1 |
Chris S wrote: |
2 |
> Paul Kölle wrote: |
3 |
> |
4 |
>> please post the ldif containing the entries for you intended base, I'll |
5 |
>> |
6 |
>> give it a shot. |
7 |
>> |
8 |
>> |
9 |
> Hi Paul, |
10 |
> Sorry for the delay.. been super busy. |
11 |
> |
12 |
> As previously mentioned, it's the base that I can't create with 3 dc |
13 |
> levels, however I can get around it by creating base level of two, then |
14 |
> adding the third dc, then switching the base back to 3 levels (although |
15 |
> this doesn't "feel" clean). All the same, here's my configuration. Any |
16 |
> pointers, slaps around the head appreciated. |
17 |
> |
18 |
> openldap 2.2.26 emerged and configured |
19 |
> |
20 |
> searching is successful: |
21 |
> |
22 |
> *code* |
23 |
> dually # ldapsearch -D "cn=Manager,dc=domain,dc=net,dc=au" -W -x |
24 |
> Enter LDAP Password: |
25 |
> # extended LDIF |
26 |
> # |
27 |
> # LDAPv3 |
28 |
> # base <> with scope sub |
29 |
> # filter: (objectclass=*) |
30 |
> # requesting: ALL |
31 |
> # |
32 |
> |
33 |
> # search result |
34 |
> search: 2 |
35 |
> result: 32 No such object |
36 |
> |
37 |
> # numResponses: 1 |
38 |
Again, this is NOT a successful search, there are no results. |
39 |
|
40 |
|
41 |
> */code* |
42 |
> |
43 |
> here is my base.ldif: |
44 |
> |
45 |
> *code* |
46 |
> dn: dc=net,dc=au |
47 |
^^^^^^^^^^^^^^^^^^ |
48 |
|
49 |
> when I try and insert it: |
50 |
> |
51 |
> *code* |
52 |
> dually / # ldapadd -D "cn=Manager,dc=domain,dc=net,dc=au" -W -f |
53 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
54 |
> /tmp/base.ldif -x |
55 |
> Enter LDAP Password: |
56 |
> adding new entry "dc=net,dc=au" |
57 |
> ldap_add: Server is unwilling to perform (53) |
58 |
> additional info: no global superior knowledge |
59 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
60 |
>From your ldapadd line, I assume you have in slapd.conf: |
61 |
|
62 |
database bdb |
63 |
suffix dc=domain,dc=net,dc=au |
64 |
|
65 |
The thing you probably missed: You don't need to and you are not allowed |
66 |
to add entries *below* the "suffix" from slapd.conf as it could be |
67 |
another suffix. If you try to add something like: "dn: dc=net,dc=au" |
68 |
slapd searches for *immediate parents* (here: dc=au) to that entry, |
69 |
either in the directory or for a "suffix" line in slapd.conf (remember, |
70 |
its a tree). If it couldn't find one you get the "no global superior |
71 |
knowledge" error or an "already exists" if the enty is already there. |
72 |
|
73 |
Solution: |
74 |
|
75 |
ldif |
76 |
|
77 |
dn: dc=domain,dc=net,dc=au |
78 |
dc=domain |
79 |
objectClass: top |
80 |
objectClass: dcObject |
81 |
objectClass: domain |
82 |
objectClass: domainRelatedObject |
83 |
associatedDomain: domain.net.au |
84 |
|
85 |
dn: ou=users,dc=domain,dc=net,dc=au |
86 |
ou: users |
87 |
objectClass: top |
88 |
objectClass: organizationalUnit |
89 |
objectClass: domainRelatedObject |
90 |
associatedDomain: domain.net.au |
91 |
|
92 |
end ldif |
93 |
|
94 |
slapd.conf |
95 |
|
96 |
database bdb |
97 |
suffix dc=domain,dc=net,dc=au |
98 |
rootdn cn=manager,dc=domain,dc=net,dc=au |
99 |
rootpw not24get |
100 |
|
101 |
directory /var/lib/openldap-data |
102 |
index objectClass eq |
103 |
|
104 |
end slapd.conf |
105 |
|
106 |
of course this is just the configuration for that backend, you'll need |
107 |
more info in slapd.conf for your server to run properly. |
108 |
|
109 |
|
110 |
cheers |
111 |
Paul |
112 |
|
113 |
|
114 |
|
115 |
-- |
116 |
gentoo-server@g.o mailing list |