[Date Prev][Date Next] [Chronological] [Thread] [Top]
re[2]: slapadd: databse doesn't support ..... error

To: <ando@sys-net.it>
Subject: re[2]: slapadd: databse doesn't support ..... error
From: Mike Stockemer <Mike.Stockemer@neotool.com>
Date: Fri, 19 Mar 2004 12:12:53 -0700
Cc: <openldap-software@OpenLDAP.org>
Organization: NeoTool Development
I did try ldapadd after I made this post.  I am getting the error below:

# ldapadd -D "ou=fporgunit,dc=neotool,dc=com" -f base.ldif -W -x
Enter LDAP Password:
adding new entry "dc=neotool,dc=com"
ldap_add: DSA is unwilling to perform
        additional info: operation not permitted within namingContext

ldif_record() = 53

I am trying to get this working with a test database before using our database that is already loaded with information.  
I have viewed the tables and there are no spaces and new line characters in them.  What tables are you referring to?  ldap_oc_mappings, ldap_attr_mappings, ...?

I am very new to ldap so I apologize if I'm asking simple questions. Thanks for your reply.



> You can't use slapadd to load back-sql because this backend
> doesn't provide the backend API hooks for slapadd to work.
> The emssage is straightforward.  Shouldn't you try using
> ldapadd, as suggested in most of the man pages?  Moreover,
> I note that the metinformation in your database appears to be
> definitely screwed: you have plenty of blanks and new lines
> going around.  I'm pretty sure most of the RDBMS will complain
> about this, so you should clean it up before going any further.
> Finally, I note that the add, modify and delete procedure are
> missing from most of your metainformation, so add is likely to
> fail even with ldapadd.  As noted in slapd-sql(5) and in the FAQ

> http://www.openldap.org/faq/data/cache/378.html

> back-sql should not be used as a replacement of any native
> LDAP database, but to publish information already stored in
> a RDBMS in LDAP form.  As such, I don't think your approach
> of loading a RDBMS from scratch via a misconfigured back-sql
> is going to lead to any success.

> p.


