Did you read
http://www.openldap.org/faq/data/cache/978.html
from your posting, it appears that you set up ldap_attr_mappings but there is no mention of how you filled ldap_oc_mappings and ldap_entries; if you didn't fill them appropriately then you're at a loss. The last two tables are not strictly required, they just add special features like multi-objectClass entries and referrals.
Follow the examples in servers/slapd/back-sql/rdbms_depend/pgsql dir, as suggested in the FAQ (those for mssql might be outdated, because it is not supported since OpenLDAP 2.0).
- make sure you fill ldap_oc_mappings for both 'ou' and 'inetOrgPerson' - make sure you fill ldap_attr_mappings for the attributes that you intend to map from LDAP to SQL (forget about the update queries by now) - make sure you list in ldap_entries all the entries you want to map; there must be a one to one correspondence between the rows of ldap_entries and the LDAP entries that your back-sql will be able to return. As such, if you think you can base the DN of the entries on a general rule, e.g. "cn=<name> <surname>,<suffix>" for persons and "ou=<name>,<suffix>" for organizational units, you can use a view.
p.
Frustrating indeed :-(
It seems like every how-to does something completely different, and they are hard to relate to my project. Our project seems very straightforward. We have an MSSQL database with users information, all the info we need is stored in one table and we only need : First Last Company Phone Email We only need one organizationalUnit When I do an ldapsearch like so ldapsearch -x -b 'dc=neotool,dc=com' 'objectClass=*'
# ldapsearch -x -b 'dc=neotool,dc=com' 'objectClass=*' version: 2
# # filter: objectClass=* # requesting: ALL #
# search result search: 2 result: 0 Success
# numResponses: 1
I've created the 5 ldap_ tables, and following the example found here http://fwww.flatmtn.com/computer/Linux-LDAP.html Since I am using organizationalUnit for a branch I created a table called fporgunit and added one entry, id = 1, name = fpcontacts. I then created a table named fpcontacts and added some entries for test users. In ldap_oc_mappings I added the organizationalUnit entry with keytbl = fporgunit and keycol=id. ALso added inetOrgPerson keytbl=fpcontacts and keycol=1.
In the ldap_attr_mappings table I made the following additions:
id=1
oc_map_id=1
name=ou
sel_expr=fporgunit.name
from_tbls=orgunit
id=2
oc_map_id=2
name=cn
sel_expr=CONCAT(fcontacts.FirstName,'',fpcontacts.LastName)
from_tbls=orgunit
id=3 oc_map_id=2 name=givenName sel_expr=fcontacts.FirstName
id=4 oc_map_id=2 name=sn sel_expr=fcontacts.LastName
id=5 oc_map_id=2 name=o sel_expr=fcontacts.Company
id=6 oc_map_id=2 name=mail sel_expr=fcontacts.EmailAddress
Am I completely in the weeds here? Can anyone point me in the right direction?
Thanks for the help.
from_tbls=orgunit > > I did try ldapadd after I made this post. I am getting the error below:
# ldapadd -D "ou=fporgunit,dc=neotool,dc=com" -f base.ldif -W -x Enter LDAP Password: adding new entry "dc=neotool,dc=com" ldap_add: DSA is unwilling to perform additional info: operation not permitted within namingContext
ldif_record() = 53
This is a very common message; you should show the server logs up to this error to help detecting the reason. It is likely that you tried to do some write operation that is not allowed by your metainfo (e.g. because the add function for that objectclass or for any of its attributes is not defined in your dap_oc_mappings, ldap_attr_mappings tables.
I am trying to get this working with a test database before using our database that is already loaded with information. I have viewed the tables and there are no spaces and new line characters in them. What tables are you referring to? ldap_oc_mappings, ldap_attr_mappings, ...?
In the logs you showed in your previous message, the echoing of the metainfo collected during startup, then the schema to map LDAP to SQL and viceversa is loaded, appeared all screwed up. Maybe it was the mailer's fault, or you did some cut'n'paste?
I am very new to ldap so I apologize if I'm asking simple questions.
No problem, but if you're a newbie I guess you started with a bad beast! back-sql can be really frustrating... I strongly suggest you load the test metainfo via SQL and start querying the server. If this works, you can then try writing.
p.
Thanks for your reply.
