[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: re[2]: slapadd: databse doesn't support ..... error
> I did try ldapadd after I made this post. I am getting the error below:
>
> # ldapadd -D "ou=fporgunit,dc=neotool,dc=com" -f base.ldif -W -x
> Enter LDAP Password:
> adding new entry "dc=neotool,dc=com"
> ldap_add: DSA is unwilling to perform
> additional info: operation not permitted within namingContext
>
> ldif_record() = 53
This is a very common message; you should show the server logs up to this
error to help detecting the reason. It is likely that you tried to do
some write operation that is not allowed by your metainfo (e.g. because
the add function for that objectclass or for any of its attributes is not
defined
in your dap_oc_mappings, ldap_attr_mappings tables.
>
> I am trying to get this working with a test database before using our
> database that is already loaded with information. I have viewed the
> tables and there are no spaces and new line characters in them. What
> tables are you referring to? ldap_oc_mappings, ldap_attr_mappings, ...?
In the logs you showed in your previous message,
the echoing of the metainfo collected during startup,
then the schema to map LDAP to SQL and viceversa is
loaded, appeared all screwed up. Maybe it was the
mailer's fault, or you did some cut'n'paste?
>
> I am very new to ldap so I apologize if I'm asking simple questions.
No problem, but if you're a newbie I guess you
started with a bad beast! back-sql can be really
frustrating... I strongly suggest you load the
test metainfo via SQL and start querying the server.
If this works, you can then try writing.
p.
> Thanks for your reply.
>
>
>
>> You can't use slapadd to load back-sql because this backend
>> doesn't provide the backend API hooks for slapadd to work.
>> The emssage is straightforward. Shouldn't you try using
>> ldapadd, as suggested in most of the man pages? Moreover,
>> I note that the metinformation in your database appears to be
>> definitely screwed: you have plenty of blanks and new lines
>> going around. I'm pretty sure most of the RDBMS will complain
>> about this, so you should clean it up before going any further.
>> Finally, I note that the add, modify and delete procedure are
>> missing from most of your metainformation, so add is likely to
>> fail even with ldapadd. As noted in slapd-sql(5) and in the FAQ
>
>> http://www.openldap.org/faq/data/cache/378.html
>
>> back-sql should not be used as a replacement of any native
>> LDAP database, but to publish information already stored in
>> a RDBMS in LDAP form. As such, I don't think your approach
>> of loading a RDBMS from scratch via a misconfigured back-sql
>> is going to lead to any success.
>
>> p.
>
>
>> > I am using openldap 2.1.25 with iODBC drivers from Openlink. I have
>> tested the drivers with odbctest and I can connect and query my
>> batabse which is a MSSQL 2000 database running on a Windows 2000
>> server. Openldap is running on RedHat 7.2. I am trying to use
>> slapadd and I am getting the following error:
>> >
>> > slapadd -l base.ldif -d 1 -f /usr/local/etc/openldap/slapd.conf
>> >
>> > slapadd init: initiated tool.
>> > ==>backsql_initialize()
>> > <==backsql_initialize()
>> >>>> dnNormalize: <cn=Subschema>
>> > >> dnPrettyNormal: <dc=neotool,dc=com>
>> > >> dnPrettyNormal: <ou=contacts,dc=neotool,dc=com>
>> > <<< dnPrettyNormal: <ou=contacts,dc=neotool,dc=com>,
>> > <ou=contacts,dc=neotool,dc=com> ==>backsql_db_config()
>> > <==backsql_db_config(): dbname=GMTest
>> > ==>backsql_db_config()
>> > <==backsql_db_config(): dbuser=sa
>> > ==>backsql_db_config()
>> > <==backsql_db_config(): dbpasswd=xxxx
>> > ==>backsql_db_config()
>> > <==backsql_db_config(): insentry_query=insert into ldap_entries
>> (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from
>> ldap_entries),?,?,?,?) ==>backsql_db_config()
>> > <==backsql_db_config(): at_query=SELECT name, sel_expr, from_tbls,
>> join_where, add_proc, delete_proc, param_order, expect_return FROM
>> ldap_attr_mappings WHERE oc_map_id=? ==>backsql_db_config()
>> > <==backsql_db_config(): upper_func=upper
>> > ==>backsql_db_config()
>> > <==backsql_db_config(): concat_pattern="?||?"
