[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cannot add entries - Server is unwilling to perform (53)

To: darren@davison.uk.net
Subject: Re: cannot add entries - Server is unwilling to perform (53)
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Thu, 8 Apr 2004 07:50:29 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <200404080136.17620.darren@davison.uk.net>
References: <200404080136.17620.darren@davison.uk.net>

Darren Davison writes:
> Right now I can't insert any entries at all with ldapadd.

Your generated LDIF file is bogus, and does not fit slapd.conf either.
Most likely the application which created it belongs in the waste
basket, though it could be that it's just very configurable but totally
misconfigured.

> dn: cn=Darren Davison,mail=darren@foo.bar.com

This does not fit the statement
  suffix          "dc=foo,dc=bar,dc=com"
in your slapd.conf.  Each of the ","s in these names separates one level
in the directory tree, like '/' in Unix file names but from the end
instead of from the beginning.  This suffix means that your database
accepts entries whose name (dn) ends with that suffix.  So, your
application should be configured to append ",dc=foo,dc=bar,dc=com" to
your entry names:
  "cn=Darren Davison,mail=darren@foo.bar.com,dc=foo,dc=bar,dc=com".

Before you create an entry below that suffix, you must first create its
parent entry.  In this case,
"mail=darren@foo.bar.com,dc=foo,dc=bar,dc=com", and before that
"dc=foo,dc=bar,dc=com" itself.  However, it's unusual to have a separate
entry for your e-mail address, and your own entry below that again.  And
since the application did not create the mail=... entry so that the
cn=... entry could be created later, I expect that it is misconfigured:
It should put just one of cn or mail in the dn, not both.  Otherwise
it is expecting the mail=... entry to exist already.

Anyway, first create the "dc=foo,dc=bar,dc=com" entry.  Something like
this:
   dn: dc=foo,dc=bar,dc=com
   objectClass: organization
   objectClass: dcObject
   dc: foo
   o: <name of your organization>
(Instead of 'organization' with 'o', you might use 'organizationalUnit'
with 'ou', or even 'person' with 'cn' and 'sn'.)
You may add various other attributes as well, check the object class
definitions in core.schema to see which ones.

Then your application can generate
  "cn=Darren Davison,dc=foo,dc=bar,dc=com"
or maybe you'll want to use mail instead of cn as the name of the entry.

But first, fix this:

> givenname: Darren
> sn: Davison
> cn: Darren Davison
> uid: ddavison
> mail: darren@foo.bar.com
> modifytimestamp: 20040407T001612Z
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson

Wrong:

These object classes do not allow the 'uid', 'mail' and 'givenName'
attributes to be added to the entry, so even if you fix the entry name,
the add will fail.  You could configure your application to use the
'inetOrgPerson' object class, which does allow these attributes.
Include inetorgperson.schema after core.schema in slapd.conf to use this
class.

Also, modifyTimestamp is maintained by the server, and can normally not
be added by clients.  Though you could add it if you use slapadd which
works directly on the database files instad of ldapadd which works over
the LDAP protocol.

-- 
Hallvard

Follow-Ups:
- Re: cannot add entries - Server is unwilling to perform (53)
  - From: Darren Davison <darren@davison.uk.net>

References:
- cannot add entries - Server is unwilling to perform (53)
  - From: Darren Davison <darren@davison.uk.net>

Prev by Date: Re: openldap-2.1.27 - slapd not dying
Next by Date: Re: cannot add entries - Server is unwilling to perform (53)
Index(es):
- Chronological
- Thread