[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-sql insert: entry at root denied

To: "Brad Midgley" <bmidgley@xmission.com>
Subject: Re: back-sql insert: entry at root denied
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Tue, 28 Sep 2004 20:33:03 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <4159A108.7010304@xmission.com>
References: <4159A108.7010304@xmission.com>
User-agent: SquirrelMail/1.4.3a-1

Brad,

I really hate to say this, but... it works for me!  This is one of the
enhancements I recently committed to back-sql.  You need to start with an
empty SQL database, and add exactly the entry at the rootDN of the LDAP
database first.  For instance, if you play with the configuration related
to the sql-test000 that comes with HEAD, you need to delete all the
contents of the data-related tables and of tables ldap_entry_objclasses,
ldap_referrals and ldap_entries, leaving ldap_oc_mappings and
ldap_attr_mappings in place (I just noted a small bug: while the database
is still empty, if you search it you get no results but "success" instead
of "no such object"); then you can add

dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
o: Example
dc: example

(the test cheats, in that the value of "dc" is ignored, and the lowercased
value of "o" is used instead; so use exactly this data, don't try to use
different valus for "o").

Of course, you can change the rootDN to "o=Example,c=US" and add

dn: o=Example,c=US
objectClass: organization
o: Example

instead.  I just tried 5 minutes ago.

p.

> Hi
>
> I am trying to take back-sql to the next step and allow inserts. I have
> been able to get by without having the actual suffix dcObject in the
> directory and it looks like the back-sql backend can deal with that.
> However, it fails because this clause in add.c fires:
>
> if ( ( ( !be_isroot( op ) && !be_shadow_update( op ) )
>   || !BER_BVISEMPTY( &pdn ) ) && !is_entry_glue( op->oq_add.rs_e ) )
>
> The log produces "entry at root denied" so BER_BVISEMPTY( &pdn ) returns
> false.
>
> I've tried to give access both by using
> rootdn		"dc=utips_admin,dc=my,dc=uen,dc=org"
> and
> access to dn="dc=my,dc=uen,dc=org"
>          by dn="uid=utips_admin,dc=my,dc=uen,dc=org" write
>
> Using openldap-cvs updated today.
>
> in slapd.conf:
> suffix		"dc=my,dc=uen,dc=org"
>
> new record:
> dn: uid=pbmidgley,dc=my,dc=uen,dc=org
> changetype: add
> objectclass: inetOrgPerson
> uid: pbmidgley
> telephoneNumber: 801-555-5561
> userPassword: passiton
> sn: Midgley
> cn: Brad Midgley
>
> command & output:
> ldapadd -H ldap://iceman.uen.org -D uid=utips_admin,dc=my,dc=uen,dc=org
> -x -W -f mid
> adding new entry "uid=pbmidgley,dc=my,dc=uen,dc=org"
> ldapadd: update failed: uid=pbmidgley,dc=my,dc=uen,dc=org
> ldap_add: No such object (32)
>
> fwiw, more logs and configs are at
> http://www.xmission.com/~bmidgley/openldap2/
>
> Brad
>
>
>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- back-sql insert: entry at root denied
  - From: Brad Midgley <bmidgley@xmission.com>

Prev by Date: Re: back-sql insert: entry at root denied
Next by Date: When uses proxycache or replicas ?
Index(es):
- Chronological
- Thread