-working-how-to.albanianwizard to get this working as I expected. (Note the modifications to cn=config here, which worked fine for me)
Openldap no longer have any config file, so all config changes is done through this interface. Using the CN=admin,DC=domain,DC=com created from the guide above return the same insufficient error message. I have also attempted to force the use of a slapd.conf file, which I ported from 8.04 conf file, without success. I also attempted an strace to follow the login procedure without getting any other message than the generic ‘Insufficient access’, or any reference to what permissions it checks.
What I can’t figure out is why the admin account doesn’t have access by default, or how/what to change in order to allow access. But I suspect there is something other than simple missing admin permissions going on here. I also attempted to change permissions and ownership of any files related to slapd, also with the same result. Any ideas on what to look for?
Attempting to enable memberOf module, following http://dimaj.net:1784/blog/2010/07/howto-verify-that-a-member-is-part-of-a-secondary-group-in-openldap/ gives me: ldap_modify: Insufficient access (50) - I am root on Ubuntu 10.04 using slapd package. What am I doing wrong?