2

So I have a fresh installation of openldap on a debian 9 machine which currently looks like

this

It's going to be a database for telephone numbers, too keep it easy, I'll use this example: The database will be splitted into the city - the streets - and the people who live in this streets.

It should look like this: dc=city -> ou=street -> cn=nameofperson

So far so good, I try to create the first dc, for example New York like this:

root@ldap-test:/etc/ldap/ldif-import# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/ldif-import/createcn.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=NewYork"
ldap_add: Server is unwilling to perform (53)
        additional info: no global superior knowledge

and thats how the ldif file looks like:

dn: cn=NewYork
dc: NewYork
distinguishedName: dc=NewYork
name: NewYork
objectClass: top
objectClass: dcObject

As this didn't work I thought of another way, to put the streets into nodomain, just to check if it will work this way, but it seems that the schema is missing distinguishedName and name. I looked into the default schemas and core.ldif has these entries, but they are commented out.

So I cant load this ldif:

dn: ou=broadway,dc=nodomain
distinguishedName: ou=broadway,dc=nodomain
name: broadway
objectClass: top
objectClass: organizationalUnit
ou: broadway

.

root@ldap-test:/etc/ldap/ldif-import# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/ldif-import/broadway.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "ou=broadway,dc=nodomain"
ldap_add: Object class violation (65)
        additional info: attribute 'distinguishedName' not allowed

So loading distinguishedName into the schema but it shows adding new entry 

"cn=core,cn=schema,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
        additional info: olcAttributeTypes: Duplicate attributeType: "2.5.4.49"

I dont understand why, because it's not even loaded in /etc/ldap/slapd.d/cn=config/cn=schema/cn={*}*.ldif

Anybody knows what to do?

HBruijn
  • 77,029
  • 24
  • 135
  • 201
lemon
  • 21
  • 1
  • 6

1 Answers1

1
  • name isn't a generally used attribute, though cn (commonName) is.
  • Don't attempt to add distinguishedName. dn already handles this. dn and distinguishedName are aliases for the same attribute, but only dn should be used for ldapmodify operations. This includes ldapadd.

Your first ldif is failing because:

  1. Your ldap server is not configured to handle the cn=NewYork namingContext. 2 You are attempting to add a distinguishedName attribute.
  2. objectClass: dcObject has no attribute name

Your second ldif is failing because:

  1. You are attempting to add a distinguishedName attribute.
  2. objectClass: organizationalUnit has no attribute name

Side note: ldap attributes, including the parts used in rdn's, can have spaces in them. Use quotes as appropriate.

84104
  • 12,905
  • 6
  • 45
  • 76