[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unable to add certain entries
--On Tuesday, May 19, 2009 01:49:22 PM -0400 Andrew Zirkel <andrewzirkel@gmail.com> wrote: 



On May 19, 2009, at 12:39 PM, Bill MacAllister wrote:




--On Tuesday, May 19, 2009 10:09:41 AM -0400 Andrew Zirkel
<andrewzirkel@gmail.com
> wrote:



On May 19, 2009, at 1:30 AM, Bill MacAllister wrote:




--On Monday, May 18, 2009 09:35:58 PM -0400 Andrew Zirkel
<andrewzirkel@gmail.com
> wrote:


I'm having a growing problem where certain entries won't add and I
get these errors in slapd stats output:

conn=7 op=160 MODRDN
dn="cn=Untitled_1,cn=computer_groups,dc=chetwood,dc=local"
=> bdb_dn2id_add: subtree
(cn=mslib,cn=computer_groups,dc=chetwood,dc=local) put failed:
-30996 conn=7 op=160 RESULT tag=109 err=80 text=DN index add
failed conn=7 op=161 MOD
dn="cn=Untitled_1,cn=computer_groups,dc=chetwood,dc=local"
conn=7 op=161 MOD attr=cn
entry failed schema check: value of naming attribute 'cn' is not
present in entry
conn=7 op=161 RESULT tag=103 err=64 text=value of naming attribute
'cn' is not present in entry
conn=7 op=162 MODRDN
dn="cn=Untitled_1,cn=computer_lists,dc=chetwood,dc=local"
=> bdb_dn2id_add: subtree
(cn=mslib,cn=computer_lists,dc=chetwood,dc=local) put failed:
-30996
conn=7 op=162 RESULT tag=109 err=80 text=DN index add failed
conn=7 op=163 MOD
dn="cn=Untitled_1,cn=computer_lists,dc=chetwood,dc=local"
conn=7 op=163 MOD attr=cn
entry failed schema check: value of naming attribute 'cn' is not
present in entry
conn=7 op=163 RESULT tag=103 err=64 text=value of naming attribute
'cn' is not present in entry
conn=7 op=164 SRCH base="cn=computer_groups,dc=chetwood,dc=local"
scope=2 deref=0
filter="(&(objectClass=posixGroup)(objectClass=apple-group)(objec
tC la ss=extensibleObject)(|(cn=untitled_1)))"
conn=7 op=164 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=7 op=165 ABANDON msg=165



From this log you would be hard pressed to convince me that you
are

actually attemping to add entries to the directory.  I would expect
to see an entry like:

conn=2 op=7 ADD dn="uid=foobar,dc=domain,dc=com"

Seems like the log is pretty clear really.  The application looks
to be attempting to change the cn attribute on the
dn=cn=Untitled_1, cn=computer_groups, dc=chetwood, dc=local and
that entry doesn't have a cn attribute.


This is slapd 2.3.27, which is included in Apple OSX 10.5.  This
particular entry is for a computer group called mslib, and I'm
using
Apple's workgroup manager tool to add it.  Other names will add,
it seems to be entries that were created before but aren't
showing up now.  This is also happening for other object classes,
like   computer
entires.

slapcat and the other tools I use don't show an existing entry for
mslib or the other names that won't add.  Any advise on where to
go from here would be appreciated.


Seems like this should be a bug report to whoever is maintaining
Apple's workgroup manager application.  We can give you syntax help
for using ldapmodify, ldapadd, and ldapdelete to hack on the Apple
directory but it is unlikely to make workgroup manager any happier
without understanding what policies it is attempting to enforce.


Here's what I get using slapadd, this does work for other group
names (just changing mslib to test for example):

chetwood:~ root# slapadd -v << EOF
> dn: cn=mslib,cn=computer_lists,dc=chetwood,dc=local
> objectClass: apple-computer-list
> objectClass: top
> structuralObjectClass: apple-computer-list
> cn: mslib
> EOF
overlay_config(): warning, overlay "dynid" already in list
overlay_config(): warning, overlay "dynid" already in list
overlay_config(): warning, overlay "dynid" already in list
overlay_config(): warning, overlay "dynid" already in list
overlay_config(): warning, overlay "dynid" already in list
=> bdb_dn2id_add: subtree
(cn=mslib,cn=computer_lists,dc=chetwood,dc=local) put failed: -30996
=> bdb_tool_next_id: dn2id_add failed: DB_KEYEXIST: Key/data pair
already exists (-30996)
=> bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair
already exists (-30996)
slapadd: could not add entry
dn="cn=mslib,cn=computer_lists,dc=chetwood,dc=local" (line=6):
txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)



First, unless you are shutting down the directory server when you
run slapadd you should be using ldapadd instead.


I stopped slapd to use slapadd.  I was trying to get closer to the db
level.

Second, the error is pretty clear.  The entry is already in the
directory.  You can confirm this using something like:

ldapsearch -h hostname -b your-base-dn cn=mslib


Here is the results of ldapsearch
chetwood:~ root# ldapsearch -x -b "dc=chetwood,dc=local" "cn=mslib"
I would not expect this query to return anything. The log entries that you originally sent indicate that this entry does not have a cn attribute. Use the full dn of the entry as the base and drop the filter and see what you get.
How about we drop this discussion off of the list. I don't expect there are many others that find ti useful. 

Bill


# extended LDIF
#
# LDAPv3
# base <dc=chetwood,dc=local> with scope subtree
# filter: cn=mslib
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

And the results of a successful query:
chetwood:~ root# ldapsearch -x -b "dc=chetwood,dc=local" "cn=hse119"
# extended LDIF
#
# LDAPv3
# base <dc=chetwood,dc=local> with scope subtree
# filter: cn=hse119
# requesting: ALL
#

# hse119, computer_groups, chetwood.local
dn: cn=hse119,cn=computer_groups,dc=chetwood,dc=local
objectClass: posixGroup
objectClass: apple-group
objectClass: extensibleObject
...

Thanks,
Andy.





--

Bill MacAllister, System Software Programmer
Unix Systems Group, Stanford University