How to change LDAP Root DSE

Hi all,

I installed a local LDAP. The hostname and FQDN of the server is ok, but LDAP generates its root DSE based on dc=directory,dc=nh

$ cat /etc/sssd/sssd.conf
domains =
config_file_version = 2
services = nss, pam
default_domain_suffix =

use_fully_qualified_names = True
id_provider = ldap
ldap_uri = ldap://
ldap_search_base = dc=directory,dc=nh
ldap_user_search_base = ou=People,dc=directory,dc=nh
ldap_group_search_base = ou=Groups,dc=directory,dc=nh
ldap_tls_reqcert = never
cache_credentials = True
default_shell = /usr/libexec/openssh/sftp-server

As you can see the domain is OK, but the LDAP base is not. How can I change that?
Thanks a lot

Hi @jschmidt,

is the expected behavior for local LDAP accounts provider. Could you explain why do you want to change it? What’s wrong with it?

I would like a representation of my company on LDAP’s side. A great start would be to use the same domain, which the server’s FQDN is based on. Another step further would be a custom root DSE. directory.nh does not represent my company.

You’re lucky, an rwm overlay is already configured!

If your domain is the following base is available


Just ignore the default one and bind to the overlay.