You can't use slapadd to load back-sql because this backend doesn't provide the backend API hooks for slapadd to work. The emssage is straightforward. Shouldn't you try using ldapadd, as suggested in most of the man pages? Moreover, I note that the metinformation in your database appears to be definitely screwed: you have plenty of blanks and new lines going around. I'm pretty sure most of the RDBMS will complain about this, so you should clean it up before going any further. Finally, I note that the add, modify and delete procedure are missing from most of your metainformation, so add is likely to fail even with ldapadd. As noted in slapd-sql(5) and in the FAQ
http://www.openldap.org/faq/data/cache/378.html
back-sql should not be used as a replacement of any native LDAP database, but to publish information already stored in a RDBMS in LDAP form. As such, I don't think your approach of loading a RDBMS from scratch via a misconfigured back-sql is going to lead to any success.
p.
I am using openldap 2.1.25 with iODBC drivers from Openlink. I have
tested the drivers with odbctest and I can connect and query my batabse which is a MSSQL 2000 database running on a Windows 2000 server. Openldap is running on RedHat 7.2. I am trying to use slapadd and I am getting the following error:
slapadd -l base.ldif -d 1 -f /usr/local/etc/openldap/slapd.conf
slapadd init: initiated tool. ==>backsql_initialize() <==backsql_initialize()
dnNormalize: <cn=Subschema>
dnPrettyNormal: <dc=neotool,dc=com> dnPrettyNormal: <ou=contacts,dc=neotool,dc=com>
> <ou=contacts,dc=neotool,dc=com> ==>backsql_db_config() <==backsql_db_config(): dbname=GMTest ==>backsql_db_config() <==backsql_db_config(): dbuser=sa ==>backsql_db_config() <==backsql_db_config(): dbpasswd=xxxx ==>backsql_db_config() <==backsql_db_config(): insentry_query=insert into ldap_entries
(id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?) ==>backsql_db_config()
<==backsql_db_config(): at_query=SELECT name, sel_expr, from_tbls,
join_where, add_proc, delete_proc, param_order, expect_return FROM ldap_attr_mappings WHERE oc_map_id=? ==>backsql_db_config()
<==backsql_db_config(): upper_func=upper ==>backsql_db_config() <==backsql_db_config(): concat_pattern="?||?" ==>backsql_db_config() <==backsql_db_config(): has_ldapinfo_dn_ru=no matching_rule_use_init 1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( mailPreferenceOption $ supportedLDAPVersion ) ) 1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
mailPreferenceOption $ supportedLDAPVersion ) ) 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( janetMailbox $ cNAMERecord $ sOARecord $ nSRecord $ mXRecord $ mDRecord $ aRecord $ email $ associatedDomain $ dc $ mail $
altServer ) ) 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( janetMailbox $ cNAMERecord $ sOARecord
$ nSRecord $ mXRecord $ mDRecord $ aRecord $ email $
associatedDomain $ dc $ mail $ altServer ) ) 2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( cACertificate $ userCertificate )
) 2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedApplicationContext $ ldapSyntaxes $ matchingRuleUse $ objectClasses $ attributeTypes $ matchingRules $ supportedFeatures $ supportedExtension $ supportedControl $ structuralObjectClass $ objectClass ) ) 2.5.13.29 (integerFirstComponentMatch):
matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch'
APPLIES ( mailPreferenceOption $ supportedLDAPVersion ) ) 2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( modifyTimestamp $ createTimestamp )
) 2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation )
2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember ) 2.5.13.22
(presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress ) 2.5.13.20
(telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES ( pager $ mobile $ homePhone $ telephoneNumber ) ) 2.5.13.17 (octetStringMatch): matchingRuleUse: (
2.5.13.17 NAME 'octetStringMatch' APPLIES userPassword ) 2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier ) 2.5.13.14 (integerMatch):
matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( mailPreferenceOption $ supportedLDAPVersion ) ) 2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch'
