[Date Prev][Date Next] [Chronological] [Thread] [Top]

re[4]: slapadd: databse doesn't support ..... error



Frustrating indeed :-(

It seems like every how-to does something completely different, and they are hard to relate to my project.  Our project seems very straightforward.  We have an MSSQL database with users information, all the info we need is stored in one table and we only need :
First
Last
Company
Phone
Email
We only need one organizationalUnit
When I do an ldapsearch like so
ldapsearch -x -b 'dc=neotool,dc=com' 'objectClass=*'

# ldapsearch -x -b 'dc=neotool,dc=com' 'objectClass=*'
version: 2

#
# filter: objectClass=*
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

I've created the 5 ldap_ tables, and following the example found here
http://fwww.flatmtn.com/computer/Linux-LDAP.html
Since I am using organizationalUnit for a branch I created a table called fporgunit and added one entry, id = 1, name = fpcontacts.  I then created a table named fpcontacts and added some entries for test users.  In ldap_oc_mappings I added the organizationalUnit entry with keytbl = fporgunit and keycol=id.  ALso added inetOrgPerson keytbl=fpcontacts and keycol=1.

In the ldap_attr_mappings table I made the following additions:
id=1
oc_map_id=1
name=ou
sel_expr=fporgunit.name
from_tbls=orgunit 

id=2
oc_map_id=2
name=cn
sel_expr=CONCAT(fcontacts.FirstName,'',fpcontacts.LastName)
from_tbls=orgunit  

id=3
oc_map_id=2
name=givenName
sel_expr=fcontacts.FirstName

id=4
oc_map_id=2
name=sn
sel_expr=fcontacts.LastName

id=5
oc_map_id=2
name=o
sel_expr=fcontacts.Company

id=6
oc_map_id=2
name=mail
sel_expr=fcontacts.EmailAddress

Am I completely in the weeds here?  Can anyone point me in the right direction?

Thanks for the help.


from_tbls=orgunit > > I did try ldapadd after I made this post.  I am getting the error below:


> >
> > # ldapadd -D "ou=fporgunit,dc=neotool,dc=com" -f base.ldif -W -x
> > Enter LDAP Password:
> > adding new entry "dc=neotool,dc=com"
> > ldap_add: DSA is unwilling to perform
> >         additional info: operation not permitted within namingContext
> >
> > ldif_record() = 53

> This is a very common message; you should show the server logs up to this
> error to help detecting the reason.  It is likely that you tried to do
> some write operation that is not allowed by your metainfo (e.g. because
> the add function for that objectclass or for any of its attributes is not
> defined
> in your dap_oc_mappings, ldap_attr_mappings tables.

> >
> > I am trying to get this working with a test database before using our
> > database that is already loaded with information.   I have viewed the
> > tables and there are no spaces and new line characters in them.  What
> > tables are you referring to?  ldap_oc_mappings, ldap_attr_mappings, ...?

> In the logs you showed in your previous message,
> the echoing of the metainfo collected during startup,
> then the schema to map LDAP to SQL and viceversa is
> loaded, appeared all screwed up.  Maybe it was the
> mailer's fault, or you did some cut'n'paste?

> >
> > I am very new to ldap so I apologize if I'm asking simple questions.

> No problem, but if you're a newbie I guess you
> started with a bad beast!  back-sql can be really
> frustrating...  I strongly suggest you load the
> test metainfo via SQL and start querying the server.
> If this works, you can then try writing.

> p.

