OpenLDAP password

Hi all,

I am importing users from a SME-9.2 server. They are now all in ldif format in a file users.ldif.

The users in the ldif fille all look OK but when I want to incorporate them in LDAP using:

# ldapadd -x -W -D “cn=ldapadm,dc=toto,dc=com” -f users.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

I tried all passwords that I used in NethServer-7.6.810 to no avail. It always return “Invalid credentials (49)”

How can I get this LDAP Password?

Any help appreciated,


libuser is allowed to write to ldap, the password is stored in /var/lib/nethserver/secrets/libuser.

ldapadd -x -D "cn=libuser,dc=directory,dc=nh" -w `cat /var/lib/nethserver/secrets/libuser` -f users.ldif`

1 Like

Hi Markus,

Thank you very much for your fast response.

I tried your command without the backquote at the end and the output is:

# ldapadd -x -D “cn=libuser,dc=directory,dc=nh” -w cat /var/lib/nethserver/secrets/libuser -f users.ldif

adding new entry “uid=root,ou=People,dc=toto,dc=com”
ldap_add: Insufficient access (50)
additional info: no write access to parent

cat /var/lib/nethserver/secrets/libuser
Gives something like “123456789012345_” and looks OK

I tried with user: admin but it cannot read /var/lib/nethserver/secrets/libuser as it belongs to root with 600 permission.

I googled both:
ldap_add: Insufficient access (50)
additional info: no write access to parent

I will try again tomorrow.

I never worked with LDAP and I am a little bit confused…

Thank you again for your precious time,


It should work as root user:

ldapadd -Y EXTERNAL -f test.ldif

Hi Markus,

You’re the greatest, it works!

I need to check the conversion of users to ldif file because it looks like I converted the users from passwd file incorrectly. I will work on that today and let you know because it will be a good way to migrate users from SME.

Thanks you very much,


1 Like

Hi Markus,

I don’t think that I’m on the right track. It created the home dir at the same place as SME does and the groups are not imported.


Did you see the docs about migrating from SME?

Maybe it’s easier to put the users in a TSV file and import them:

You may try to change the homeDirectory LDAP field to /var/lib/nethserver/home/USER.
There are different way to handle group memberships in LDAP.
To compare, here is a default NS7 user and group ldif file (you can get them with ldapsearch):

user ldif:

# standarduser, People, directory.nh
dn: uid=standarduser,ou=People,dc=directory,dc=nh
uidNumber: 1002
gidNumber: 1001
uid: standarduser
shadowMax: 99999
shadowWarning: 7
shadowMin: 0
loginShell: /usr/libexec/openssh/sftp-server
homeDirectory: /var/lib/nethserver/home/standarduser
shadowInactive: -1
shadowExpire: -1
gecos: Standard User
shadowLastChange: 17924
shadowFlag: -1
cn: Standard User
sn: standarduser
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
mail: standarduser@domain.local

groups ldif:

# standardgroup, Groups, directory.nh
dn: cn=standardgroup,ou=Groups,dc=directory,dc=nh
gidNumber: 1003
cn: standardgroup
objectClass: posixGroup
memberUid: standarduser

You may also use phpldapadmin to browse through LDAP and check fields.

Hi again Markus,

I looked at the migration page but my SME server is from around 2006, always updated to 9.2. It is packed with old junk and I want a fresh NethServer.

I used the migration page to migrate all emails and it worked perfectly.

After I finish looking at NS, I will migrate only all my WordPress webs with WordPress Duplicator extension which is working correctly. Also, I want to switch from MySQL to MariaDB…

I have only a few users but I am writing a howto about NS for my “grandmother” and other people who might have a lot of users and I am looking for an easy way to migrate only them.

Thank you again for your good advices,