[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unable to add certain entries





--On Tuesday, May 19, 2009 10:09:41 AM -0400 Andrew Zirkel <andrewzirkel@gmail.com> wrote:


On May 19, 2009, at 1:30 AM, Bill MacAllister wrote:



--On Monday, May 18, 2009 09:35:58 PM -0400 Andrew Zirkel
<andrewzirkel@gmail.com
> wrote:

I'm having a growing problem where certain entries won't add and I
get these errors in slapd stats output:

conn=7 op=160 MODRDN
dn="cn=Untitled_1,cn=computer_groups,dc=chetwood,dc=local"
=> bdb_dn2id_add: subtree
(cn=mslib,cn=computer_groups,dc=chetwood,dc=local) put failed:
-30996 conn=7 op=160 RESULT tag=109 err=80 text=DN index add failed
conn=7 op=161 MOD
dn="cn=Untitled_1,cn=computer_groups,dc=chetwood,dc=local"
conn=7 op=161 MOD attr=cn
entry failed schema check: value of naming attribute 'cn' is not
present in entry
conn=7 op=161 RESULT tag=103 err=64 text=value of naming attribute
'cn' is not present in entry
conn=7 op=162 MODRDN
dn="cn=Untitled_1,cn=computer_lists,dc=chetwood,dc=local"
=> bdb_dn2id_add: subtree
(cn=mslib,cn=computer_lists,dc=chetwood,dc=local) put failed: -30996
conn=7 op=162 RESULT tag=109 err=80 text=DN index add failed
conn=7 op=163 MOD
dn="cn=Untitled_1,cn=computer_lists,dc=chetwood,dc=local"
conn=7 op=163 MOD attr=cn
entry failed schema check: value of naming attribute 'cn' is not
present in entry
conn=7 op=163 RESULT tag=103 err=64 text=value of naming attribute
'cn' is not present in entry
conn=7 op=164 SRCH base="cn=computer_groups,dc=chetwood,dc=local"
scope=2 deref=0
filter="(&(objectClass=posixGroup)(objectClass=apple-group)(objectC
la ss=extensibleObject)(|(cn=untitled_1)))"
conn=7 op=164 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=7 op=165 ABANDON msg=165

From this log you would be hard pressed to convince me that you are
actually attemping to add entries to the directory.  I would expect
to see an entry like:

conn=2 op=7 ADD dn="uid=foobar,dc=domain,dc=com"

Seems like the log is pretty clear really.  The application looks to
 be attempting to change the cn attribute on the dn=cn=Untitled_1,
cn=computer_groups, dc=chetwood, dc=local and that entry doesn't
have a cn attribute.

This is slapd 2.3.27, which is included in Apple OSX 10.5.  This
particular entry is for a computer group called mslib, and I'm using
Apple's workgroup manager tool to add it.  Other names will add, it
seems to be entries that were created before but aren't showing up
now.  This is also happening for other object classes, like computer
entires.

slapcat and the other tools I use don't show an existing entry for
mslib or the other names that won't add.  Any advise on where to go
from here would be appreciated.

Seems like this should be a bug report to whoever is maintaining
Apple's workgroup manager application.  We can give you syntax help
for using ldapmodify, ldapadd, and ldapdelete to hack on the Apple
directory but it is unlikely to make workgroup manager any happier
without understanding what policies it is attempting to enforce.

Here's what I get using slapadd, this does work for other group names
(just changing mslib to test for example):

chetwood:~ root# slapadd -v << EOF
 > dn: cn=mslib,cn=computer_lists,dc=chetwood,dc=local
 > objectClass: apple-computer-list
 > objectClass: top
 > structuralObjectClass: apple-computer-list
 > cn: mslib
 > EOF
overlay_config(): warning, overlay "dynid" already in list
overlay_config(): warning, overlay "dynid" already in list
overlay_config(): warning, overlay "dynid" already in list
overlay_config(): warning, overlay "dynid" already in list
overlay_config(): warning, overlay "dynid" already in list
=> bdb_dn2id_add: subtree
(cn=mslib,cn=computer_lists,dc=chetwood,dc=local) put failed: -30996
=> bdb_tool_next_id: dn2id_add failed: DB_KEYEXIST: Key/data pair
already exists (-30996)
=> bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair
already exists (-30996)
slapadd: could not add entry
dn="cn=mslib,cn=computer_lists,dc=chetwood,dc=local" (line=6):
txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)


First, unless you are shutting down the directory server when you run slapadd you should be using ldapadd instead.

Second, the error is pretty clear. The entry is already in the directory. You can confirm this using something like:

 ldapsearch -h hostname -b your-base-dn cn=mslib

Once you convince yourself that the entry already is in the directory then you probably want to use ldapmodify to change it to have the attributes that you think it should have.

Bill


--
Bill MacAllister, System Software Programmer
Unix Systems Group, Stanford University