[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: sql-backend
> Otto and Ando, it appears that if you are using LDAPADD is that your
> openldap server is running with MySQL compatibility... could you help?
My server works ever since; I'm the "official" maintainer,
since the original developer, Dmitry Kovalev, is too busy
for it.
> How did you start your server?
I followed Dmitry's instructions. But, as I told you
many times in the past days, I'm not using mysql, so
I'm not sure it works. Apparently it does, since Otto
could make it work, except for writing.
I'd take this opportunity to suggest Otto to see if
by populating the database via SQL he can at least
read it.
p.
>
>
>
> *********** REPLY SEPARATOR ***********
>
> On 1/15/2004 at 12:12 PM Pierangelo Masarati wrote:
>
>>> openldap # ldapadd -D "cn=manager,dc=sql,dc=hosting" -W -f
>>> base21.ldif Enter LDAP Password:
>>> adding new entry "dc=sql, dc=hosting"
>>> ldapadd: update failed: dc=sql, dc=hosting
>>> ldap_add: Server is unwilling to perform (53)
>>> additional info: operation not permitted within namingContext
>>
>>Let me elaborate on this: back-sql returns this error
>>only when a write operation is attempted and there is
>>no means to accomplish it according to the configuration
>>of the meta information in the SQL database related to
>>ldap operations. The message to the client is purposely
>>generic, because illustrating the details of the failure
>>could expose sensible information related to the
>>configuration of both back-sql and the rdbms. However,
>>each specific failure is detailed (to some extent) in
>>slapd's logs. If you grep "LDAP_UNWILLING_TO_PERFORM"
>>into back-sql sources, you'll see what I mean: you only
>>hit modify.c:
>>
>>[ando@here servers/slapd/back-sql]$ grep -l LDAP_UNWILLING_TO_PERFORM
>> *.c modify.c
>>
>>and if you look at the context:
>>
>>[ando@here servers/slapd/back-sql]$ grep -C2 LDAP_UNWILLING_TO_PERFORM
>> *.c modify.c-
>>modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) )
>> { modify.c: rs->sr_err =
>>LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text = "operation not
>> permitted "
>>modify.c- "within namingContext";
>> --
>>modify.c-
>>modify.c- if (
>> BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
>>modify.c: rs->sr_err =
>>LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text =
>> "operation not permitted "
>>modify.c- "within
>>namingContext";
>>--
>>modify.c-
>>modify.c- if (
>> BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
>>modify.c: rs->sr_err =
>>LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text =
>> "operation not permitted "
>>modify.c- "within
>>namingContext";
>>--
>>modify.c-
>>modify.c- if (
>> BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
>>modify.c: rs->sr_err =
>>LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text =
>> "operation not permitted "
>>modify.c- "within
>>namingContext";
>>--
>>modify.c-
>>modify.c- if (
>> BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
>>modify.c: rs->sr_err =
>>LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text =
>> "operation not permitted "
>>modify.c- "within
>>namingContext";
>>--
>>modify.c- Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
>> modify.c- "parent is \"\" - aborting\n", 0, 0, 0
>> ); modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text = "not allowed within
>> namingContext"; modify.c- send_ldap_result( op, rs );
>>--
>>modify.c- Debug( LDAP_DEBUG_TRACE,
>>"backsql_modrdn(): "
>>modify.c- "newSuperior is \"\" -
>>aborting\n", 0, 0, 0 );
>>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>> modify.c- rs->sr_text = "not allowed within
>> namingContext";
>>modify.c- send_ldap_result( op, rs );
>>--
>>modify.c- "cannot determine objectclass of entry
>> -- aborting\n",
>>modify.c- 0, 0, 0 );
>>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text = "operation not permitted within
>> namingContext";
>>modify.c- send_ldap_result( op, rs );
>>--
>>modify.c- "create procedure is not defined for
>> this objectclass "
>>modify.c- "- aborting\n", 0, 0, 0 );
>>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text = "operation not permitted within
>> namingContext";
>>modify.c- send_ldap_result( op, rs );
>>--
>>modify.c- "create procedure needs select
>> procedure, " modify.c- "but none is defined -
>> aborting\n", 0, 0, 0 );
>>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text = "operation not permitted within
>> namingContext";
>>modify.c- send_ldap_result( op, rs );
>>--
>>modify.c-
>>modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) )
>> { modify.c: rs->sr_err =
>>LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text = "operation not
>> permitted "
>>modify.c- "within namingContext";
>> --
>>modify.c-
>>modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) )
>> { modify.c: rs->sr_err =
>>LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text = "operation not
>> permitted "
>>modify.c- "within namingContext";
>> --
>>modify.c- "cannot determine objectclass of entry
>> -- aborting\n",
>>modify.c- 0, 0, 0 );
>>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text = "operation not permitted within
>> namingContext";
>>modify.c- send_ldap_result( op, rs );
>>--
>>modify.c- "delete procedure is not defined "
>> modify.c- "for this objectclass - aborting\n", 0,
>> 0, 0 );
>>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>>modify.c- rs->sr_text = "operation not permitted within
>> namingContext";
>>modify.c- send_ldap_result( op, rs );
>>
>>It can only return if you attempt to write something
>>there's no rule for. So I strongly suggest you carefully
>>look at the logs to identify the offending operation,
>>and then carefully look at the mapping rules for write
>>operations in the "ldap_oc_mappings" and "ldap_attr_mappings"
>>tables.
>>
>>p.
>>
>>--
>>Pierangelo Masarati
>>mailto:pierangelo.masarati@sys-net.it
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it