I don’t see an obvious problem with the above.
It’s possible your ldap.conf
is being overridden, but the command-line options will take precedence, ldapsearch
will ignore BINDDN
in the main ldap.conf
, so the only parameter that could be wrong is the URI. (The order is ETCDIR/ldap.conf
then ~/ldaprc
or ~/.ldaprc
and then ldaprc
in the current directory, though there environment variables which can influence this too, see man ldapconf
.)
Try an explicit URI:
ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base -H ldap://localhost
or prevent defaults with:
LDAPNOINIT=1 ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base
If that doesn’t work, then some troubleshooting (you’ll probably need the full path to the slapd
binary for these):
- make sure your
slapd.conf
is being used and is correct (as root)slapd -T test -f slapd.conf -d 65535
You may have a left-over or defaultslapd.d
configuration directory which takes preference over yourslapd.conf
(unless you specify your config explicitly with-f
,slapd.conf
is officially deprecated in OpenLDAP-2.4). If you don’t get several pages of output then your binaries were built without debug support. - stop OpenLDAP, then manually start
slapd
in a separate terminal/console with debug enabled (as root, ^C to quit)slapd -h ldap://localhost -d 481
then retry the search and see if you can spot the problem (there will be a lot of schema noise in the start of the output unfortunately). (Note: runningslapd
without the-u
/-g
options can change file ownerships which can cause problems, you should usually use those options, probably-u ldap -g ldap
) - if debug is enabled, then try also
ldapsearch -v -d 63 -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base