> > Thanks for your reply.
> >
> >
> >
> >> You can't use slapadd to load back-sql because this backend
> >> doesn't provide the backend API hooks for slapadd to work.
> >> The emssage is straightforward.  Shouldn't you try using
> >> ldapadd, as suggested in most of the man pages?  Moreover,
> >> I note that the metinformation in your database appears to be
> >> definitely screwed: you have plenty of blanks and new lines
> >> going around.  I'm pretty sure most of the RDBMS will complain
> >> about this, so you should clean it up before going any further.
> >> Finally, I note that the add, modify and delete procedure are
> >> missing from most of your metainformation, so add is likely to
> >> fail even with ldapadd.  As noted in slapd-sql(5) and in the FAQ
> >
> >> http://www.openldap.org/faq/data/cache/378.html
> >
> >> back-sql should not be used as a replacement of any native
> >> LDAP database, but to publish information already stored in
> >> a RDBMS in LDAP form.  As such, I don't think your approach
> >> of loading a RDBMS from scratch via a misconfigured back-sql
> >> is going to lead to any success.
> >
> >> p.
> >
> >
> >> > I am using openldap 2.1.25 with iODBC drivers from Openlink.  I have
> >> tested the drivers with odbctest and I can connect and query my
> >> batabse which is a MSSQL 2000 database running on a Windows 2000
> >> server. Openldap is running on RedHat 7.2.    I am trying to use
> >> slapadd  and I am getting the following error:
> >> >
> >> > slapadd -l base.ldif -d 1 -f /usr/local/etc/openldap/slapd.conf
> >> >
> >> > slapadd init: initiated tool.
> >> > ==>backsql_initialize()
> >> > <==backsql_initialize()
> >> >>>> dnNormalize: <cn=Subschema>
> >> > >> dnPrettyNormal: <dc=neotool,dc=com>
> >> > >> dnPrettyNormal: <ou=contacts,dc=neotool,dc=com>
> >> >  > <ou=contacts,dc=neotool,dc=com> ==>backsql_db_config()
> >> > <==backsql_db_config(): dbname=GMTest
> >> > ==>backsql_db_config()
> >> > <==backsql_db_config(): dbuser=sa
> >> > ==>backsql_db_config()
> >> > <==backsql_db_config(): dbpasswd=xxxx
> >> > ==>backsql_db_config()
> >> > <==backsql_db_config(): insentry_query=insert into ldap_entries
> >> (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from
> >> ldap_entries),?,?,?,?) ==>backsql_db_config()
> >> > <==backsql_db_config(): at_query=SELECT name, sel_expr, from_tbls,
> >> join_where, add_proc, delete_proc, param_order, expect_return FROM
> >> ldap_attr_mappings WHERE oc_map_id=? ==>backsql_db_config()
> >> > <==backsql_db_config(): upper_func=upper
> >> > ==>backsql_db_config()
> >> > <==backsql_db_config(): concat_pattern="?||?"
> >> > ==>backsql_db_config()
> >> > <==backsql_db_config(): has_ldapinfo_dn_ru=no
> >> > matching_rule_use_init
> >> >     1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
> >> > 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (
> >> > mailPreferenceOption $ supportedLDAPVersion ) )
> >> > 1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
> >> 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
> >> > mailPreferenceOption $ supportedLDAPVersion ) )
> >> > 1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
> >> 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES (
> >> janetMailbox $ cNAMERecord $ sOARecord $ nSRecord $ mXRecord $
> >> mDRecord $ aRecord $ email $ associatedDomain $ dc $ mail $
> >> > altServer ) ) 1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match):
> >> > matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME
> >> > 'caseExactIA5Match' APPLIES ( janetMailbox $ cNAMERecord $ sOARecord
> >> $ nSRecord $ mXRecord $ mDRecord $ aRecord $ email $
> >> > associatedDomain $ dc $ mail $ altServer ) ) 2.5.13.34
> >> > (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME
> >> > 'certificateExactMatch' APPLIES ( cACertificate $ userCertificate )
> >> ) 2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse:
> >> ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES (
> >> supportedApplicationContext $ ldapSyntaxes $ matchingRuleUse $
