[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: problems with adding new entries to my ldbm



Nir,

the "invalid credentials" error is caused by the way you are trying to bind
(authenticate):
> ldap_bind:invalid credentials
> i am doing: ldapadd -x -D "cn=morissi,dc=macam,dc=ac,dc=il" -w secret -f
> entries.ldif
cn=morissi... is not mentioned anywhere in the slapd.conf as having write
permissions. Your root dn is instead:

> rootdn          "cn=Manager,dc=macam,dc=ac,dc=il"
This is the one who has full control over the database. You'll have to use
this dn whenever you want to change anything in the database (or else you
could add an entry for "morissi" in slapd.conf - but I don't think that's
what you want here)

Now, the reason why you still can't add the new LDIF file is something else:

> If I erase all the ldbm files and start slapd all over again.and
> afterwords I am doing  the command:
> ldapadd -x -D "cn=Manager,dc=macam,dc=ac,dc=il" -w secret -f entries.ldif
> then all the entries are entered including morissi.
Your database is empty and your are using the correct root dn, so it accepts
the LDIF file - so just created the database from scratch.

> But if  I try to add a new entry with a new cn it will tell me that I have
invalid credentials.
As I explained above, only the root dn is defined in your slapd.conf, no one
else has write access.

> If I try to enter the entry with ldapadd and cn=Manager again then it
tells me that my domain is allready exist.
Let's look at your LDIF file for this. At the top we find:
> dn: dc=macam,dc=ac,dc=il
> objectClass: dcObject
> objectClass: organization
> o: bli
> dc: macam
> description: The Macam Corporation

You are trying to enter dn, that already exists in your database (from when
you initially created it, your first "ldapadd...." to the empty database.)
You can not add that same entry again.
But,all you want to do is to add another dn ("Morissi"), so strip your LDIF
file of all the entries that you have already entered previously. Your new
LDIF file could look like this:

dn: cn=morissi,dc=macam,dc=ac,dc=il
cn: morissi
objectClass: top
objectClass: person
objectClass: organizationalPerson
description: bla

Alternatively, you could also look into "ldapmodify", see the HOWTOs for
more information on it.
One little hint I found very useful when I first got started with OpenLDAP:
The syntax for LDIF is VERY picky, be extremely careful not to leave any
extra whitespace anywhere within LDIF files.


Hope this helped,
Thomas

Thomas Klettke
thomask@aesbus.com
Network Administrator
Aesbus Knowledge Solutions
Houston, TX