--On Monday, May 18, 2009 09:35:58 PM -0400 Andrew Zirkel andrewzirkel@gmail.com wrote:
I'm having a growing problem where certain entries won't add and I get these errors in slapd stats output:
conn=7 op=160 MODRDN dn="cn=Untitled_1,cn=computer_groups,dc=chetwood,dc=local" => bdb_dn2id_add: subtree (cn=mslib,cn=computer_groups,dc=chetwood,dc=local) put failed: -30996 conn=7 op=160 RESULT tag=109 err=80 text=DN index add failed conn=7 op=161 MOD dn="cn=Untitled_1,cn=computer_groups,dc=chetwood,dc=local" conn=7 op=161 MOD attr=cn entry failed schema check: value of naming attribute 'cn' is not present in entry conn=7 op=161 RESULT tag=103 err=64 text=value of naming attribute 'cn' is not present in entry conn=7 op=162 MODRDN dn="cn=Untitled_1,cn=computer_lists,dc=chetwood,dc=local" => bdb_dn2id_add: subtree (cn=mslib,cn=computer_lists,dc=chetwood,dc=local) put failed: -30996 conn=7 op=162 RESULT tag=109 err=80 text=DN index add failed conn=7 op=163 MOD dn="cn=Untitled_1,cn=computer_lists,dc=chetwood,dc=local" conn=7 op=163 MOD attr=cn entry failed schema check: value of naming attribute 'cn' is not present in entry conn=7 op=163 RESULT tag=103 err=64 text=value of naming attribute 'cn' is not present in entry conn=7 op=164 SRCH base="cn=computer_groups,dc=chetwood,dc=local" scope=2 deref=0 filter="(&(objectClass=posixGroup)(objectClass=apple-group)(objectCla ss=extensibleObject)(|(cn=untitled_1)))" conn=7 op=164 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=7 op=165 ABANDON msg=165
From this log you would be hard pressed to convince me that you are
actually attemping to add entries to the directory. I would expect to see an entry like:
conn=2 op=7 ADD dn="uid=foobar,dc=domain,dc=com"
Seems like the log is pretty clear really. The application looks to be attempting to change the cn attribute on the dn=cn=Untitled_1, cn=computer_groups, dc=chetwood, dc=local and that entry doesn't have a cn attribute.
This is slapd 2.3.27, which is included in Apple OSX 10.5. This particular entry is for a computer group called mslib, and I'm using Apple's workgroup manager tool to add it. Other names will add, it seems to be entries that were created before but aren't showing up now. This is also happening for other object classes, like computer entires.
slapcat and the other tools I use don't show an existing entry for mslib or the other names that won't add. Any advise on where to go from here would be appreciated.
Seems like this should be a bug report to whoever is maintaining Apple's workgroup manager application. We can give you syntax help for using ldapmodify, ldapadd, and ldapdelete to hack on the Apple directory but it is unlikely to make workgroup manager any happier without understanding what policies it is attempting to enforce.
Bill