APPLIES hasSubordinates ) 2.5.13.11 (caseIgnoreListMatch):
matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES (
homePostalAddress $ registeredAddress $ postalAddress ) ) 2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( internationaliSDNNumber $ x121Address
) ) 2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( dnQualifier $
destinationIndicator $ serialNumber ) ) 2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber ) ) 2.5.13.5 (caseExactMatch):
matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES (
preferredLanguage $ employeeType $ employeeNumber $ displayName $
departmentNumber $ carLicense $ documentPublisher $ buildingName $ organizationalStatus $ uniqueIdentifier $ co $ personalTitle $ documentLocation $ documentVersion $ documentTitle $
documentIdentifier $ host $ userClass $ roomNumber $ drink $ info $
textEncodedORAddress $ uid $ labeledURI $ dmdName $ houseIdentifier $ dnQualifier $ generationQualifier $ initials $ givenName $
destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $
postalCode $ businessCategory $ description $ title $ ou $ o $ street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms ) ) 2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( dnQualifier $
destinationIndicator $ serialNumber ) ) 2.5.13.2 (caseIgnoreMatch):
matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES (
preferredLanguage $ employeeType $ employeeNumber $ displayName $
departmentNumber $ carLicense $ documentPublisher $ buildingName $ organizationalStatus $ uniqueIdentifier $ co $ personalTitle $ documentLocation $ documentVersion $ documentTitle $
documentIdentifier $ host $ userClass $ roomNumber $ drink $ info $
textEncodedORAddress $ uid $ labeledURI $ dmdName $ houseIdentifier $ dnQualifier $ generationQualifier $ initials $ givenName $
destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $
postalCode $ businessCategory $ description $ title $ ou $ o $ street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms ) ) 2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( dITRedirect $ associatedName $ secretary $ documentAuthor $ manager $ seeAlso $ roleOccupant $ owner $ member $ distinguishedName $ aliasedObjectName $
namingContexts $ subschemaSubentry $ modifiersName $ creatorsName )
) 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedApplicationContext $ supportedFeatures $ supportedExtension $ supportedControl $
structuralObjectClass $ objectClass ) ) slapadd startup: initiated. backend_startup: starting "dc=neotool,dc=com" ==>backsql_db_open(): testing RDBMS connection backsql_db_open(): subtree search SQL condition not specified (use
"subtree_cond" directive in slapd.conf) backsql_db_open(): setting 'upper(ldap_entries.dn) LIKE upper('%'||?)' as default
backsql_db_open(): setting 'upper(ldap_entries.dn)=upper(?)' as
default backsql_db_open(): objectclass mapping SQL statement not specified (use "oc_query" directive in slapd.conf) backsql_db_open(): setting 'SELECT id,name,keytbl,keycol,create_proc,delete_proc,expect_return FROM ldap_oc_mappings' by default backsql_db_open(): entry deletion SQL statement not specified (use "delentry_query" directive in slapd.conf) backsql_db_open(): setting 'DELETE FROM ldap_entries WHERE id=?' by default ==>backsql_get_db_conn()
==>backsql_open_db_conn() backsql_open_db_conn(): connected, adding to tree <==backsql_open_db_conn() backsql_get_db_conn(): first call -- reading schema map ==>load_schema_map() load_schema_map(): at_query 'SELECT name, sel_expr, from_tbls,
join_where, add_proc, delete_proc, param_order, expect_return FROM ldap_attr_mappings WHERE oc_map_id=?' load_schema_map(): objectClass 'organizationalUnit': keytbl='fp_orgunit
' keycol='id ' expect_return: add=0, del=0; attributes: load_schema_map(): autoadding 'objectClass' and 'ref' mappings
********'ou'
name='ou',sel_expr='fp_orgunit.name' from='fp_orgunit'join_where='',add_proc=''delete_proc='' sel_expr_u='(null)' load_schema_map(): preconstructed query 'SELECT fp_orgunit.name AS
ou FROM fp_orgunit WHERE fp_orgunit
