Re: What defines a leaf entry (Errors when using ldapdelete)

["Alex Iliynsky" <starder@rosinter.ru>]

>Platform Linux 2.0.36 with openldap-stable
>
>Hi, Would it work if I don't have an initial LDIF file
>My slapd.conf has
>
>defaultaccess write
>suffix "root=foo"
>
>Now I create a root entry in root.add
>dn: root=foo
>objectclass: top
>
>ldapadd < add0
>adding new entry root=foo
>ldap_add: Insufficient access
>
>However if I setup an initial database via ldif2ldbm -i root.add
>It works

Yes, you MUST have a first entry from where you will build entire tree. OR
you can bind as root -D rootDN -w rootpassword. So - create dn: root=foo
using ldi2lldbm and after that - add all other entries via ldapadd.

>
>Also, I am having this strange error with ldapdelete where it says the
>operation is not allowed on non-leaf nodes. AFAICT, the entry I want to
>delete is a leaf node
[skipped]
>Output received
>ldap_delete: Operation not allowed on nonleaf
>Any ideas where I could have gone wrong


Nothing wrong :) there is documented BUG in ldap :)

here is part of delete_back_ldbm function - check for children

 if ( has_children( be, e ) ) {
  send_ldap_result( conn, op, LDAP_NOT_ALLOWED_ON_NONLEAF, "",
      "" );
  cache_return_entry( &li->li_cache, e );
  return( -1 );

and here is cleanup when entry deleted from base:

/* XXX delete from parent's id2children entry XXX */

 /* delete from dn2id mapping */
 if ( dn2id_delete( be, e->e_dn ) != 0 ) {
  send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, "", "" );
  cache_return_entry( &li->li_cache, e );
  return( -1 );
 }

XXX means unimplemented part of code :) I think always, after deletion of
entry, id2children stay the same - so you always receive positive answer in
has_children() call :(
Will wait for fix from openldap dev team...


P.s. this code from Eudora ldap server for WinNT. but openldap is the same
in this part of code.