> >> objectClasses $ attributeTypes $ matchingRules $ supportedFeatures $
> >> supportedExtension $ supportedControl $ structuralObjectClass $
> >> objectClass ) ) 2.5.13.29 (integerFirstComponentMatch):
> >> > matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch'
> >> APPLIES ( mailPreferenceOption $ supportedLDAPVersion ) ) 2.5.13.27
> >> (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
> >> > 'generalizedTimeMatch' APPLIES ( modifyTimestamp $ createTimestamp )
> >> ) 2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24
> >> NAME 'protocolInformationMatch' APPLIES protocolInformation )
> >> > 2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
> >> 'uniqueMemberMatch' APPLIES uniqueMember ) 2.5.13.22
> >> > (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME
> >> > 'presentationAddressMatch' APPLIES presentationAddress ) 2.5.13.20
> >> (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
> >> > 'telephoneNumberMatch' APPLIES ( pager $ mobile $ homePhone $
> >> > telephoneNumber ) ) 2.5.13.17 (octetStringMatch): matchingRuleUse: (
> >> 2.5.13.17 NAME 'octetStringMatch' APPLIES userPassword ) 2.5.13.16
> >> (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch'
> >> APPLIES x500UniqueIdentifier ) 2.5.13.14 (integerMatch):
> >> > matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES (
> >> > mailPreferenceOption $ supportedLDAPVersion ) ) 2.5.13.13
> >> > (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch'
> >> APPLIES hasSubordinates ) 2.5.13.11 (caseIgnoreListMatch):
> >> > matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES (
> >> homePostalAddress $ registeredAddress $ postalAddress ) ) 2.5.13.8
> >> (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
> >> > 'numericStringMatch' APPLIES ( internationaliSDNNumber $ x121Address
> >> ) ) 2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7
> >> NAME 'caseExactSubstringsMatch' APPLIES ( dnQualifier $
> >> > destinationIndicator $ serialNumber ) ) 2.5.13.6
> >> > (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
> >> > 'caseExactOrderingMatch' APPLIES ( dnQualifier $
> >> > destinationIndicator $ serialNumber ) ) 2.5.13.5 (caseExactMatch):
> >> matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES (
> >> > preferredLanguage $ employeeType $ employeeNumber $ displayName $
> >> departmentNumber $ carLicense $ documentPublisher $ buildingName $
> >> organizationalStatus $ uniqueIdentifier $ co $ personalTitle $
> >> documentLocation $ documentVersion $ documentTitle $
> >> > documentIdentifier $ host $ userClass $ roomNumber $ drink $ info $
> >> textEncodedORAddress $ uid $ labeledURI $ dmdName $ houseIdentifier
> >> $ dnQualifier $ generationQualifier $ initials $ givenName $
> >> > destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $
> >> postalCode $ businessCategory $ description $ title $ ou $ o $
> >> street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn
> >> $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms
> >> ) ) 2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3
> >> NAME 'caseIgnoreOrderingMatch' APPLIES ( dnQualifier $
> >> > destinationIndicator $ serialNumber ) ) 2.5.13.2 (caseIgnoreMatch):
> >> matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES (
> >> > preferredLanguage $ employeeType $ employeeNumber $ displayName $
> >> departmentNumber $ carLicense $ documentPublisher $ buildingName $
> >> organizationalStatus $ uniqueIdentifier $ co $ personalTitle $
> >> documentLocation $ documentVersion $ documentTitle $
> >> > documentIdentifier $ host $ userClass $ roomNumber $ drink $ info $
> >> textEncodedORAddress $ uid $ labeledURI $ dmdName $ houseIdentifier
> >> $ dnQualifier $ generationQualifier $ initials $ givenName $
> >> > destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $
> >> postalCode $ businessCategory $ description $ title $ ou $ o $
> >> street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn
> >> $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms
