[Date Prev][Date Next] [Chronological] [Thread] [Top]

Invalid DN

To: openldap-technical@openldap.org
Subject: Invalid DN
From: Justin Brown <justin.brown@fandingo.org>
Date: Thu, 19 Sep 2013 14:35:55 -0500

Hello,

I'm struggling to setup my Hdb database in OpenLDAP. I'm trying to
create the entire directory from ldif files with cn=config.

I have two initialization ldifs. The first one creates all the
cn=config stuff, and also creates my Hdb database. The first file is
too long to completely list here (I included core, cosine, nis, and
inetorgperson schema ldifs.), but I'll put some excerpts here.

dn: cn=config
objectClass: olcGlobal
cn: config
...

dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
...

dn: cn={0}core,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {0}core
...

(There are lots more for the other included schemas. I also have three
custom objectClasses in cn=schema,cn=config, and one custom
attributeType there, too.)

The file finishes with the database configurations.

dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
...

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to *  by * none
olcRootDN: cn=config
olcRootPW: secret
...

dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=appName,dc=app
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=appName,dc=app
olcRootPW: secret
olcAccess: to * by * write by * read
...


This file runs successfully with slapadd:
sudo -u ldap slapadd -l init.ldif -F /etc/openldap/slapd.d -n0

The second file is very simple and just sets up the root objects in my database.

dn: dc=appName,dc=app
objectClass: top
objectClass: dcObject
objectclass: domain
dc: addressbook

dn: dc=directory,dc=appName,dc=app
objectClass: top
objectClass: domain
dc: directory

This also runs successfully with
sudo -u ldap slapadd -l init2.ldif -F /etc/openldap/slapd.d -n1

Now if I use slapcat to view the directory, I see those objects:
sudo slapcat

523b5022 hdb_monitor_db_open: monitoring disabled; configure monitor
database to enable
dn: dc=appName,dc=app
objectClass: top
objectClass: dcObject
objectClass: domain
dc: addressbook
structuralObjectClass: domain
entryUUID: 37f1bd06-b5ad-1032-824f-6ffc71c73dcf
creatorsName: cn=admin,dc=appName,dc=app
createTimestamp: 20130919192708Z
entryCSN: 20130919192708.309183Z#000000#000#000000
modifiersName: cn=admin,dc=appName,dc=app
modifyTimestamp: 20130919192708Z

dn: dc=directory,dc=appName,dc=app
objectClass: top
objectClass: domain
dc: directory
structuralObjectClass: domain
entryUUID: 37f4023c-b5ad-1032-8250-6ffc71c73dcf
creatorsName: cn=admin,dc=appName,dc=app
createTimestamp: 20130919192708Z
entryCSN: 20130919192708.324059Z#000000#000#000000
modifiersName: cn=admin,dc=appName,dc=app
modifyTimestamp: 20130919192708Z

The problem is that I can't locate these objects using the ldap tools
(ldapsearch and python-ldap).

ldapsearch -xb 'dc=addressbook,dc=app'
gives
    result: 34 Invalid DN syntax
    text: invalid DN

If I don't specify a base DN, then I get 32: No such object:
ldapsearch -x '(objectClass=*)'
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectClass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object


Does anyone know why I cannot see my objects through the LDAP
"interface?" My configuration seems entirely consistent with
http://www.openldap.org/doc/admin24/slapdconf2.html.

Thanks,
J

Follow-Ups:
- Re: Invalid DN
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: PFS Ciphers
Next by Date: Re: Invalid DN
Index(es):
- Chronological
- Thread