[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-sql insert: entry at root denied


I really hate to say this, but... it works for me!  This is one of the
enhancements I recently committed to back-sql.  You need to start with an
empty SQL database, and add exactly the entry at the rootDN of the LDAP
database first.  For instance, if you play with the configuration related
to the sql-test000 that comes with HEAD, you need to delete all the
contents of the data-related tables and of tables ldap_entry_objclasses,
ldap_referrals and ldap_entries, leaving ldap_oc_mappings and
ldap_attr_mappings in place (I just noted a small bug: while the database
is still empty, if you search it you get no results but "success" instead
of "no such object"); then you can add

dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
o: Example
dc: example

(the test cheats, in that the value of "dc" is ignored, and the lowercased
value of "o" is used instead; so use exactly this data, don't try to use
different valus for "o").

Of course, you can change the rootDN to "o=Example,c=US" and add

dn: o=Example,c=US
objectClass: organization
o: Example

instead.  I just tried 5 minutes ago.


> Hi
> I am trying to take back-sql to the next step and allow inserts. I have
> been able to get by without having the actual suffix dcObject in the
> directory and it looks like the back-sql backend can deal with that.
> However, it fails because this clause in add.c fires:
> if ( ( ( !be_isroot( op ) && !be_shadow_update( op ) )
>   || !BER_BVISEMPTY( &pdn ) ) && !is_entry_glue( op->oq_add.rs_e ) )
> The log produces "entry at root denied" so BER_BVISEMPTY( &pdn ) returns
> false.
> I've tried to give access both by using
> rootdn		"dc=utips_admin,dc=my,dc=uen,dc=org"
> and
> access to dn="dc=my,dc=uen,dc=org"
>          by dn="uid=utips_admin,dc=my,dc=uen,dc=org" write
> Using openldap-cvs updated today.
> in slapd.conf:
> suffix		"dc=my,dc=uen,dc=org"
> new record:
> dn: uid=pbmidgley,dc=my,dc=uen,dc=org
> changetype: add
> objectclass: inetOrgPerson
> uid: pbmidgley
> telephoneNumber: 801-555-5561
> userPassword: passiton
> sn: Midgley
> cn: Brad Midgley
> command & output:
> ldapadd -H ldap://iceman.uen.org -D uid=utips_admin,dc=my,dc=uen,dc=org
> -x -W -f mid
> adding new entry "uid=pbmidgley,dc=my,dc=uen,dc=org"
> ldapadd: update failed: uid=pbmidgley,dc=my,dc=uen,dc=org
> ldap_add: No such object (32)
> fwiw, more logs and configs are at
> http://www.xmission.com/~bmidgley/openldap2/
> Brad

Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497