Can't access cn=config through Apache Directory Studio GUI

I am quite familiar with openldap. The dynamic configuration is quite new to me. So I wanted to make life easier and change openldap configuration through Apache Directory Studio GUI.

Openldap is installed on Debian Jessie and Version slapd 2.4.40+dfsg-1+deb8u1 amd64

Tried to follow this way: http://gos.si/blog/installing-openldap-on-debian-squeeze-with-olc

But I can't access it:

ldapsearch -b cn=config -D cn=admin,dc=domain -W
result: 32 No such object

First I thought it has to do with the ACLs and removed everything, but no change.

ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config works

So why does the olcRootDN have no rights? Also in the GUI I don't see the cn=config. Thanks in advance for any help!


So I answer it by myself, got it now, big confusion and misunderstanding of the dynamic configuration. Maybe someone has the same problem:

There is a difference between olcRootDN in dn: olcDatabase={1}mdb,cn=config and dn: olcDatabase={0}config,cn=config

in my case the olcRootDN in olcDatabase={0}config,cn=config was not set at all. So I added it like explained in the link and also olcRootPW.

Now I can access the cn=config in Apache Directory Studio GUI and edit it comfortable. It is good to have two different Passwords to not accidently delete something in cn=config


@Adambean asks how OP did it.

One way to do it is to create an ldif (e.g. config.ldif) file containing:

# uncomment this part, if there is no olcRootDN present
# use replace instead of add, if you want to change the root dn
#dn: olcDatabase={0}config,cn=config
#changetype: modify
#add: olcRootDN
#olcRootDN: cn=admin,cn=config

dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW 
olcRootPW: <secret>

You can generate a secret using:

sudo slappasswd

Then simply copy/paste the {SHAA}blahblahhashvaluegoeshereblah into the olcRootPW: <field> of your ldif file.

And modify it with ldapmodify

sudo ldapmodify -Y EXTERNAL -H ldapi:// -f config.ldif

That should do it.