Re: Entry lost in limbo?? [was: Adding an entry with @ in cn]

[Jose Gonzalez Gomez <jgonzalez@opentechnet.com>]

   I finally gave up. I stopped slapd, slapcat'ed the database to a 
ldiff file, removed the database, and then recreated it with slapadd and 
restarted slapd. I could add the entry without any problem... I have a 
copy of the (corrupted?) database in case any bug hunter out there wants 
to take a look at it.

   Thanks to everybody for your help, best regards
   Jose

Jose Gonzalez Gomez wrote:

>    For those incredulous out there I include real content of 
> cross-realm.ldif, and commands issued... I really don't know what's 
> going on here, so any help would be much appreciated...
>
> commserver ldap # cat cross-realm.ldif
> dn: cn=krbtgt/openinput.com@baixador.com,dc=openinput,dc=com
> cn: krbtgt/openinput.com@baixador.com
> krb5KDCFlags: 126
> objectClass: top
> objectClass: person
> objectClass: krb5Principal
> objectClass: krb5KDCEntry
> krb5PrincipalName: krbtgt/OPENINPUT.COM@BAIXADOR.COM
> sn: krbtgt/openinput.com@baixador.com
> krb5KeyVersionNumber: 1
>
> commserver ldap # ldapadd -f cross-realm.ldif
> SASL/GSSAPI authentication started
> SASL username: ldapmaster@OPENINPUT.COM
> SASL SSF: 56
> SASL installing layers
> adding new entry 
> "cn=krbtgt/openinput.com@baixador.com,dc=openinput,dc=com"
> ldapadd: update failed: 
> cn=krbtgt/openinput.com@baixador.com,dc=openinput,dc=com
> ldap_add: Already exists (68)
>
> commserver ldap # ldapdelete 
> "cn=krbtgt/openinput.com@baixador.com,dc=openinput,dc=com"
> SASL/GSSAPI authentication started
> SASL username: ldapmaster@OPENINPUT.COM
> SASL SSF: 56
> SASL installing layers
> Delete Result: No such object (32)
>
>    Best regards
>    Jose
>
> Jose Gonzalez Gomez wrote:
>
> >    This is curious... If I try to create the entry shown below but 
> > instead of example2.com I use another thing, I'm able to create the 
> > entry. I remember having created this entry some time ago, but then I 
> > deleted it. Is there any way this entry may be still floating around, 
> > so I cannot see it if I issue a search, but prevents the creation of 
> > the same entry?
> >
> >    Best regards
> >    Jose
> >
> > Jose Gonzalez Gomez wrote:
> >
> > >    Hi there,
> > >
> > >    I'm trying to add the following entry to my LDAP directory:
> > >
> > > dn: cn=krbtgt/example.com@example2.com,dc=example,dc=com
> > > cn: krbtgt/example.com@example2.com
> > > krb5KDCFlags: 126
> > > objectClass: top
> > > objectClass: person
> > > objectClass: krb5Principal
> > > objectClass: krb5KDCEntry
> > > krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE2.COM
> > > sn: krbtgt/example.com@example2.com
> > > krb5KeyVersionNumber: 1
> > >
> > >    but I always get the following:
> > >
> > > SASL/GSSAPI authentication started
> > > SASL username: ldapmaster@EXAMPLE.COM
> > > SASL SSF: 56
> > > SASL installing layers
> > > adding new entry "cn=krbtgt/example.com@example2.com,dc=example,dc=com"
> > > ldapadd: update failed: 
> > > cn=krbtgt/example.com@example2.com,dc=example,dc=com
> > > ldap_add: Already exists (68)
> > >
> > >    but the entry doesn't exist!!!
> > >
> > >    However, I have another entry located at 
> > > cn=krbtgt/example.com@example3.com,dc=example,dc=com, so I'm 
> > > suspecting that the @ sign has something to do with this problem. 
> > > Does LDAP assign some special meaning to the @ sign? Should I scape 
> > > it in my ldif file? How?
> > >
> > >    Best regards
> > >    Jose