Login/Register
openldap "no global superior knowledge"
Asked Answered
openldap
M

2

30

When I:

ldapadd -f pop01.ldif -x -D "cn=Manager,dc=ldap,dc=beonegroup,dc=be" -w 1234

I get:

adding new entry "dc=ldap,dc=beonegroup,dc=org"
ldapadd: Server is unwilling to perform (53)
        additional info: no global superior knowledge

Here is my slapd.conf:

database    bdb
suffix      "dc=ldap,dc=beonegroup,dc=be"
rootdn      "cn=Manager,dc=ldap,dc=beonegroup,dc=be"
rootpw          1234
directory   /var/lib/ldap/beoneDirectory
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

And my file used to populate:

[root@local beoneDirectory]# pwd
/var/lib/ldap/beoneDirectory
[root@local beoneDirectory]# cat pop01.ldif
dn: dc=ldap,dc=beone,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
dc: beone
o: beone
description: ldap.beone.be

dn: o=beone
objectClass: top
objectClass: organization
o: beone
description: Beone

dn: cn=Manager,o=beone
objectClass: organizationalRole
cn: Manager
description: LDAP Directory Administrator

dn: ou=Employes,o=beone
ou: Employes
objectClass: top
objectClass: organizationalUnit
description: Employes beone

dn: ou=Clients,o=beone
ou: Clients
objectClass: top
objectClass: organizationalUnit
description: Clients beone

#1ere entrée
dn: cn=Benoit Le,ou=Employes,o=beonegroup
cn: Benoit Le
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
mail: [email protected]
givenname: Benoit
sn: Lecomte
ou: Employes
street: 29 rue de cp
l: jumet
postalCode: 6040
telephoneNumber: 04942311
mobile: 01234345

#2eme employé
dn: cn=Matteo Di,ou=Employes,o=beonegroup
cn: Matteo Di
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
mail: [email protected]

I know this is a slapd.conf related issue, openldap doesn't know where to insert my entries but I don't really see how to specify it

Montero answered 4/3, 2014 at 9:51 Comment(0)
F
32

Your database is named (has suffix):

dc=ldap,dc=beonegroup,dc=be

You are in the ldif trying to add stuff to

dn: dc=ldap,dc=beone,dc=org

This is somewhat equivalent of makeing a directory called /something, then trying to create the file /some/file. It won't work since the directory /some doesn't exist.

Remember LDAP data is organized in a hierarchical structure, i.e. the form of a tree like directories and files are. The word superior refers to the level above (closer to top), similar to parent directory (closer to root) in the filesystem example.

In the filesystem you would get the error message /some/file: No such file or directory

The LDAP error could probably have been worded better, but to fix this you have to either change the suffix in your slapd.conf or change the stuff you want to add. They have to match.

(Thanks to lilalinux for in the comments also specifying how to fix)

Feathers answered 7/3, 2014 at 23:18 Comment(3)
This answer tells us what is wrong, it doesn't explain how to fix it.Substantiate
Either change the suffix in your slapd.conf or change the stuff you want to add. They have to match.Coadjutant
Knowing how something is wrong is 1000x more valuable than just knowing how to fix it in a single specific case. "plz just tell me what to copy-paste so I can fix" is the wrong attitude to have on this site, I think.Faucal
I
10

The domain component structure what you have defined "dc=ldap,dc=beonegroup,dc=be" in not matching with your input entry in pop01.ldif first line.

Try to change the first line in your pop01.ldif from dc=org to dc=be and try again.

Inexistent answered 5/3, 2014 at 14:15 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.