[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: sql-backend
Otto and Ando, it appears that if you are using LDAPADD is that your openldap server is running with MySQL compatibility...
could you help? How did you start your server?
*********** REPLY SEPARATOR ***********
On 1/15/2004 at 12:12 PM Pierangelo Masarati wrote:
>> openldap # ldapadd -D "cn=manager,dc=sql,dc=hosting" -W -f base21.ldif
>> Enter LDAP Password:
>> adding new entry "dc=sql, dc=hosting"
>> ldapadd: update failed: dc=sql, dc=hosting
>> ldap_add: Server is unwilling to perform (53)
>> additional info: operation not permitted within namingContext
>
>Let me elaborate on this: back-sql returns this error
>only when a write operation is attempted and there is
>no means to accomplish it according to the configuration
>of the meta information in the SQL database related to
>ldap operations. The message to the client is purposely
>generic, because illustrating the details of the failure
>could expose sensible information related to the
>configuration of both back-sql and the rdbms. However,
>each specific failure is detailed (to some extent) in
>slapd's logs. If you grep "LDAP_UNWILLING_TO_PERFORM"
>into back-sql sources, you'll see what I mean: you only
>hit modify.c:
>
>[ando@here servers/slapd/back-sql]$ grep -l LDAP_UNWILLING_TO_PERFORM *.c
>modify.c
>
>and if you look at the context:
>
>[ando@here servers/slapd/back-sql]$ grep -C2 LDAP_UNWILLING_TO_PERFORM *.c
>modify.c-
>modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
>modify.c: rs->sr_err =
>LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation not
>permitted "
>modify.c- "within namingContext";
>--
>modify.c-
>modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING(
>bi ) ) {
>modify.c: rs->sr_err =
>LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation
>not permitted "
>modify.c- "within
>namingContext";
>--
>modify.c-
>modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING(
>bi ) ) {
>modify.c: rs->sr_err =
>LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation
>not permitted "
>modify.c- "within
>namingContext";
>--
>modify.c-
>modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING(
>bi ) ) {
>modify.c: rs->sr_err =
>LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation
>not permitted "
>modify.c- "within
>namingContext";
>--
>modify.c-
>modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING(
>bi ) ) {
>modify.c: rs->sr_err =
>LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation
>not permitted "
>modify.c- "within
>namingContext";
>--
>modify.c- Debug( LDAP_DEBUG_TRACE, "backsql_modrdn(): "
>modify.c- "parent is \"\" - aborting\n", 0, 0, 0 );
>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "not allowed within namingContext";
>modify.c- send_ldap_result( op, rs );
>--
>modify.c- Debug( LDAP_DEBUG_TRACE,
>"backsql_modrdn(): "
>modify.c- "newSuperior is \"\" -
>aborting\n", 0, 0, 0 );
>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "not allowed within
>namingContext";
>modify.c- send_ldap_result( op, rs );
>--
>modify.c- "cannot determine objectclass of entry --
>aborting\n",
>modify.c- 0, 0, 0 );
>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation not permitted within
>namingContext";
>modify.c- send_ldap_result( op, rs );
>--
>modify.c- "create procedure is not defined for this
>objectclass "
>modify.c- "- aborting\n", 0, 0, 0 );
>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation not permitted within
>namingContext";
>modify.c- send_ldap_result( op, rs );
>--
>modify.c- "create procedure needs select procedure, "
>modify.c- "but none is defined - aborting\n", 0, 0,
>0 );
>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation not permitted within
>namingContext";
>modify.c- send_ldap_result( op, rs );
>--
>modify.c-
>modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
>modify.c: rs->sr_err =
>LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation not
>permitted "
>modify.c- "within namingContext";
>--
>modify.c-
>modify.c- if ( BACKSQL_FAIL_IF_NO_MAPPING( bi ) ) {
>modify.c: rs->sr_err =
>LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation not
>permitted "
>modify.c- "within namingContext";
>--
>modify.c- "cannot determine objectclass of entry --
>aborting\n",
>modify.c- 0, 0, 0 );
>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation not permitted within
>namingContext";
>modify.c- send_ldap_result( op, rs );
>--
>modify.c- "delete procedure is not defined "
>modify.c- "for this objectclass - aborting\n", 0, 0,
>0 );
>modify.c: rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
>modify.c- rs->sr_text = "operation not permitted within
>namingContext";
>modify.c- send_ldap_result( op, rs );
>
>It can only return if you attempt to write something
>there's no rule for. So I strongly suggest you carefully
>look at the logs to identify the offending operation,
>and then carefully look at the mapping rules for write
>operations in the "ldap_oc_mappings" and "ldap_attr_mappings"
>tables.
>
>p.
>
>--
>Pierangelo Masarati
>mailto:pierangelo.masarati@sys-net.it