Server: Apache DS 2.0
Client: Apache Directory Studio 2.0
The problem: I am running into error while importing a LDIF
This one works http://pastebin.com/DKZ4fT0U
This one does not http://pastebin.com/Z5NxUxX4
Error message: #!ERROR [LDAP: error code 32 - NO_SUCH_OBJECT: failed for MessageType : ADD_REQUEST Message ID : 81 Add Request : Entry dn[n]: dc=example,dc=zzz objectClass: dcObject objectClass: organization description: My wonderful company as much text as you want to place in this line up to 32K continuation data for the line above must have <CR> or <CR><LF> i.e. ENTER works on both Windows and *nix system - new line MUST begin with ONE SPACE dc: example o: Example, Inc. : ERR_268 Cannot find a partition for dc=example,dc=zzz]
The difference between the one that works and the one that doesn't work is - I replaced "com" with "zzz"
Note: I did delete the previous entry before importing the new LDIF
What am I missing?
The server should have a partition dc=example,dc=zzz configured first, otherwise server will reject any entry with the above suffix.
Related
I'm connected to my LDAP connection.
I'm trying to import an LDIF file to it by right clicking and using the wizard.
As I choose the file, check the overwrite option and press OK,
I get the following error:
Error while importing LDIF
javax.naming.NameAlreadyBoundException:
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1359)
And this appears in the Modification Logs tab:
#!RESULT ERROR
#!CONNECTION ldap://192.168.99.100:389
#!DATE 2018-01-24T11:01:17.743
#!ERROR
dn: dc=mycompany,dc=net
changetype: add
dc: mycompany
objectclass: dcObject
objectclass: organization
o: mycompany.net
I tried googling around with the error but can't find anything on this particular matter.
Also, as I choose the LDIF-file, even after uninstalling and reinstalling the program, it warns already upon selecting the LDIF-file that "selected logfile already exists".
The description of javax.naming.NameAlreadyBoundException sounds like this is a weird name for the LDAP result code entryAlreadyExists(68) returned when processing the LDAP Add Operation.
It means just that: An LDAP entry with this DN already exists. You cannot add a second one with the same DN.
New to LDAP. Exported the DIT as an LDIF from Apache Studio. Tried to import the LDIF file. Error occurs:
...
#!ERROR [LDAP: error code 32 - Unable to add entry 'dc=example,dc=com' because its parent entry 'dc=com' does not exist in the server.]
dn: dc=example,dc=com
changetype: add
dc: example
objectClass: domain
objectClass: top
The LDAP server is UnboundID LDAP SDK for Java 3.2.0.
I don't know enough LDAP to fix it.
Should Apache Studio have created dc=com before this entry?
LDIF export does not guarentee ordering. LDIF import assumes ordering.
So to answer your question, yes, you should have created dc=com first.
There is a subtle exception where you can have a dc=example.com as a single node which looks confusing. But periods are legal in a name.
I have created 4 new attributes on cn=schema and also created a new objectclass with the 4 attributes set as MUST.
I tried to add the objectclass to existing entry which obviously return an error because those 4 new attributes are not setup for the ldap entry.
I created an ldif file and ran ldapmodify but get object violation error. Can anyone tellme whats causing this error and if I'm missing anything.
ldif
#ldapmodify.bat -h localhost -p 1389 -D "cn=Directory Manager" -w xxxxx -a -f entry.ldif
dn: uid=user.0,ou=People,dc=example,dc=com
changetype: modify
add: disabledFlag
disabledFlag: n
-
add: passwordData
passwordData:< file:/C:\\oud\\asinst_1\\OUD\\bat\\images.png
-
add: anonymousID
anonymousID: nah
-
add: challengeResponse
challengeResponse: nah
Error after executing the command.
Processing MODIFY request for uid=user.0,ou=People,dc=example,dc=com
MODIFY operation failed
Result Code: 65 (Object Class Violation)
Additional Information: Entry uid=user.0,ou=People,dc=example,dc=com cannot not be modified because the resulting entry would have violated the server schema: Entry uid=user.0,ou=People,dc=example,dc=com violates the Directory Server schema configuration because it includes attribute anonymousID which is not allowed by any of the objectclasses defined in that entry
LDAP installed is OUD 11gR2.
Finally able to solve the question myself.
This is what I did
Changed STRUCTURAL to ABSTRACT for the objectclass since there can be only one STRUCTURAL and updated objectclass to have MAY attributes instead of MUST.
used ldap port instead of admin port in the ldap modify command.
I still couldn't figure out why cant objectclass be created with MUST ? Is this chicken and egg kind of problem?
I have 2 apacheds services running on workstation (Windows 7). One of the service runs as a windows service and the other one I am running from its jar file from command line using
java -jar "C:\Program Files (x86)\ApacheDS - Instance2\lib\apacheds-service-2.0.0-M15.jar" "C:\Program Files (x86)\ApacheDS - Instance2\instances\instance2"
The first apacheds installation is at location C:\Program Files (x86)\ApacheDS and it runs on 10389. The second service runs on port 11389.
Using apache directory studio I can connect to both these instances/services running on my workstation and there are no errors on console.
