[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-sql insert: entry at root denied

To: "Brad Midgley" <bmidgley@xmission.com>
Subject: Re: back-sql insert: entry at root denied
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Tue, 28 Sep 2004 20:40:57 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <4159A108.7010304@xmission.com>
References: <4159A108.7010304@xmission.com>
User-agent: SquirrelMail/1.4.3a-1

After reading your link, I realized what the problem is: if you intend to
add (or modrdn) you can't use a view like that, because adds and modrdns
need to write table ldap_entries.  I don't know yet what type of
interaction prevents you from writing; I guess the view is somehow failing
when there's no data to view?  In any case, you definitely need a real
table
to do writes.  In principle, you could work things around by adding a
"parent" to your view, e.g. by UNIONing your view with another that
defines your rootdn, and tweaking the "insentry_query" directive to
actually do nothing instead of trying to add to ldap_entries.  I've never
tried anything like that, though.  If you succeed, please post.  I'll be
creating a subfolder for back-sql hints in the FAQ shortly.

p.

> Hi
>
> I am trying to take back-sql to the next step and allow inserts. I have
> been able to get by without having the actual suffix dcObject in the
> directory and it looks like the back-sql backend can deal with that.
> However, it fails because this clause in add.c fires:
>
> if ( ( ( !be_isroot( op ) && !be_shadow_update( op ) )
>   || !BER_BVISEMPTY( &pdn ) ) && !is_entry_glue( op->oq_add.rs_e ) )
>
> The log produces "entry at root denied" so BER_BVISEMPTY( &pdn ) returns
> false.
>
> I've tried to give access both by using
> rootdn		"dc=utips_admin,dc=my,dc=uen,dc=org"
> and
> access to dn="dc=my,dc=uen,dc=org"
>          by dn="uid=utips_admin,dc=my,dc=uen,dc=org" write
>
> Using openldap-cvs updated today.
>
> in slapd.conf:
> suffix		"dc=my,dc=uen,dc=org"
>
> new record:
> dn: uid=pbmidgley,dc=my,dc=uen,dc=org
> changetype: add
> objectclass: inetOrgPerson
> uid: pbmidgley
> telephoneNumber: 801-555-5561
> userPassword: passiton
> sn: Midgley
> cn: Brad Midgley
>
> command & output:
> ldapadd -H ldap://iceman.uen.org -D uid=utips_admin,dc=my,dc=uen,dc=org
> -x -W -f mid
> adding new entry "uid=pbmidgley,dc=my,dc=uen,dc=org"
> ldapadd: update failed: uid=pbmidgley,dc=my,dc=uen,dc=org
> ldap_add: No such object (32)
>
> fwiw, more logs and configs are at
> http://www.xmission.com/~bmidgley/openldap2/
>
> Brad
>
>
>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- Re: back-sql insert: entry at root denied
  - From: Brad Midgley <bmidgley@xmission.com>

References:
- back-sql insert: entry at root denied
  - From: Brad Midgley <bmidgley@xmission.com>

Prev by Date: back-sql insert: entry at root denied
Next by Date: Re: back-sql insert: entry at root denied
Index(es):
- Chronological
- Thread