[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Entry lost in limbo?? [was: Adding an entry with @ in cn]


   Sorry...

   OpenLDAP: 2.1.30
   Berkeley DB: 4.1.25 (I use this as the backend)

Pierangelo Masarati wrote:

You don't report what version of the software you're using, nor what
software it was compiled with, nor what backend type you use.  This does
not help in suggesting explanations/cures.

p.




   This is curious... If I try to create the entry shown below but
instead of example2.com I use another thing, I'm able to create the
entry. I remember having created this entry some time ago, but then I
deleted it. Is there any way this entry may be still floating around, so
I cannot see it if I issue a search, but prevents the creation of the
same entry?

   Best regards
   Jose

Jose Gonzalez Gomez wrote:



  Hi there,

  I'm trying to add the following entry to my LDAP directory:

dn: cn=krbtgt/example.com@example2.com,dc=example,dc=com
cn: krbtgt/example.com@example2.com
krb5KDCFlags: 126
objectClass: top
objectClass: person
objectClass: krb5Principal
objectClass: krb5KDCEntry
krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE2.COM
sn: krbtgt/example.com@example2.com
krb5KeyVersionNumber: 1

  but I always get the following:

SASL/GSSAPI authentication started
SASL username: ldapmaster@EXAMPLE.COM
SASL SSF: 56
SASL installing layers
adding new entry "cn=krbtgt/example.com@example2.com,dc=example,dc=com"
ldapadd: update failed:
cn=krbtgt/example.com@example2.com,dc=example,dc=com
ldap_add: Already exists (68)

  but the entry doesn't exist!!!

  However, I have another entry located at
cn=krbtgt/example.com@example3.com,dc=example,dc=com, so I'm
suspecting that the @ sign has something to do with this problem. Does
LDAP assign some special meaning to the @ sign? Should I scape it in
my ldif file? How?

Best regards
Jose