Thanks for the suggestion!
It looks like the root user (me) doesn’t have an LDAP password. I’ve tried resetting the password inside the admin console, and the new password does work for SSH/sudo, this is the only problem I’ve found
example:
me@host:~$ ldapwhoami
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
if i run the same as before with “cn=me”
me@host:~$ ldapadd -x -D "cn=me,dc=yunohost,dc=org" -W -f catchall.txt
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I’ve found some mentions of the password missing from /ect/ldap/slapd.conf , which doesn’t exist. There is a config in /etc/ldap/slapd.d called "cn=config.ldif, but at the top of the file it says:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
…which i can’t use as I don’t have the password 
I’ve also found a potential fix using using a .ldif containing:
dn: uid=me,ou=users,dc=yunohost,dc=org
changetype: modify
replace: userPassword
userPassword: NEWPASSWORD
and then running:
me@host:~$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f me.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "uid=me,ou=users,dc=yunohost,dc=org"
which does seem to execute, but then I still get the same error running the ldapadd when i use the new password of
ldap_bind: Invalid credentials (49)
Any more ideas?