Missing schema location in RootDSE, no BaseDn displayed

Question

I am not very fit in LDAP. Could you please take a look on my slapd.ldif file that is used to configure my server? I'll be happy to hear any comments from your site (there might be multiple flows and nonsenses here), but the biggest problem I found so far is that ApacheDirectoryStudio complains on connect Missing schema location in RootDSE, using default schema So I tried to display RootDN with ldapsearch -x ldap -b '' -s base + but I got:

# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: ldap +
#
search result
search: 2
result: 0 Success
numResponses: 1

so basically nothing.

This im my ldif file:

dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /opt/openldap/var/run/slapd.args
olcPidFile: /opt/openldap/var/run/slapd.pid
olcLogLevel: 384
olcLogFile: /opt/openldap/logs/slapd.log
# olcTLSCACertificateFile: /pki/cacerts.pem
# olcTLSCertificateFile: /pki/ldapcert.pem
# olcTLSCertificateKeyFile: /pki/ldapkey.pem
# olcTLSCipherSuite: TLSv1.2:HIGH:!aNULL:!eNULL
# olcTLSProtocolMin: 3.3
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /opt/openldap/libexec/openldap
olcModuleload: back_mdb.la
olcModuleload: pw-sha2.la
include: file:///opt/openldap/etc/openldap/schema/core.ldif
include: file:///opt/openldap/etc/openldap/schema/cosine.ldif
include: file:///opt/openldap/etc/openldap/schema/nis.ldif
include: file:///opt/openldap/etc/openldap/schema/inetorgperson.ldif
include: file:///opt/openldap/etc/openldap/schema/dyngroup.ldif
include: file:///opt/openldap/etc/openldap/schema/ppolicy.ldif
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
olcPasswordHash: {SSHA512}
olcAccess: to dn.base="" by * read, to dn.base="cn=subschema" by * read, to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcRootDN: cn=config
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcSuffix: dc=contoso.dc=com
olcAccess: {0}to attrs=userPassword  by anonymous auth  by self write  by * none
olcAccess: {1}to * by dn.exact="cn=admin,dc=contoso.dc=com" write by     dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by self write by * none
olcDbDirectory: /opt/openldap/data
olcRootDN: cn=admin,dc=contoso.dc=com
olcRootPW:: WhaTever==

In future I want to also extend schema with own attributes. Thanks for any hints!

Answer 1

Many LDAP servers offer details about their configuration and capabilities, which LDAP clients can retrieve through search operations. For instance, clients can obtain the root DSE record to learn about the server's basic features. Additionally, clients can access the server's subschema to discover supported object classes, syntaxes, matching rules, and attributes.

The root DSE (Directory Service Agent-Specific Entry) is a unique entry that provides information about the server itself. Its distinguished name (DN) is represented by an empty string ("").

You could be missing an ACL that enables that a client retrieves the rootDSE information. For instance:

access to dn.base=""
by dn="cn=admin,dc=example,dc=com" write
by dn="cn=guest,dc=example,dc=com" read
by anonymous auth
by * none

It will enable that admin and a specific user (for instance guest) get the server information.