> > I am using openldap 2.1.25 with iODBC drivers from Openlink.  I have
> > tested the drivers with odbctest and I can connect and query my batabse
> > which is a MSSQL 2000 database running on a Windows 2000 server.
> > Openldap is running on RedHat 7.2.    I am trying to use slapadd  and I
> > am getting the following error:
> >
> > slapadd -l base.ldif -d 1 -f /usr/local/etc/openldap/slapd.conf
> >
> > slapadd init: initiated tool.
> > ==>backsql_initialize()
> > <==backsql_initialize()
> >>>> dnNormalize: <cn=Subschema>
> > >> dnPrettyNormal: <dc=neotool,dc=com>
> > >> dnPrettyNormal: <ou=contacts,dc=neotool,dc=com>
> > <<< dnPrettyNormal: <ou=contacts,dc=neotool,dc=com>,
> > <ou=contacts,dc=neotool,dc=com> ==>backsql_db_config()
> > <==backsql_db_config(): dbname=GMTest
> > ==>backsql_db_config()
> > <==backsql_db_config(): dbuser=sa
> > ==>backsql_db_config()
> > <==backsql_db_config(): dbpasswd=xxxx
> > ==>backsql_db_config()
> > <==backsql_db_config(): insentry_query=insert into ldap_entries
> > (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from
> > ldap_entries),?,?,?,?) ==>backsql_db_config()
> > <==backsql_db_config(): at_query=SELECT name, sel_expr, from_tbls,
> > join_where, add_proc, delete_proc, param_order, expect_return FROM
> > ldap_attr_mappings WHERE oc_map_id=? ==>backsql_db_config()
> > <==backsql_db_config(): upper_func=upper
> > ==>backsql_db_config()
> > <==backsql_db_config(): concat_pattern="?||?"
> > ==>backsql_db_config()
> > <==backsql_db_config(): has_ldapinfo_dn_ru=no
> > matching_rule_use_init
> >     1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
> > 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (
> > mailPreferenceOption $ supportedLDAPVersion ) )
> > 1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
> > 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
> > mailPreferenceOption $ supportedLDAPVersion ) )
> > 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
> > 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES (
> > janetMailbox $ cNAMERecord $ sOARecord $ nSRecord $ mXRecord $
> > mDRecord $ aRecord $ email $ associatedDomain $ dc $ mail $
> > altServer ) ) 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match):
> > matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME
> > 'caseExactIA5Match' APPLIES ( janetMailbox $ cNAMERecord $ sOARecord
> > $ nSRecord $ mXRecord $ mDRecord $ aRecord $ email $
> > associatedDomain $ dc $ mail $ altServer ) ) 2.5.13.34
> > (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME
> > 'certificateExactMatch' APPLIES ( cACertificate $ userCertificate )
> > ) 2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse:
> > ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES (
> > supportedApplicationContext $ ldapSyntaxes $ matchingRuleUse $
> > objectClasses $ attributeTypes $ matchingRules $ supportedFeatures $
> > supportedExtension $ supportedControl $ structuralObjectClass $
> > objectClass ) ) 2.5.13.29 (integerFirstComponentMatch):
> > matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch'
> > APPLIES ( mailPreferenceOption $ supportedLDAPVersion ) ) 2.5.13.27
> > (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
> > 'generalizedTimeMatch' APPLIES ( modifyTimestamp $ createTimestamp )
> > ) 2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24
> > NAME 'protocolInformationMatch' APPLIES protocolInformation )
> > 2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
> > 'uniqueMemberMatch' APPLIES uniqueMember ) 2.5.13.22
> > (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME
> > 'presentationAddressMatch' APPLIES presentationAddress ) 2.5.13.20
> > (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
> > 'telephoneNumberMatch' APPLIES ( pager $ mobile $ homePhone $
> > telephoneNumber ) ) 2.5.13.17 (octetStringMatch): matchingRuleUse: (
> > 2.5.13.17 NAME 'octetStringMatch' APPLIES userPassword ) 2.5.13.16
> > (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch'
> > APPLIES x500UniqueIdentifier ) 2.5.13.14 (integerMatch):
> > matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES (
> > mailPreferenceOption $ supportedLDAPVersion ) ) 2.5.13.13
> > (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch'
> > APPLIES hasSubordinates ) 2.5.13.11 (caseIgnoreListMatch):
> > matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES (
> > homePostalAddress $ registeredAddress $ postalAddress ) ) 2.5.13.8
> > (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
> > 'numericStringMatch' APPLIES ( internationaliSDNNumber $ x121Address
> > ) ) 2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7
> > NAME 'caseExactSubstringsMatch' APPLIES ( dnQualifier $