.id =?' load_schema_map(): objectClass 'inetOrgPerson': keytbl='fp_contacts ' keycol='id ' expect_return: add=0, del=0; attributes: load_schema_map(): autoadding 'objectClass' and 'ref' mappings
********'cn'
name='cn',sel_expr='CONCAT(fp_contacts.FirstName,'',fp_contacts.LastName)'
from='fp_contacts'join_where='',add_proc=''delete_proc=''
sel_expr_u='(null)' load_schema_map(): preconstructed query 'SELECT CONCAT(fp_contacts.FirstName,'',fp_contacts.LastName) AS cn FROM
fp_contacts WHERE fp_contacts
.id =?' ********'givenName' name='givenName',sel_expr='FirstName' from='fp_contacts'join_where='',add_proc=''delete_proc='' sel_expr_u='(null)' load_schema_map(): preconstructed query 'SELECT FirstName AS
givenName FROM fp_contacts WHERE fp_contacts
.id =?' ********'sn' name='sn',sel_expr='fp_contacts.LastName' from='fp_contacts'join_where='',add_proc=''delete_proc='' sel_expr_u='(null)' load_schema_map(): preconstructed query 'SELECT fp_contacts.LastName
AS sn FROM fp_contacts WHERE fp_contacts
.id =?' ********'o' name='o',sel_expr='fp_contacts.Company' from='fp_contacts'join_where='',add_proc=''delete_proc='' sel_expr_u='(null)' load_schema_map(): preconstructed query 'SELECT fp_contacts.Company
AS o FROM fp_contacts WHERE fp_contacts
.id =?' ********'mail' name='mail',sel_expr='fp_contacts.EmailAddress' from='fp_contacts'join_where='',add_proc=''delete_proc='' sel_expr_u='(null)' load_schema_map(): preconstructed query 'SELECT
fp_contacts.EmailAddress AS mail FROM fp_contacts WHERE fp_contacts
.id =?' <==load_schema_map() <==backsql_get_db_conn() ==>backsql_free_db_conn() backsql_free_db_conn(): closing db connection ==>backsql_close_db_conn() <==backsql_close_db_conn() <==backsql_free_db_conn() <==backsql_db_open(): test succeeded, schema map loaded slapadd: database doesn't support necessary operations.
Here is my slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema
# Define global ACLs to disable default read access. # Define global ACLs to disable default read access. access to * by self write by * read access to * by dn="ou=contacts,dc=neotool,dc=com" write defaultaccess none
# Do not enable referrals until AFTER you have a working directory #
service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/slapd.pid argsfile /usr/local/var/slapd.args
#######################################################################
# sql database definitions
#######################################################################
database sql suffix "dc=neotool,dc=com" rootdn "ou=contacts,dc=neotool,dc=com" rootpw secret dbname GMTest dbuser sa dbpasswd SomeSqlPasswd insentry_query "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from
ldap_entries),?,?,?,?)" at_query "SELECT name, sel_expr, from_tbls, join_where, add_proc, delete_proc, param_order, expect_return FROM ldap_attr_mappings WHERE oc_map_id=?" upper_func "upper" #strcast_func "text"
concat_pattern "?||?" has_ldapinfo_dn_ru no
lastmod off
And here is the base.ldif file that I am trying to use. dn: dc=neotool,dc=com objectClass: top objectClass: dcObject objectClass: organization dc: neotool o: Neotool Development description: All Things HL7
dn: ou=contacts,dc=neotool,dc=com objectClass: organizationalUnit description: Branch of footprints users
Any help would be greatly appreciated, Thanks, --
Mike Stockemer, Support Engineer "NeoTool: All things HL7" -- Software tools, Training, and
Consulting.
-- Pierangelo Masarati mailto:pierangelo.masarati@sys-net.it
--
Mike Stockemer, Support Engineer NeoTool Development, LLC PO Box 3586 Montrose, CO 81402-3586
mailto:Mike.Stockemer@neotool.com 970/252-0500 x11 (Voice) 866/Neo-Tool x11 (US toll free voice) 970/252-0005 (Fax)
"NeoTool: All things HL7" -- Software tools, Training, and Consulting.
-- Pierangelo Masarati mailto:pierangelo.masarati@sys-net.it
--
Mike Stockemer, Support Engineer NeoTool Development, LLC PO Box 3586 Montrose, CO 81402-3586
mailto:Mike.Stockemer@neotool.com 970/252-0500 x11 (Voice) 866/Neo-Tool x11 (US toll free voice) 970/252-0005 (Fax)
"NeoTool: All things HL7" -- Software tools, Training, and Consulting.
-- Dr. Pierangelo Masarati mailto:pierangelo.masarati@sys-net.it LDAP Architect, SysNet s.n.c. http://www.sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497