Sam Cannell wrote:

I'm trying to create an openldap instance to hold some data I'm retrieving from a remote ldap server with ldapsearch.

The server is set up and I can create objects in it, but it's refusing to import some of the objects from the ldif I'm getting from ldapsearch.

The objects in question are something along the lines of:

# foo, stuff, nz dn: o=foo, ou=stuff, c=nz objectClass: top objectClass: organization o: bar

So the 'o' attribute doesn't match the dn of the object. Trying to import it gives me the following error:

adding new entry "o=foo, ou=stuff, c=nz" ldap_add: Naming violation (64) additional info: value of naming attribute 'o' is not present in entry

Google shows me a bunch of other people getting the same error, but the response seems to invariably be 'fix your data'. In my case I'm not in control of the source data, so ideally I'd like to be able to tell slapd to ignore the naming error and import the object anyway. Is this possible?

Well, according to rfc4511 Section 4.7, the server now takes care of adding distinguished values of naming attributes to the entry, provided this results in an entry that complies with schema restrictions (e.g. in your case, if "o" were a single-valued attr, adding "foo" would violate the schema). AFAIK, you need to use OpenLDAP 2.4, as OpenLDAP 2.3 does not conform to rfc4510-9.

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------