Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?

[Dan White <dwhite@olp.net>]

On 03/28/14 22:21 -0500, Peng Yu wrote:
> I get the following error.
>
> pengy@openldapserver:~$ ldapadd -x -D cn=admin,cn=config -W -f
> ~/sudoWork/cn\=sudo.ldif
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> Here is the log. Does anybody know what the log means and how to fix
> the problem? Thanks.
>
> pengy@openldapserver:~$ tail -n 5 /var/log/syslog
> Mar 28 22:20:07 openldapserver slapd[972]: conn=1460 fd=21 ACCEPT from
> IP=127.0.0.1:47481 (IP=0.0.0.0:389)
> Mar 28 22:20:07 openldapserver slapd[972]: conn=1460 op=0 BIND
> dn="cn=admin,cn=config" method=128
> Mar 28 22:20:07 openldapserver slapd[972]: conn=1460 op=0 RESULT
> tag=97 err=49 text=
> Mar 28 22:20:07 openldapserver slapd[972]: conn=1460 op=1 UNBIND
> Mar 28 22:20:07 openldapserver slapd[972]: conn=1460 fd=21 closed

This means that either 'cn=admin,cn=config' does not match your oldRootDN,
or (/and) the password you are providing does not match your oldRootPW. You
may get an idea of which is the case by viewing your config with:

slapcat -n0

See the slapd-config(5) manpage, and 

http://www.openldap.org/doc/admin24/slapdconf2.html

Assuming that you are using using Ubuntu, you may wish to try this instead:

ldapadd -Y external -H ldapi:/// =f ~/sudoWork/cn\=sudo.ldif

--
Dan White