Learning LDAP with OpenLDAP - where is the cn=admin in dc=example,dc=org?

I am trying to learn LDAP with OpenLDAP, using osixia's docker image. I've started the image, and am able to connect to it using cli or Apache directory studio or phpldapadmin. However, I'm very confused.

When authenticating, my bind id is cn=admin in dc=example,dc=org and password is admin. I've checked, other passwords don't match. But I don't see any admin in the tree! and searching for cn=admin in dc=example,dc=org gives no result.

How can this be possible? Where is the admin password actually stored?...

Like, when I log into Apache Directory using uid=admin,ou=system, I see the uid=admin in ou=system and can change its password. But here its not present, even though I can use it to log in?

The initial OpenLDAP admin account is defined as a rootDN in your OpenLDAP server's configuration, which makes it somewhat special – aside from always having root (superuser) privileges, the rootDN is not required to exist as a real entry in the database at all, in which case its password hash will be stored in rootPW in the same DB configuration entry. (Indeed that's how you would create the initial database entries, as it starts off completely empty – unless you use 'slapadd' to directly update the DB files.)

If your server uses LDAP-based configuration, each database's rootDN and its password will be defined within the corresponding olcDatabase entries under cn=config. For file-based configuration, they are defined in slapd.conf.

(Note that cn=config is a separate partition and may have a different rootDN configured; or it may be pre-configured with an ACL that only allows UID-based ldapsearch -Y EXTERNAL, much like MySQL works these days.)