[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: sql-backend
> openldap # ldapadd -D "cn=manager,dc=sql,dc=hosting" -W -f base21.ldif
> Enter LDAP Password:
> adding new entry "dc=sql, dc=hosting"
> ldapadd: update failed: dc=sql, dc=hosting
> ldap_add: Server is unwilling to perform (53)
> additional info: operation not permitted within namingContext
Let me elaborate on this: back-sql returns this error
only when a write operation is attempted and there is
no means to accomplish it according to the configuration
of the meta information in the SQL database related to
ldap operations. The message to the client is purposely
generic, because illustrating the details of the failure
could expose sensible information related to the
configuration of both back-sql and the rdbms. However,
each specific failure is detailed (to some extent) in
slapd's logs. If you grep "LDAP_UNWILLING_TO_PERFORM"
into back-sql sources, you'll see what I mean: you only
hit modify.c:
[ando@here servers/slapd/back-sql]$ grep -l LDAP_UNWILLING_TO_PERFORM *.c
modify.c
and if you look at the context:
[ando@here servers/slapd/back-sql]$ grep -C2 LDAP_UNWILLING_TO_PERFORM *.c
modify.c-
modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
modify.c: rs->sr_err =
LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation not
permitted "
modify.c- "within namingContext";
--
modify.c-
modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING(
bi ) ) {
modify.c: rs->sr_err =
LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation
not permitted "
modify.c- "within
namingContext";
--
modify.c-
modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING(
bi ) ) {
modify.c: rs->sr_err =
LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation
not permitted "
modify.c- "within
namingContext";
--
modify.c-
modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING(
bi ) ) {
modify.c: rs->sr_err =
LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation
not permitted "
modify.c- "within
namingContext";
--
modify.c-
modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING(
bi ) ) {
modify.c: rs->sr_err =
LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation
not permitted "
modify.c- "within
namingContext";
--
modify.c- Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
modify.c- "parent is \"\" - aborting\n", 0, 0, 0 );
modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "not allowed within namingContext";
modify.c- send_ldap_result( op, rs );
--
modify.c- Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
modify.c- "newSuperior is \"\" -
aborting\n", 0, 0, 0 );
modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "not allowed within
namingContext";
modify.c- send_ldap_result( op, rs );
--
modify.c- "cannot determine objectclass of entry --
aborting\n",
modify.c- 0, 0, 0 );
modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation not permitted within
namingContext";
modify.c- send_ldap_result( op, rs );
--
modify.c- "create procedure is not defined for this
objectclass "
modify.c- "- aborting\n", 0, 0, 0 );
modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation not permitted within
namingContext";
modify.c- send_ldap_result( op, rs );
--
modify.c- "create procedure needs select procedure, "
modify.c- "but none is defined - aborting\n", 0, 0,
0 );
modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation not permitted within
namingContext";
modify.c- send_ldap_result( op, rs );
--
modify.c-
modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
modify.c: rs->sr_err =
LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation not
permitted "
modify.c- "within namingContext";
--
modify.c-
modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
modify.c: rs->sr_err =
LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation not
permitted "
modify.c- "within namingContext";
--
modify.c- "cannot determine objectclass of entry --
aborting\n",
modify.c- 0, 0, 0 );
modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation not permitted within
namingContext";
modify.c- send_ldap_result( op, rs );
--
modify.c- "delete procedure is not defined "
modify.c- "for this objectclass - aborting\n", 0, 0,
0 );
modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
modify.c- rs->sr_text = "operation not permitted within
namingContext";
modify.c- send_ldap_result( op, rs );
It can only return if you attempt to write something
there's no rule for. So I strongly suggest you carefully
look at the logs to identify the offending operation,
and then carefully look at the mapping rules for write
operations in the "ldap_oc_mappings" and "ldap_attr_mappings"
tables.
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it