Re: Can I configure openldap to ignore naming violation errors?

[Pierangelo Masarati <ando@sys-net.it>]

Sam Cannell wrote:
> I'm trying to create an openldap instance to hold some data I'm
> retrieving from a remote ldap server with ldapsearch.
>
> The server is set up and I can create objects in it, but it's
> refusing to import some of the objects from the ldif I'm getting from
> ldapsearch.
>
> The objects in question are something along the lines of:
>
> # foo, stuff, nz
> dn: o=foo, ou=stuff, c=nz
> objectClass: top
> objectClass: organization
> o: bar
> So the 'o' attribute doesn't match the dn of the object.  Trying to
> import it gives me the following error:
>
> adding new entry "o=foo, ou=stuff, c=nz" ldap_add: Naming violation
> (64) additional info: value of naming attribute 'o' is not present in
> entry
>
> Google shows me a bunch of other people getting the same error, but
> the response seems to invariably be 'fix your data'.  In my case I'm
> not in control of the source data, so ideally I'd like to be able to
> tell slapd to ignore the naming error and import the object anyway.
> Is this possible?

Well, according to rfc4511 Section 4.7, the server now takes care of 
adding distinguished values of naming attributes to the entry, provided 
this results in an entry that complies with schema restrictions (e.g. in 
your case, if "o" were a single-valued attr, adding "foo" would violate 
the schema).  AFAIK, you need to use OpenLDAP 2.4, as OpenLDAP 2.3 does 
not conform to rfc4510-9.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------