> >> ) ) 2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1
> >> NAME 'distinguishedNameMatch' APPLIES ( dITRedirect $ associatedName
> >> $ secretary $ documentAuthor $ manager $ seeAlso $ roleOccupant $
> >> owner $ member $ distinguishedName $ aliasedObjectName $
> >> > namingContexts $ subschemaSubentry $ modifiersName $ creatorsName )
> >> ) 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
> >> 'objectIdentifierMatch' APPLIES ( supportedApplicationContext $
> >> supportedFeatures $ supportedExtension $ supportedControl $
> >> > structuralObjectClass $ objectClass ) )
> >> > slapadd startup: initiated.
> >> > backend_startup: starting "dc=neotool,dc=com"
> >> > ==>backsql_db_open(): testing RDBMS connection
> >> > backsql_db_open(): subtree search SQL condition not specified (use
> >> "subtree_cond" directive in slapd.conf) backsql_db_open(): setting
> >> 'upper(ldap_entries.dn) LIKE upper('%'||?)' as default
> >> > backsql_db_open(): setting 'upper(ldap_entries.dn)=upper(?)' as
> >> default backsql_db_open(): objectclass mapping SQL statement not
> >> specified (use "oc_query" directive in slapd.conf)
> >> backsql_db_open(): setting 'SELECT
> >> id,name,keytbl,keycol,create_proc,delete_proc,expect_return FROM
> >> ldap_oc_mappings' by default backsql_db_open(): entry deletion SQL
> >> statement not specified (use "delentry_query" directive in
> >> slapd.conf) backsql_db_open(): setting 'DELETE FROM ldap_entries
> >> WHERE id=?' by default ==>backsql_get_db_conn()
> >> > ==>backsql_open_db_conn()
> >> > backsql_open_db_conn(): connected, adding to tree
> >> > <==backsql_open_db_conn()
> >> > backsql_get_db_conn(): first call -- reading schema map
> >> > ==>load_schema_map()
> >> > load_schema_map(): at_query 'SELECT name, sel_expr, from_tbls,
> >> join_where, add_proc, delete_proc, param_order, expect_return FROM
> >> ldap_attr_mappings WHERE oc_map_id=?' load_schema_map(): objectClass
> >> 'organizationalUnit': keytbl='fp_orgunit
> >> >                      ' keycol='id
> >> >                       ' expect_return: add=0, del=0; attributes:
> >> > load_schema_map(): autoadding 'objectClass' and 'ref' mappings
> >> ********'ou'
> >> > name='ou',sel_expr='fp_orgunit.name'
> >> > from='fp_orgunit'join_where='',add_proc=''delete_proc=''
> >> > sel_expr_u='(null)'
> >> > load_schema_map(): preconstructed query 'SELECT fp_orgunit.name AS
> >> ou FROM fp_orgunit WHERE fp_orgunit
> >> >              .id
> >> >      =?' load_schema_map(): objectClass 'inetOrgPerson':
> >> > keytbl='fp_contacts
> >> > ' keycol='id
> >> >  ' expect_return: add=0, del=0; attributes:
> >> > load_schema_map(): autoadding 'objectClass' and 'ref' mappings
> >> ********'cn'
> >> >
> name='cn',sel_expr='CONCAT(fp_contacts.FirstName,'',fp_contacts.LastName)'
> >> from='fp_contacts'join_where='',add_proc=''delete_proc=''
> >> > sel_expr_u='(null)'
> >> > load_schema_map(): preconstructed query 'SELECT
> >> > CONCAT(fp_contacts.FirstName,'',fp_contacts.LastName) AS cn FROM
> >> fp_contacts WHERE fp_contacts
> >> >          .id
> >> >  =?' ********'givenName'
> >> > name='givenName',sel_expr='FirstName'
> >> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
> >> > sel_expr_u='(null)'
> >> > load_schema_map(): preconstructed query 'SELECT FirstName AS
> >> givenName FROM fp_contacts WHERE fp_contacts
> >> >               .id
> >> >       =?' ********'sn'
> >> > name='sn',sel_expr='fp_contacts.LastName'
> >> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
> >> > sel_expr_u='(null)'
> >> > load_schema_map(): preconstructed query 'SELECT fp_contacts.LastName
> >> AS sn FROM fp_contacts WHERE fp_contacts
> >> >                  .id
> >> >          =?' ********'o'
> >> > name='o',sel_expr='fp_contacts.Company'
> >> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
> >> > sel_expr_u='(null)'
> >> > load_schema_map(): preconstructed query 'SELECT fp_contacts.Company
> >> AS o FROM fp_contacts WHERE fp_contacts
> >> >               .id