>> > ==>backsql_db_config()
>> > <==backsql_db_config(): has_ldapinfo_dn_ru=no
>> > matching_rule_use_init
>> > 1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
>> > 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (
>> > mailPreferenceOption $ supportedLDAPVersion ) )
>> > 1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
>> 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
>> > mailPreferenceOption $ supportedLDAPVersion ) )
>> > 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
>> 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES (
>> janetMailbox $ cNAMERecord $ sOARecord $ nSRecord $ mXRecord $
>> mDRecord $ aRecord $ email $ associatedDomain $ dc $ mail $
>> > altServer ) ) 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match):
>> > matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME
>> > 'caseExactIA5Match' APPLIES ( janetMailbox $ cNAMERecord $ sOARecord
>> $ nSRecord $ mXRecord $ mDRecord $ aRecord $ email $
>> > associatedDomain $ dc $ mail $ altServer ) ) 2.5.13.34
>> > (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME
>> > 'certificateExactMatch' APPLIES ( cACertificate $ userCertificate )
>> ) 2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse:
>> ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES (
>> supportedApplicationContext $ ldapSyntaxes $ matchingRuleUse $
>> objectClasses $ attributeTypes $ matchingRules $ supportedFeatures $
>> supportedExtension $ supportedControl $ structuralObjectClass $
>> objectClass ) ) 2.5.13.29 (integerFirstComponentMatch):
>> > matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch'
>> APPLIES ( mailPreferenceOption $ supportedLDAPVersion ) ) 2.5.13.27
>> (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
>> > 'generalizedTimeMatch' APPLIES ( modifyTimestamp $ createTimestamp )
>> ) 2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24
>> NAME 'protocolInformationMatch' APPLIES protocolInformation )
>> > 2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
>> 'uniqueMemberMatch' APPLIES uniqueMember ) 2.5.13.22
>> > (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME
>> > 'presentationAddressMatch' APPLIES presentationAddress ) 2.5.13.20
>> (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
>> > 'telephoneNumberMatch' APPLIES ( pager $ mobile $ homePhone $
>> > telephoneNumber ) ) 2.5.13.17 (octetStringMatch): matchingRuleUse: (
>> 2.5.13.17 NAME 'octetStringMatch' APPLIES userPassword ) 2.5.13.16
>> (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch'
>> APPLIES x500UniqueIdentifier ) 2.5.13.14 (integerMatch):
>> > matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES (
>> > mailPreferenceOption $ supportedLDAPVersion ) ) 2.5.13.13
>> > (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch'
>> APPLIES hasSubordinates ) 2.5.13.11 (caseIgnoreListMatch):
>> > matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES (
>> homePostalAddress $ registeredAddress $ postalAddress ) ) 2.5.13.8
>> (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
>> > 'numericStringMatch' APPLIES ( internationaliSDNNumber $ x121Address
>> ) ) 2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7
>> NAME 'caseExactSubstringsMatch' APPLIES ( dnQualifier $
>> > destinationIndicator $ serialNumber ) ) 2.5.13.6
>> > (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
>> > 'caseExactOrderingMatch' APPLIES ( dnQualifier $
>> > destinationIndicator $ serialNumber ) ) 2.5.13.5 (caseExactMatch):
>> matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES (
>> > preferredLanguage $ employeeType $ employeeNumber $ displayName $
>> departmentNumber $ carLicense $ documentPublisher $ buildingName $
>> organizationalStatus $ uniqueIdentifier $ co $ personalTitle $
>> documentLocation $ documentVersion $ documentTitle $
>> > documentIdentifier $ host $ userClass $ roomNumber $ drink $ info $
>> textEncodedORAddress $ uid $ labeledURI $ dmdName $ houseIdentifier
>> $ dnQualifier $ generationQualifier $ initials $ givenName $
>> > destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $
>> postalCode $ businessCategory $ description $ title $ ou $ o $
>> street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn
>> $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms
>> ) ) 2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3
>> NAME 'caseIgnoreOrderingMatch' APPLIES ( dnQualifier $
>> > destinationIndicator $ serialNumber ) ) 2.5.13.2 (caseIgnoreMatch):
>> matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES (
>> > preferredLanguage $ employeeType $ employeeNumber $ displayName $
>> departmentNumber $ carLicense $ documentPublisher $ buildingName $
>> organizationalStatus $ uniqueIdentifier $ co $ personalTitle $
>> documentLocation $ documentVersion $ documentTitle $
>> > documentIdentifier $ host $ userClass $ roomNumber $ drink $ info $
>> textEncodedORAddress $ uid $ labeledURI $ dmdName $ houseIdentifier
>> $ dnQualifier $ generationQualifier $ initials $ givenName $
>> > destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $
>> postalCode $ businessCategory $ description $ title $ ou $ o $
>> street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn
>> $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms
>> ) ) 2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1
>> NAME 'distinguishedNameMatch' APPLIES ( dITRedirect $ associatedName
>> $ secretary $ documentAuthor $ manager $ seeAlso $ roleOccupant $
>> owner $ member $ distinguishedName $ aliasedObjectName $
>> > namingContexts $ subschemaSubentry $ modifiersName $ creatorsName )
>> ) 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
>> 'objectIdentifierMatch' APPLIES ( supportedApplicationContext $
>> supportedFeatures $ supportedExtension $ supportedControl $
>> > structuralObjectClass $ objectClass ) )
>> > slapadd startup: initiated.
