[Date Prev][Date Next]
Re: cannot add entries - Server is unwilling to perform (53)
Darren Davison writes:
> Right now I can't insert any entries at all with ldapadd.
Your generated LDIF file is bogus, and does not fit slapd.conf either.
Most likely the application which created it belongs in the waste
basket, though it could be that it's just very configurable but totally
> dn: cn=Darren Davison,email@example.com
This does not fit the statement
in your slapd.conf. Each of the ","s in these names separates one level
in the directory tree, like '/' in Unix file names but from the end
instead of from the beginning. This suffix means that your database
accepts entries whose name (dn) ends with that suffix. So, your
application should be configured to append ",dc=foo,dc=bar,dc=com" to
your entry names:
Before you create an entry below that suffix, you must first create its
parent entry. In this case,
"firstname.lastname@example.org,dc=foo,dc=bar,dc=com", and before that
"dc=foo,dc=bar,dc=com" itself. However, it's unusual to have a separate
entry for your e-mail address, and your own entry below that again. And
since the application did not create the mail=... entry so that the
cn=... entry could be created later, I expect that it is misconfigured:
It should put just one of cn or mail in the dn, not both. Otherwise
it is expecting the mail=... entry to exist already.
Anyway, first create the "dc=foo,dc=bar,dc=com" entry. Something like
o: <name of your organization>
(Instead of 'organization' with 'o', you might use 'organizationalUnit'
with 'ou', or even 'person' with 'cn' and 'sn'.)
You may add various other attributes as well, check the object class
definitions in core.schema to see which ones.
Then your application can generate
or maybe you'll want to use mail instead of cn as the name of the entry.
But first, fix this:
> givenname: Darren
> sn: Davison
> cn: Darren Davison
> uid: ddavison
> mail: email@example.com
> modifytimestamp: 20040407T001612Z
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
These object classes do not allow the 'uid', 'mail' and 'givenName'
attributes to be added to the entry, so even if you fix the entry name,
the add will fail. You could configure your application to use the
'inetOrgPerson' object class, which does allow these attributes.
Include inetorgperson.schema after core.schema in slapd.conf to use this
Also, modifyTimestamp is maintained by the server, and can normally not
be added by clients. Though you could add it if you use slapadd which
works directly on the database files instad of ldapadd which works over
the LDAP protocol.