Full_Name: Christian Setzer Version: slapd 2.3.30-5+etch2 OS: debian etch/lenny URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (62.214.143.132)
i have a master ldap server (ldap.domain.ape) and a slave(kontakte.affenfels.ape). the slave server only holds the referral for ou=contacts,dc=domain,dc=de.
on the master i created a referral object dn: ou=contacts,dc=domain,dc=de objectClass: referral objectClass: extensibleObject ou: contacts ref: ldap://kontakte.domain.ape/ou=contacts,dc=domain,dc=de
now i want to add a new entry to ou=contacts,dc=domain,dc=de i use ldapadd for that. the following message i get.
root@ldap.domain.ape:~ > ldapadd -x -D "cn=admin,dc=domain,dc=de" -h ldap.domain.ape -p 389 -f ldap_contacts_referral.ldif -MM -W -ZZ Enter LDAP Password: adding new entry "cn=user,ou=personal,ou=contacts,dc=domain,dc=de" ldap_add: Referral (10) matched DN: ou=contacts,dc=domain,dc=de referrals: ldap://kontakte.domain.ape/ou=contacts,dc=domain,dc=de
root@ldap.domain.ape:~ > cat ldap_contacts_referral.ldif dn: cn=user,ou=personal,ou=contacts,dc=domain,dc=de objectClass: organizationalRole cn: user
the syslog. Oct 19 13:47:35 ldap slapd[1262]: >>> dnPrettyNormal: <cn=user,ou=personal,ou=contacts,dc=domain,dc=de> Oct 19 13:47:35 ldap slapd[1262]: <<< dnPrettyNormal: <cn=user,ou=personal,ou=contacts,dc=domain,dc=de>, <cn=user,ou=personal,ou=contacts,dc=domain,dc=de> Oct 19 13:47:35 ldap slapd[1262]: do_add: dn (cn=user,ou=personal,ou=contacts,dc=domain,dc=de) Oct 19 13:47:35 ldap slapd[1262]: => get_ctrls Oct 19 13:47:35 ldap slapd[1262]: => get_ctrls: oid="2.16.840.1.113730.3.4.2" (critical) Oct 19 13:47:35 ldap slapd[1262]: <= get_ctrls: n=1 rc=0 err="" Oct 19 13:47:35 ldap slapd[1262]: conn=530 op=2 ADD dn="cn=user,ou=personal,ou=contacts,dc=domain,dc=de" Oct 19 13:47:35 ldap slapd[1262]: slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2 Oct 19 13:47:35 ldap slapd[1262]: ==> bdb_add: cn=user,ou=personal,ou=contacts,dc=domain,dc=de Oct 19 13:47:35 ldap slapd[1262]: oc_check_required entry (cn=user,ou=personal,ou=contacts,dc=domain,dc=de), objectClass "organizationalRole" Oct 19 13:47:35 ldap slapd[1262]: oc_check_allowed type "objectClass" Oct 19 13:47:35 ldap slapd[1262]: oc_check_allowed type "cn" Oct 19 13:47:35 ldap slapd[1262]: oc_check_allowed type "structuralObjectClass" Oct 19 13:47:35 ldap slapd[1262]: oc_check_allowed type "entryUUID" Oct 19 13:47:35 ldap slapd[1262]: oc_check_allowed type "creatorsName" Oct 19 13:47:35 ldap slapd[1262]: oc_check_allowed type "createTimestamp" Oct 19 13:47:35 ldap slapd[1262]: oc_check_allowed type "entryCSN" Oct 19 13:47:35 ldap slapd[1262]: oc_check_allowed type "modifiersName" Oct 19 13:47:35 ldap slapd[1262]: oc_check_allowed type "modifyTimestamp" Oct 19 13:47:35 ldap slapd[1262]: bdb_dn2entry("cn=user,ou=personal,ou=contacts,dc=domain,dc=de") Oct 19 13:47:35 ldap slapd[1262]: => bdb_dn2id("ou=personal,ou=contacts,dc=domain,dc=de") Oct 19 13:47:35 ldap slapd[1262]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990) Oct 19 13:47:35 ldap slapd[1262]: bdb_add: parent does not exist Oct 19 13:47:35 ldap slapd[1262]: send_ldap_result: conn=530 op=2 p=3 Oct 19 13:47:35 ldap slapd[1262]: daemon: select: listen=7 active_threads=0 tvp=NULL Oct 19 13:47:35 ldap slapd[1262]: daemon: select: listen=8 active_threads=0 tvp=NULL Oct 19 13:47:35 ldap slapd[1262]: daemon: select: listen=9 active_threads=0 tvp=NULL Oct 19 13:47:35 ldap slapd[1262]: send_ldap_result: err=10 matched="ou=contacts,dc=domain,dc=de" text="" Oct 19 13:47:35 ldap slapd[1262]: send_ldap_result: referral="ldap://kontakte.host.ape/ou=contacts,dc=domain,dc=de" Oct 19 13:47:35 ldap slapd[1262]: send_ldap_response: msgid=3 tag=105 err=10 Oct 19 13:47:35 ldap slapd[1262]: send_ldap_response: ref="ldap://kontakte.host.ape/ou=contacts,dc=domain,dc=de" Oct 19 13:47:35 ldap slapd[1262]: conn=530 op=2 RESULT tag=105 err=10 text= Oct 19 13:47:35 ldap slapd[1262]: daemon: activity on 1 descriptor Oct 19 13:47:35 ldap slapd[1262]: daemon: activity on:
when i try to add an entry via the "ldap admin tool" and say that i want to use auth instead of anonymous it works. but with ldapadd it doesnt cause the ldaptools do not follow referrals right.
so normally it should be possible to add entries to the referral server with the master ldap.