> >> >       =?' ********'mail'
> >> > name='mail',sel_expr='fp_contacts.EmailAddress'
> >> > from='fp_contacts'join_where='',add_proc=''delete_proc=''
> >> > sel_expr_u='(null)'
> >> > load_schema_map(): preconstructed query 'SELECT
> >> fp_contacts.EmailAddress AS mail FROM fp_contacts WHERE fp_contacts
> >> >                       .id
> >> >               =?' <==load_schema_map()
> >> > <==backsql_get_db_conn()
> >> > ==>backsql_free_db_conn()
> >> > backsql_free_db_conn(): closing db connection
> >> > ==>backsql_close_db_conn()
> >> > <==backsql_close_db_conn()
> >> > <==backsql_free_db_conn()
> >> > <==backsql_db_open(): test succeeded, schema map loaded
> >> > slapadd: database doesn't support necessary operations.
> >> >
> >> >
> >> > Here is my slapd.conf
> >> > #
> >> > # See slapd.conf(5) for details on configuration options.
> >> > # This file should NOT be world readable.
> >> > #
> >> > include         /usr/local/etc/openldap/schema/core.schema
> >> > include         /usr/local/etc/openldap/schema/cosine.schema
> >> > include         /usr/local/etc/openldap/schema/inetorgperson.schema
> >> >
> >> > # Define global ACLs to disable default read access.
> >> > # Define global ACLs to disable default read access.
> >> > access to *
> >> >         by self write
> >> >         by * read
> >> > access to * by dn="ou=contacts,dc=neotool,dc=com" write
> >> > defaultaccess none
> >> >
> >> > # Do not enable referrals until AFTER you have a working directory #
> >> service AND an understanding of referrals.
> >> > #referral       ldap://root.openldap.org
> >> >
> >> > pidfile         /usr/local/var/slapd.pid
> >> > argsfile        /usr/local/var/slapd.args
> >> >
> >> > #######################################################################
> >> # sql database definitions
> >> > #######################################################################
> >> >
> >> > database        sql
> >> > suffix         "dc=neotool,dc=com"
> >> > rootdn         "ou=contacts,dc=neotool,dc=com"
> >> > rootpw          secret
> >> > dbname          GMTest
> >> > dbuser          sa
> >> > dbpasswd        SomeSqlPasswd
> >> > insentry_query  "insert into ldap_entries
> >> > (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from
> >> ldap_entries),?,?,?,?)" at_query        "SELECT name, sel_expr,
> >> from_tbls, join_where, add_proc, delete_proc, param_order,
> >> expect_return FROM ldap_attr_mappings WHERE oc_map_id=?" upper_func
> >>     "upper" #strcast_func    "text"
> >> > concat_pattern  "?||?"
> >> > has_ldapinfo_dn_ru      no
> >> >
> >> > lastmod off
> >> >
> >> > And here is the base.ldif file that I am trying to use.
> >> > dn: dc=neotool,dc=com
> >> > objectClass: top
> >> > objectClass: dcObject
> >> > objectClass: organization
> >> > dc: neotool
> >> > o: Neotool Development
> >> > description: All Things HL7
> >> >
> >> > dn: ou=contacts,dc=neotool,dc=com
> >> > objectClass: organizationalUnit
> >> > description: Branch of footprints users
> >> >
> >> > Any help would be greatly appreciated, Thanks,
> >> > --
> >> >
> >> > Mike Stockemer, Support Engineer
> >> > "NeoTool: All things HL7" -- Software tools, Training, and
> >> Consulting.
> >
> >
> >> --
> >> Pierangelo Masarati
> >> mailto:pierangelo.masarati@sys-net.it
> >
> >
> >
> >
> >
> >
> > --
> >
> > Mike Stockemer, Support Engineer
> > NeoTool Development, LLC
> > PO Box 3586
> > Montrose, CO 81402-3586
> >
> > mailto:Mike.Stockemer@neotool.com
> > 970/252-0500 x11 (Voice)
> > 866/Neo-Tool x11 (US toll free voice)
> > 970/252-0005 (Fax)
> >
> > "NeoTool: All things HL7" -- Software tools, Training, and Consulting.


> -- 
> Pierangelo Masarati
> mailto:pierangelo.masarati@sys-net.it





--

Mike Stockemer, Support Engineer
NeoTool Development, LLC
PO Box 3586
Montrose, CO 81402-3586

mailto:Mike.Stockemer@neotool.com
970/252-0500 x11 (Voice)
866/Neo-Tool x11 (US toll free voice)
970/252-0005 (Fax)

"NeoTool: All things HL7" -- Software tools, Training, and Consulting.