We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


Problem adding users to openldap with phpldapadmin

Steven Debock
Medium Priority
Last Modified: 2012-05-11

Iv only been working with linux for a few weeks so bare with me ;)
I'm trying to add groups and users to my openldap using phpldapadmin.
I have openldap up and running.
I can surf to phpldapadmin and login with the data i have configured in olcDatabase={1}bdb.ldif
But when i'm logged in it asks me "This base entry does not exist.Create it?" phpldapadminWhen i click "Create it?" nothing happens
 cn=config directory
this is olcDatabase={1}bdb.ldif

dn: olcDatabase={1}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=groep3,dc=project1
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,dc=groep3,dc=project1
olcRootPW: {SSHA}l3o+OIcjM26/ns1mVG21Y1EsujzH9+OO
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: ou pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: bc857dd0-e910-102f-8288-21d3cf423330
creatorsName: cn=config
createTimestamp: 20110322204307Z
entryCSN: 20110322204307.180437Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20110322204307Z

Open in new window

Watch Question


First the name sounded funny but it appears that dc=groep3,dc=project is the valid base entry.  Go ahead and create it.  It should have already been there, unless you changed names or something.  At worst, you will have to delete it, not a big deal.  But looking at your LDIF, it looks valid.

olcSuffix: dc=groep3,dc=project1
nociSoftware Engineer
Distinguished Expert 2019

The login succeeds as that uses a  hardcoded name.
The base it is looking for is an OpenLDAProotDSE class record.

please follow the howto here: http://www.linuxmail.info/openldap-setup-howto/
It should also work for fedora. The howto assumes the machine is in the acme.local domain.
I also take it that you have a DNS setup with a TLD .project1 (in stead of .local)? as you are using the domain construction.
with groep3 as a subdomain in the .project1 domain?

Otherwise it might be wise append your own xxx.yyy domain in the form of ,dc=xxx,dc=yyy to the LDAP names.


I got it working, as i said i'm new to linux and ldap and i just didn't add a base.ldif file

after creating/adding the base.ldif file to ldap i was finally able to add groups.

However iv got a problem when adding users in phpLdapadmin
when entering the details for the user account it asks for a gidnumber
But the list is empty and i cannot fill in anything

how do i get past this ?
nociSoftware Engineer
Distinguished Expert 2019

the gid number is a number from a group list....

Some history,  since earliest unix there was an /etc/group file and an /etc/passwd file.

The group file holds groupname, groupid, possibly a password and a list of members.
The password file holds a username, password, user id, primary group id, some comment (GCOS) info, default directory, default shell.

The primary group id should a a group from the /etc/group file (or list). And it can be any aggreed upon number.
On a unix system they may have a special meaning (see /etc/group file)

if the uid = 0 (and in most cases gid=0 too) then the user is the root (or superuser). Unless you have RBAC / SElinux the uid=0 user can do ANYTHING without any restriction.

So check for a valid number the various /etc/group files. (and try to synchronise them..., be carefull though, if a group xyz has a gid of 10 on one system and 11 on another they may give access to the wrong group).
You can insert a group table in ldap too, seen /etc/ldap.conf for the details about that.
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview


still some fine tuning needed
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.