> > destinationIndicator $ serialNumber ) ) 2.5.13.6
> > (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
> > 'caseExactOrderingMatch' APPLIES ( dnQualifier $
> > destinationIndicator $ serialNumber ) ) 2.5.13.5 (caseExactMatch):
> > matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES (
> > preferredLanguage $ employeeType $ employeeNumber $ displayName $
> > departmentNumber $ carLicense $ documentPublisher $ buildingName $
> > organizationalStatus $ uniqueIdentifier $ co $ personalTitle $
> > documentLocation $ documentVersion $ documentTitle $
> > documentIdentifier $ host $ userClass $ roomNumber $ drink $ info $
> > textEncodedORAddress $ uid $ labeledURI $ dmdName $ houseIdentifier
> > $ dnQualifier $ generationQualifier $ initials $ givenName $
> > destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $
> > postalCode $ businessCategory $ description $ title $ ou $ o $
> > street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn
> > $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms
> > ) ) 2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3
> > NAME 'caseIgnoreOrderingMatch' APPLIES ( dnQualifier $
> > destinationIndicator $ serialNumber ) ) 2.5.13.2 (caseIgnoreMatch):
> > matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES (
> > preferredLanguage $ employeeType $ employeeNumber $ displayName $
> > departmentNumber $ carLicense $ documentPublisher $ buildingName $
> > organizationalStatus $ uniqueIdentifier $ co $ personalTitle $
> > documentLocation $ documentVersion $ documentTitle $
> > documentIdentifier $ host $ userClass $ roomNumber $ drink $ info $
> > textEncodedORAddress $ uid $ labeledURI $ dmdName $ houseIdentifier
> > $ dnQualifier $ generationQualifier $ initials $ givenName $
> > destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $
> > postalCode $ businessCategory $ description $ title $ ou $ o $
> > street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn
> > $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms
> > ) ) 2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1
> > NAME 'distinguishedNameMatch' APPLIES ( dITRedirect $ associatedName
> > $ secretary $ documentAuthor $ manager $ seeAlso $ roleOccupant $
> > owner $ member $ distinguishedName $ aliasedObjectName $
> > namingContexts $ subschemaSubentry $ modifiersName $ creatorsName )
> > ) 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
> > 'objectIdentifierMatch' APPLIES ( supportedApplicationContext $
> > supportedFeatures $ supportedExtension $ supportedControl $
> > structuralObjectClass $ objectClass ) )
> > slapadd startup: initiated.
> > backend_startup: starting "dc=neotool,dc=com"
> > ==>backsql_db_open(): testing RDBMS connection
> > backsql_db_open(): subtree search SQL condition not specified (use
> > "subtree_cond" directive in slapd.conf) backsql_db_open(): setting
> > 'upper(ldap_entries.dn) LIKE upper('%'||?)' as default
> > backsql_db_open(): setting 'upper(ldap_entries.dn)=upper(?)' as default
> > backsql_db_open(): objectclass mapping SQL statement not specified (use
> > "oc_query" directive in slapd.conf) backsql_db_open(): setting 'SELECT
> > id,name,keytbl,keycol,create_proc,delete_proc,expect_return FROM
> > ldap_oc_mappings' by default backsql_db_open(): entry deletion SQL
> > statement not specified (use "delentry_query" directive in slapd.conf)
> > backsql_db_open(): setting 'DELETE FROM ldap_entries WHERE id=?' by
> > default ==>backsql_get_db_conn()
> > ==>backsql_open_db_conn()
> > backsql_open_db_conn(): connected, adding to tree
> > <==backsql_open_db_conn()
> > backsql_get_db_conn(): first call -- reading schema map
> > ==>load_schema_map()
> > load_schema_map(): at_query 'SELECT name, sel_expr, from_tbls,
> > join_where, add_proc, delete_proc, param_order, expect_return FROM
> > ldap_attr_mappings WHERE oc_map_id=?' load_schema_map(): objectClass
> > 'organizationalUnit': keytbl='fp_orgunit
> >                      ' keycol='id
> >                       ' expect_return: add=0, del=0; attributes:
> > load_schema_map(): autoadding 'objectClass' and 'ref' mappings
> > ********'ou'
> > name='ou',sel_expr='fp_orgunit.name'
> > from='fp_orgunit'join_where='',add_proc=''delete_proc=''
> > sel_expr_u='(null)'
> > load_schema_map(): preconstructed query 'SELECT fp_orgunit.name AS ou
> > FROM fp_orgunit WHERE fp_orgunit
> >              .id
> >      =?' load_schema_map(): objectClass 'inetOrgPerson':
> > keytbl='fp_contacts
> > ' keycol='id
> >  ' expect_return: add=0, del=0; attributes:
> > load_schema_map(): autoadding 'objectClass' and 'ref' mappings
> > ********'cn'
> > name='cn',sel_expr='CONCAT(fp_contacts.FirstName,'',fp_contacts.LastName)'
> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
> > sel_expr_u='(null)'
> > load_schema_map(): preconstructed query 'SELECT
> > CONCAT(fp_contacts.FirstName,'',fp_contacts.LastName) AS cn FROM
> > fp_contacts WHERE fp_contacts
> >          .id
> >  =?' ********'givenName'
> > name='givenName',sel_expr='FirstName'
> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
> > sel_expr_u='(null)'
> > load_schema_map(): preconstructed query 'SELECT FirstName AS givenName
> > FROM fp_contacts WHERE fp_contacts
> >               .id
> >       =?' ********'sn'
> > name='sn',sel_expr='fp_contacts.LastName'
> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
> > sel_expr_u='(null)'
> > load_schema_map(): preconstructed query 'SELECT fp_contacts.LastName AS
> > sn FROM fp_contacts WHERE fp_contacts
> >                  .id
> >          =?' ********'o'
> > name='o',sel_expr='fp_contacts.Company'
> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
> > sel_expr_u='(null)'
> > load_schema_map(): preconstructed query 'SELECT fp_contacts.Company AS o
> > FROM fp_contacts WHERE fp_contacts
> >               .id
> >       =?' ********'mail'
> > name='mail',sel_expr='fp_contacts.EmailAddress'
> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
> > sel_expr_u='(null)'
> > load_schema_map(): preconstructed query 'SELECT fp_contacts.EmailAddress
> > AS mail FROM fp_contacts WHERE fp_contacts
> >                       .id
> >               =?' <==load_schema_map()
> > <==backsql_get_db_conn()
> > ==>backsql_free_db_conn()
> > backsql_free_db_conn(): closing db connection
> > ==>backsql_close_db_conn()
> > <==backsql_close_db_conn()
> > <==backsql_free_db_conn()
> > <==backsql_db_open(): test succeeded, schema map loaded
> > slapadd: database doesn't support necessary operations.
> >
> >
> > Here is my slapd.conf
> > #
> > # See slapd.conf(5) for details on configuration options.
> > # This file should NOT be world readable.
> > #
> > include         /usr/local/etc/openldap/schema/core.schema
> > include         /usr/local/etc/openldap/schema/cosine.schema
> > include         /usr/local/etc/openldap/schema/inetorgperson.schema
> >
> > # Define global ACLs to disable default read access.
> > # Define global ACLs to disable default read access.
> > access to *
> >         by self write
> >         by * read
> > access to * by dn="ou=contacts,dc=neotool,dc=com" write
> > defaultaccess none
> >
> > # Do not enable referrals until AFTER you have a working directory #
> > service AND an understanding of referrals.
> > #referral       ldap://root.openldap.org
> >
> > pidfile         /usr/local/var/slapd.pid
> > argsfile        /usr/local/var/slapd.args
> >
> > #######################################################################
> > # sql database definitions
> > #######################################################################
> >
> > database        sql
> > suffix         "dc=neotool,dc=com"
> > rootdn         "ou=contacts,dc=neotool,dc=com"
> > rootpw          secret
> > dbname          GMTest
> > dbuser          sa
> > dbpasswd        SomeSqlPasswd
> > insentry_query  "insert into ldap_entries
> > (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from
> > ldap_entries),?,?,?,?)" at_query        "SELECT name, sel_expr,
> > from_tbls, join_where, add_proc, delete_proc, param_order, expect_return
> > FROM ldap_attr_mappings WHERE oc_map_id=?" upper_func      "upper"
> > #strcast_func    "text"
> > concat_pattern  "?||?"
> > has_ldapinfo_dn_ru      no
> >
> > lastmod off
> >
> > And here is the base.ldif file that I am trying to use.
> > dn: dc=neotool,dc=com
> > objectClass: top
> > objectClass: dcObject
> > objectClass: organization
> > dc: neotool
> > o: Neotool Development
> > description: All Things HL7
> >
> > dn: ou=contacts,dc=neotool,dc=com
> > objectClass: organizationalUnit
> > description: Branch of footprints users
> >
> > Any help would be greatly appreciated, Thanks,
> > --
> >
> > Mike Stockemer, Support Engineer
> > "NeoTool: All things HL7" -- Software tools, Training, and Consulting.


> -- 
> Pierangelo Masarati
> mailto:pierangelo.masarati@sys-net.it






--

Mike Stockemer, Support Engineer
NeoTool Development, LLC
PO Box 3586
Montrose, CO 81402-3586

mailto:Mike.Stockemer@neotool.com
970/252-0500 x11 (Voice)
866/Neo-Tool x11 (US toll free voice)
970/252-0005 (Fax)

"NeoTool: All things HL7" -- Software tools, Training, and Consulting.
Follow-Ups:
- Re: re[2]: slapadd: databse doesn't support ..... error
  - From: "Pierangelo Masarati" <ando@sys-net.it>
Prev by Date: Re: slapadd: databse doesn't support ..... error
Next by Date: Re: re[2]: slapadd: databse doesn't support ..... error
Index(es):
- Chronological
- Thread