>> > backend_startup: starting "dc=neotool,dc=com"
>> > ==>backsql_db_open(): testing RDBMS connection
>> > backsql_db_open(): subtree search SQL condition not specified (use
>> "subtree_cond" directive in slapd.conf) backsql_db_open(): setting
>> 'upper(ldap_entries.dn) LIKE upper('%'||?)' as default
>> > backsql_db_open(): setting 'upper(ldap_entries.dn)=upper(?)' as
>> default backsql_db_open(): objectclass mapping SQL statement not
>> specified (use "oc_query" directive in slapd.conf)
>> backsql_db_open(): setting 'SELECT
>> id,name,keytbl,keycol,create_proc,delete_proc,expect_return FROM
>> ldap_oc_mappings' by default backsql_db_open(): entry deletion SQL
>> statement not specified (use "delentry_query" directive in
>> slapd.conf) backsql_db_open(): setting 'DELETE FROM ldap_entries
>> WHERE id=?' by default ==>backsql_get_db_conn()
>> > ==>backsql_open_db_conn()
>> > backsql_open_db_conn(): connected, adding to tree
>> > <==backsql_open_db_conn()
>> > backsql_get_db_conn(): first call -- reading schema map
>> > ==>load_schema_map()
>> > load_schema_map(): at_query 'SELECT name, sel_expr, from_tbls,
>> join_where, add_proc, delete_proc, param_order, expect_return FROM
>> ldap_attr_mappings WHERE oc_map_id=?' load_schema_map(): objectClass
>> 'organizationalUnit': keytbl='fp_orgunit
>> > ' keycol='id
>> > ' expect_return: add=0, del=0; attributes:
>> > load_schema_map(): autoadding 'objectClass' and 'ref' mappings
>> ********'ou'
>> > name='ou',sel_expr='fp_orgunit.name'
>> > from='fp_orgunit'join_where='',add_proc=''delete_proc=''
>> > sel_expr_u='(null)'
>> > load_schema_map(): preconstructed query 'SELECT fp_orgunit.name AS
>> ou FROM fp_orgunit WHERE fp_orgunit
>> > .id
>> > =?' load_schema_map(): objectClass 'inetOrgPerson':
>> > keytbl='fp_contacts
>> > ' keycol='id
>> > ' expect_return: add=0, del=0; attributes:
>> > load_schema_map(): autoadding 'objectClass' and 'ref' mappings
>> ********'cn'
>> > name='cn',sel_expr='CONCAT(fp_contacts.FirstName,'',fp_contacts.LastName)'
>> from='fp_contacts'join_where='',add_proc=''delete_proc=''
>> > sel_expr_u='(null)'
>> > load_schema_map(): preconstructed query 'SELECT
>> > CONCAT(fp_contacts.FirstName,'',fp_contacts.LastName) AS cn FROM
>> fp_contacts WHERE fp_contacts
>> > .id
>> > =?' ********'givenName'
>> > name='givenName',sel_expr='FirstName'
>> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
>> > sel_expr_u='(null)'
>> > load_schema_map(): preconstructed query 'SELECT FirstName AS
>> givenName FROM fp_contacts WHERE fp_contacts
>> > .id
>> > =?' ********'sn'
>> > name='sn',sel_expr='fp_contacts.LastName'
>> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
>> > sel_expr_u='(null)'
>> > load_schema_map(): preconstructed query 'SELECT fp_contacts.LastName
>> AS sn FROM fp_contacts WHERE fp_contacts
>> > .id
>> > =?' ********'o'
>> > name='o',sel_expr='fp_contacts.Company'
>> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
>> > sel_expr_u='(null)'
>> > load_schema_map(): preconstructed query 'SELECT fp_contacts.Company
>> AS o FROM fp_contacts WHERE fp_contacts
>> > .id
>> > =?' ********'mail'
>> > name='mail',sel_expr='fp_contacts.EmailAddress'
>> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
>> > sel_expr_u='(null)'
>> > load_schema_map(): preconstructed query 'SELECT
>> fp_contacts.EmailAddress AS mail FROM fp_contacts WHERE fp_contacts
>> > .id
>> > =?' <==load_schema_map()
>> > <==backsql_get_db_conn()
>> > ==>backsql_free_db_conn()
>> > backsql_free_db_conn(): closing db connection
>> > ==>backsql_close_db_conn()
>> > <==backsql_close_db_conn()
>> > <==backsql_free_db_conn()
>> > <==backsql_db_open(): test succeeded, schema map loaded
>> > slapadd: database doesn't support necessary operations.
>> >
>> >
>> > Here is my slapd.conf
>> > #
>> > # See slapd.conf(5) for details on configuration options.
>> > # This file should NOT be world readable.
>> > #
>> > include /usr/local/etc/openldap/schema/core.schema
>> > include /usr/local/etc/openldap/schema/cosine.schema
>> > include /usr/local/etc/openldap/schema/inetorgperson.schema
>> >
>> > # Define global ACLs to disable default read access.
>> > # Define global ACLs to disable default read access.
>> > access to *
>> > by self write
>> > by * read
>> > access to * by dn="ou=contacts,dc=neotool,dc=com" write
>> > defaultaccess none
>> >
>> > # Do not enable referrals until AFTER you have a working directory #
>> service AND an understanding of referrals.
>> > #referral ldap://root.openldap.org
>> >
>> > pidfile /usr/local/var/slapd.pid
>> > argsfile /usr/local/var/slapd.args
>> >
>> > #######################################################################
>> # sql database definitions
>> > #######################################################################
>> >
>> > database sql
>> > suffix "dc=neotool,dc=com"
>> > rootdn "ou=contacts,dc=neotool,dc=com"
>> > rootpw secret
>> > dbname GMTest
>> > dbuser sa
>> > dbpasswd SomeSqlPasswd
>> > insentry_query "insert into ldap_entries
>> > (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from
>> ldap_entries),?,?,?,?)" at_query "SELECT name, sel_expr,
>> from_tbls, join_where, add_proc, delete_proc, param_order,
>> expect_return FROM ldap_attr_mappings WHERE oc_map_id=?" upper_func
>> "upper" #strcast_func "text"
>> > concat_pattern "?||?"
>> > has_ldapinfo_dn_ru no
>> >
>> > lastmod off
>> >
>> > And here is the base.ldif file that I am trying to use.
>> > dn: dc=neotool,dc=com
>> > objectClass: top
>> > objectClass: dcObject
>> > objectClass: organization
>> > dc: neotool
>> > o: Neotool Development
>> > description: All Things HL7
>> >
>> > dn: ou=contacts,dc=neotool,dc=com
>> > objectClass: organizationalUnit
>> > description: Branch of footprints users
>> >
>> > Any help would be greatly appreciated, Thanks,
>> > --
>> >
>> > Mike Stockemer, Support Engineer
>> > "NeoTool: All things HL7" -- Software tools, Training, and
>> Consulting.
>
>
>> --
>> Pierangelo Masarati
>> mailto:pierangelo.masarati@sys-net.it
>
>
>
>
>
>
> --
>
> Mike Stockemer, Support Engineer
> NeoTool Development, LLC
> PO Box 3586
> Montrose, CO 81402-3586
>
> mailto:Mike.Stockemer@neotool.com
> 970/252-0500 x11 (Voice)
> 866/Neo-Tool x11 (US toll free voice)
> 970/252-0005 (Fax)
>
> "NeoTool: All things HL7" -- Software tools, Training, and Consulting.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it