By using the following ldif file I have imported setting for Instance 1 which will be the master
dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
changetype: modify
add: ads-replReqHandler
ads-replReqHandler: org.apache.directory.server.ldap.replication.provider.SyncReplRequestHandler
Then I have also imported following ldif file to Instance 1/master -
dn: ads-replConsumerId=1,ou=replConsumers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
changetype: add
ads-replRefreshNPersist: TRUE
ads-replAliasDerefMode: never
ads-replProvPort: 10389
ads-replSearchSizeLimit: 0
ads-replProvHostName: localhost
objectClass: ads-replConsumer
objectClass: ads-base
ads-replUserDn: uid=admin, ou=system
ads-replRefreshInterval: 60000
ads-replUserPassword: secret
ads-replConsumerId: 1
ads-replAttributes: *
ads-replSearchTimeOut: 0
ads-replSearchScope: sub
ads-replSearchFilter: (objectClass=*)
ads-searchBaseDN: ou=system
I added a few users under ou=users, ou=system on the master but nothing gets replicated on the slave. There is no evidence on the consoles of either instances that these two instances are trying to talk and hence I think this is not the right configuration or incomplete configuration as there is nothing I could find on apacheds documentation that needs to be added as part of the consumer configuration on Instance2/Slave. Am I missing something ?
Thanks !
There was some bug in apacheds 2.0 - M15 Version regarding replication. That bug has been rectified already and the fix will be in M16. I built 2 separate instances from apacheds svn trunk and built the installers and ran 2 separate instances. Added following settings/config on the Provider/Master (Running on Port 10389) -
dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
changetype: modify
add: ads-replReqHandler
ads-replReqHandler: org.apache.directory.server.ldap.replication.provider.SyncReplRequestHandler
Added following config to the consumer/slave instance (Running on 11389) -
dn: ads-replConsumerId=1,ou=replConsumers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
changetype: add
ads-replRefreshNPersist: TRUE
ads-replAliasDerefMode: never
ads-replProvPort: 10389
ads-replSearchSizeLimit: 0
ads-replProvHostName: localhost
objectClass: ads-replConsumer
objectClass: ads-base
ads-replUserDn: uid=admin, ou=system
ads-replRefreshInterval: 60000
ads-replUserPassword: secret
ads-replConsumerId: 1
ads-replAttributes: *
ads-replSearchTimeOut: 0
ads-replSearchScope: sub
ads-replSearchFilter: (objectClass=*)
ads-searchBaseDN: ou=system
Restarted both instances and tried adding an entry under Provider and Wow ! it got replicated to the consumer.
Though the configuration I have posted in the question is incorrect, couple of confusing things led to that configuration.
Lack of clear documentation on apacheds website.
Apache ds studio - When you create a connection in apache ds studio to connect to a apacheds service, you can right click on the connection and open its configuration (Which is stored under ou=config. Its basically a GUI for ou=config). When you click on the last tab 'Replication'. The title reads 'All Replication Consumers' with a 'Add' button placed on the right. This is misleading as it gives the user an impression that one needs to add consumer/slave details here and this config should lie on the master/provider side.
I am working now with the Apache Directory Server. I am a freshman in LDAP.
After few paragraphs of reading about it I noticed that I need my own tree to particular case that I want to design. For know, let's say I have some domain bubble.com. I want to create dc object for it dc=buble, dc=com. When I try to do so using Apache Directory Studio I get the following error:
Error while creating entry
- [LDAP: error code 32 - NO_SUCH_OBJECT: failed for Add Request
javax.naming.NameNotFoundException: [LDAP: error code 32 - NO_SUCH_OBJECT: failed for Add Request :
ClientEntry
dn: dc=bubble+dc=com
objectClass: dcObject
objectClass: top
dc: bubble
dc: com
: ERR_268 Cannot find a partition for dc=bubble+dc=com]; remaining name 'dc=bubble+dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3112)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:811)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:337)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:266)
at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$4.run(JNDIConnectionWrapper.java:658)
at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.runAndMonitor(JNDIConnectionWrapper.java:1272)
at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.checkConnectionAndRunAndMonitor(JNDIConnectionWrapper.java:1203)
at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.createEntry(JNDIConnectionWrapper.java:704)
at org.apache.directory.studio.ldapbrowser.core.jobs.CreateEntryRunnable.createEntry(CreateEntryRunnable.java:226)
at org.apache.directory.studio.ldapbrowser.core.jobs.CreateEntryRunnable.run(CreateEntryRunnable.java:117)
at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:113)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
[LDAP: error code 32 - NO_SUCH_OBJECT: failed for Add Request :
ClientEntry
dn: dc=bubble+dc=com
objectClass: dcObject
objectClass: top
dc: bubble
dc: com
: ERR_268 Cannot find a partition for dc=bubble+dc=com]
To be honest, I don't really understand what is going on. What is the idea of partitions?Is it possible to create own dc in such way? Or maybe do I have to put everything into ou=schema or ou=system? What is the purpose of ou=schema and ou=system, present in ADS by default?
dc=bubble+dc=com is a distinguished name with a multi-valued relative distinguished name, and no parent. The DIT must have a suffix or namingContext hosted by a backend and then you could add the entry as a subordinate to that suffix or namingContext, for example, dc=bubble+dc=com,o=my-suffix.
You need to restart apacheds service on remote server, this tutorial explains in details: https://technology.amis.nl/2014/10/22/getting-started-with-apacheds-ldap-server-and-directory-studio/
Create data partition with the suffix "dc=bubble,dc=com".
http://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html