Hi David,
Your slapd.conf shows that your server (or at least
the "o=cvf" suffix) is a replica from another one (line "updatedn" in
slapd.conf). Unless you have compiled with multimaster enabled, it means that
only the dname specified by the "updatedn" statement can write in your
directory.
Your "updatedn" and "rootdn" are the same dnames,
that's why you can write with the root dname. I reckon the error returned with
another dname is linked to the fact that no "updateref" statement is provided to
support referrals.
The good configuration depends on what you actually
want to do with your ldap server (getting rid of the "updatedn" statement would
probably solve this problem, but the resulting architecture may not be what you
are expecting)
HTH,
Bruno
----- Original Message -----
Sent: Friday, January 03, 2003 5:05
PM
Subject: Weird problem to add a
record
hi
im contacting you because I have a problem I
can t solve.
With the rootdn account I can add my record but with
another account I cant .
here is the information :
openldap-2.0.27 on a linux debian box
here is the log
:
with the "dnsadminprs,ou=ldap,ou=user,o=cvf" account :
Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: read activity
on 9 Jan 3 16:02:38 ns-cache01p slapd[27547]: connection_get(9)
Jan 3 16:02:38 ns-cache01p slapd[27547]: connection_get(9): got
connid=0 Jan 3 16:02:38 ns-cache01p slapd[27547]:
connection_read(9): checking for input on id=0 Jan 3 16:02:38
ns-cache01p slapd[27547]: ber_get_next on fd 9 failed errno=11 (Resource
temporarily unavailable) Jan 3 16:02:38 ns-cache01p slapd[27552]:
do_add Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: select:
listen=6 active_threads=2 tvp=NULL Jan 3 16:02:38 ns-cache01p
slapd[27552]: do_add: ndn (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF)
Jan 3 16:02:38 ns-cache01p slapd[27552]: conn=0 op=2 ADD
dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" Jan 3 16:02:38
ns-cache01p slapd[27552]: dn2entry_r: dn:
"AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" Jan 3 16:02:38
ns-cache01p slapd[27552]: => dn2id(
"AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" ) Jan 3 16:02:38
ns-cache01p slapd[27552]: => ldbm_cache_open( "dn2id.dbb", 73, 600 )
Jan 3 16:02:38 ns-cache01p slapd[27552]: <= ldbm_cache_open
(cache 0) Jan 3 16:02:38 ns-cache01p slapd[27552]: <= dn2id NOID
Jan 3 16:02:38 ns-cache01p slapd[27552]: dn2entry_r: dn:
"OU=PRS,OU=DNS,OU=SITE,O=CVF" Jan 3 16:02:38 ns-cache01p
slapd[27552]: => dn2id( "OU=PRS,OU=DNS,OU=SITE,O=CVF" ) Jan 3
16:02:38 ns-cache01p slapd[27552]: ====>
cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1 tries)
Jan 3 16:02:38 ns-cache01p slapd[27552]: <= dn2id 13 (in cache)
Jan 3 16:02:38 ns-cache01p slapd[27552]: => id2entry_r( 13 )
Jan 3 16:02:38 ns-cache01p slapd[27552]: ====>
cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf" (found) (1 tries)
Jan 3 16:02:38 ns-cache01p slapd[27552]: <= id2entry_r( 13 )
0x80db920 (cache) Jan 3 16:02:38 ns-cache01p slapd[27552]:
ldbm_referrals: op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
matched="ou=prs,ou=dns,ou=site,o=cvf" Jan 3 16:02:38 ns-cache01p
slapd[27552]: ====> cache_return_entry_r( 13 ): returned (0) Jan
3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result: conn=0 op=2 p=2
Jan 3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result: 10::
Jan 3 16:02:38 ns-cache01p slapd[27552]: send_ldap_response: msgid=3
tag=105 err=32 Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon:
activity on 1 descriptors Jan 3 16:02:38 ns-cache01p slapd[27547]:
daemon: activity on: Jan 3 16:02:38 ns-cache01p slapd[27547]:
9r Jan 3 16:02:38 ns-cache01p slapd[27547]:
with rootdn
account :
Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: read
activity on 9 Jan 3 16:06:03 ns-cache01p slapd[27547]:
connection_get(9) Jan 3 16:06:03 ns-cache01p slapd[27547]:
connection_get(9): got connid=1 Jan 3 16:06:03 ns-cache01p
slapd[27547]: connection_read(9): checking for input on id=1 Jan 3
16:06:03 ns-cache01p slapd[27554]: do_add Jan 3 16:06:03 ns-cache01p
slapd[27554]: do_add: ndn (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF)
Jan 3 16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 ADD
dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" Jan 3 16:06:03
ns-cache01p slapd[27554]: dn2entry_r: dn:
"AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" Jan 3 16:06:03
ns-cache01p slapd[27547]: ber_get_next on fd 9 failed errno=11 (Resource
temporarily unavailable) Jan 3 16:06:03 ns-cache01p slapd[27554]:
=> dn2id( "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" ) Jan 3
16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open( "dn2id.dbb", 73, 600
) Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
(cache 0) Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id NOID
Jan 3 16:06:03 ns-cache01p slapd[27554]: dn2entry_r: dn:
"OU=PRS,OU=DNS,OU=SITE,O=CVF" Jan 3 16:06:03 ns-cache01p
slapd[27554]: => dn2id( "OU=PRS,OU=DNS,OU=SITE,O=CVF" ) Jan 3
16:06:03 ns-cache01p slapd[27554]: ====>
cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1 tries)
Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in cache)
Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_r( 13 )
Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf" (found) (1 tries)
Jan 3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_r( 13 )
0x80db920 (cache) Jan 3 16:06:03 ns-cache01p slapd[27554]:
ldbm_referrals: op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
matched="ou=prs,ou=dns,ou=site,o=cvf" Jan 3 16:06:03 ns-cache01p
slapd[27554]: ====> cache_return_entry_r( 13 ): returned (0) Jan
3 16:06:03 ns-cache01p slapd[27554]: ==> ldbm_back_add:
ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf Jan 3 16:06:03 ns-cache01p
slapd[27554]: => dn2id( "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
"dn2id.dbb", 73, 600 ) Jan 3 16:06:03 ns-cache01p slapd[27554]:
<= ldbm_cache_open (cache 0) Jan 3 16:06:03 ns-cache01p
slapd[27554]: <= dn2id NOID Jan 3 16:06:03 ns-cache01p
slapd[27554]: oc_check_required entry
(ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf), objectClass "domainRelatedObject"
Jan 3 16:06:03 ns-cache01p slapd[27554]: oc_check_allowed type
"objectClass" Jan 3 16:06:03 ns-cache01p slapd[27554]:
oc_check_allowed type "associatedDomain" Jan 3 16:06:03 ns-cache01p
slapd[27547]: daemon: select: listen=6 active_threads=1 tvp=NULL Jan
3 16:06:03 ns-cache01p slapd[27554]: dn2entry_w: dn:
"OU=PRS,OU=DNS,OU=SITE,O=CVF" Jan 3 16:06:03 ns-cache01p
slapd[27554]: => dn2id( "OU=PRS,OU=DNS,OU=SITE,O=CVF" ) Jan 3
16:06:03 ns-cache01p slapd[27554]: ====>
cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1 tries)
Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in cache)
Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_w( 13 )
Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf" (found) (1 tries)
Jan 3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_w( 13 )
0x80db920 (cache) Jan 3 16:06:03 ns-cache01p slapd[27554]: =>
access_allowed: write access to "ou=prs,ou=dns,ou=site,o=cvf" "children"
requested Jan 3 16:06:03 ns-cache01p slapd[27554]: <= root access
granted Jan 3 16:06:03 ns-cache01p slapd[27554]: =>
ldbm_cache_open( "nextid.dbb", 73, 600 ) Jan 3 16:06:03 ns-cache01p
slapd[27554]: <= ldbm_cache_open (cache 2) Jan 3 16:06:03
ns-cache01p slapd[27554]: => index_entry_add( 18,
"ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" ) Jan 3 16:06:03
ns-cache01p slapd[27554]: => ldbm_cache_open( "objectClass.dbb", 73, 600 )
Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
(cache 3) Jan 3 16:06:03 ns-cache01p slapd[27554]: =>
key_change(ADD,12) Jan 3 16:06:03 ns-cache01p slapd[27554]: <=
key_change 0 Jan 3 16:06:03 ns-cache01p slapd[27554]: <=
index_entry_add( 18, "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" ) success
Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id_add(
"AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF", 18 ) Jan 3 16:06:03
ns-cache01p slapd[27554]: => ldbm_cache_open( "dn2id.dbb", 73, 600 )
Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
(cache 0) Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id_add 0
Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_add( 18,
"ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" ) Jan 3 16:06:03
ns-cache01p slapd[27554]: => ldbm_cache_open( "id2entry.dbb", 73, 600 )
Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
(cache 1) Jan 3 16:06:03 ns-cache01p slapd[27554]: <=
id2entry_add 0 Jan 3 16:06:03 ns-cache01p slapd[27554]:
send_ldap_result: conn=1 op=2 p=2 Jan 3 16:06:03 ns-cache01p
slapd[27554]: send_ldap_result: 0:: Jan 3 16:06:03 ns-cache01p
slapd[27554]: send_ldap_response: msgid=3 tag=105 err=0 Jan 3
16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 RESULT tag=105 err=0 text=
Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
cache_return_entry_w( 13 ): returned (0) Jan 3 16:06:03 ns-cache01p
slapd[27554]: ====> cache_return_entry_w( 18 ): created (0) Jan 3
16:06:03 ns-cache01p slapd[27547]: daemon: activity on 1 descriptors
Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: activity
on:
Some part of my slapd.conf :
defaultaccess
none
access to attr=userpassword by self
read by anonymous auth by *
none
access to
dn="ou=prs,ou=dns,ou=site,o=cvf"
by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf"
write by
dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
access to
dn="ou=prs,ou=dns,ou=domain,o=cvf"
by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf"
write by
dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
access to
* by
dn="ou=exploitprs,ou=ldap,ou=user,o=cvf"
read
database
ldbm rootdn
"ou=replicator,ou=ldap,ou=user,o=cvf" updatedn
"ou=replicator,ou=ldap,ou=user,o=cvf" suffix
"o=cvf" directory
/usr/local/stow/openldap-2.0.27/var/openldap-ldbm
replica
host=ns-cache01b.int75.cvf:389
binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
bindmethod=simple
credentials=meuh
suffix="ou=prs,ou=dns,ou=site,o=cvf"
suffix="ou=prs,ou=dns,ou=domain,o=cvf"
thanks in advance
|