1

I'm having an issue configuring openldap v2.4.46 + postgres (9.6.x), I'm running into a problem i cannot find an answer to.

Installation steps

yum install -y vim libacl-devel libblkid-devel gnutls-devel readline-devel python-devel autoconf gcc-c++ gcc glibc-devel glibc-headers kernel-headers libgomp libstdc++-devel openssl-devel e2fsprogs-devel keyutils-libs-devel krb5-devel libselinux-devel libsepol-devel libtool-ltdl-devel postgresql-odbc.x86_64 postgresql-client wget postgresql-devel librpcsecgss unixODBC-devel export HISTCONTROL=erasedups:ignorespace export HISTSIZE="" wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.46.tgz tar xvf openldap-2.4.46.tgz cd openldap-2.4.46 && ./configure --prefix=/ --enable-sql --without-cyrus-sasl --disable-bdb --enable-crypt --disable-hdb && make depend && make && make install && cd - psql -h postgres -U postgres -c 'DROP DATABASE ldap' psql -h postgres -U postgres -c 'CREATE DATABASE ldap' cat /openldap-2.4.46/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_create.sql | psql -h postgres -U postgres ldap

/etc/openldap/slap.conf

include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/ppolicy.schema pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database sql suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" rootpw secret dbname ldap dbuser postgres dbpasswd postgres insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)" upper_func "upper" strcast_func "text" concat_pattern "?||?" has_ldapinfo_dn_ru no lastmod off

/etc/odbc.ini

; odbc.ini ; [ODBC Data Sources] ldap=PostgreSQL [ldap] ; WARNING: The old psql odbc driver psqlodbc.so is now renamed psqlodbcw.so ; in version 08.x. Note that the library can also be installed under an other ; path than /usr/local/lib/ following your installation. Driver=/usr/lib64/psqlodbcw.so Description=Connection to LDAP/POSTGRESQL Servername=postgres Port=5432 Protocol=6.4 FetchBufferSize=99 Username=postgres Password=postgres Database=ldap ReadOnly=no Debug=1 CommLog=1 [ODBC] InstallDir=/usr/local/lib

Running the app

$ /usr/libexec/slapd -f /etc/openldap/slapd.conf -d 3

group.ldif

dn: dc=my-domain,dc=com objectClass: domain dc: my-domain dn: ou=people,dc=my-domain,dc=com ou: people objectClass: organizationalUnit dn: ou=groups,dc=my-domain,dc=com ou: groups objectClass: organizationalUnit

Problem

$ ldapadd -f groups.ldif -h localhost -D "cn=Manager,dc=my-domain,dc=com" -w secret adding new entry "dc=my-domain,dc=com" ldap_add: Server is unwilling to perform (53) additional info: operation not permitted within namingContext

Debug from the server

5afc9875 slap_listener_activate(6): 5afc9875 >>> slap_listener(ldap:///) 5afc9875 connection_get(10): got connid=1000 5afc9875 connection_read(10): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 30 02 01 01 60 2b 02 00...`+. ldap_read: want=42, got=42 0000: 01 03 04 1e 63 6e 3d 4d 61 6e 61 67 65 72 2c 64 ....cn=Manager,d 0010: 63 3d 6d 79 2d 64 6f 6d 61 69 6e 2c 64 63 3d 63 c=my-domain,dc=c 0020: 6f 6d 80 06 73 65 63 72 65 74 om..secret ber_get_next: tag 0x30 len 48 contents: 5afc9875 op tag 0x60, time 1526503541 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 5afc9875 conn=1000 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: 5afc9875 >>> dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com> 5afc9875 <<< dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>, <cn=manager,dc=my-domain,dc=com> 5afc9875 do_bind: version=3 dn="cn=Manager,dc=my-domain,dc=com" method=128 5afc9875 ==>backsql_bind() 5afc9875 conn=1000 op=0: rootdn="cn=Manager,dc=my-domain,dc=com" bind succeeded 5afc9875 <==backsql_bind(0) 5afc9875 do_bind: v3 bind: "cn=Manager,dc=my-domain,dc=com" to "cn=Manager,dc=my-domain,dc=com" 5afc9875 send_ldap_result: conn=1000 op=0 p=3 5afc9875 send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 10 ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ 5afc9875 connection_get(10): got connid=1000 5afc9875 connection_read(10): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 49 02 01 02 68 44 04 0I...hD. ldap_read: want=67, got=67 0000: 13 64 63 3d 6d 79 2d 64 6f 6d 61 69 6e 2c 64 63 .dc=my-domain,dc 0010: 3d 63 6f 6d 30 2d 30 17 04 0b 6f 62 6a 65 63 74 =com0-0...object 0020: 43 6c 61 73 73 31 08 04 06 64 6f 6d 61 69 6e 30 Class1...domain0 0030: 12 04 02 64 63 31 0c 04 0a 6d 79 2d 64 6f 6d 61 ...dc1...my-doma 0040: 69 6e 20 in ber_get_next: tag 0x30 len 73 contents: 5afc9875 op tag 0x68, time 1526503541 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 5afc9875 conn=1000 op=1 do_add ber_scanf fmt ({m) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt (}) ber: 5afc9875 >>> dnPrettyNormal: <dc=my-domain,dc=com> 5afc9875 <<< dnPrettyNormal: <dc=my-domain,dc=com>, <dc=my-domain,dc=com> 5afc9875 ==>backsql_add("dc=my-domain,dc=com") 5afc9875 oc_check_required entry (dc=my-domain,dc=com), objectClass "domain" 5afc9875 oc_check_allowed type "objectClass" 5afc9875 oc_check_allowed type "dc" 5afc9875 oc_check_allowed type "structuralObjectClass" 5afc9875 backsql_add("dc=my-domain,dc=com"): cannot map structuralObjectClass "domain" -- aborting 5afc9875 send_ldap_result: conn=1000 op=1 p=3 5afc9875 send_ldap_response: msgid=2 tag=105 err=53 ber_flush2: 58 bytes to sd 10 ldap_write: want=58, written=58 0000: 30 38 02 01 02 69 33 0a 01 35 04 00 04 2c 6f 70 08...i3..5...,op 0010: 65 72 61 74 69 6f 6e 20 6e 6f 74 20 70 65 72 6d eration not perm 0020: 69 74 74 65 64 20 77 69 74 68 69 6e 20 6e 61 6d itted within nam 0030: 69 6e 67 43 6f 6e 74 65 78 74 ingContext 5afc9875 <==backsql_add("dc=my-domain,dc=com"): 53 "operation not permitted within namingContext" 5afc9875 connection_get(10): got connid=1000 5afc9875 connection_read(10): checking for input on id=1000 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 03 42 00 0....B. ber_get_next: tag 0x30 len 5 contents: 5afc9875 op tag 0x42, time 1526503541 ber_get_next ldap_read: want=8, got=0 5afc9875 ber_get_next on fd 10 failed errno=0 (Success) 5afc9875 conn=1000 op=2 do_unbind 5afc9875 connection_close: conn=1000 sd=10
Improve this question

1 Answer 1

Reset to default
1

Turns out i was expecting sql to work similarly to mdb and.. it does not. Every relation needs to be defined now inside the db; kiss your import ....ldif goodbye and now add them into the db.

psql -h postgres -U postgres -c 'DROP DATABASE ldap' psql -h postgres -U postgres -c 'CREATE DATABASE ldap' psql -h postgres -U postgres ldap < /openldap-2.4.46/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_create.sql psql -h postgres -U postgres ldap < /openldap-2.4.46/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_create.sql psql -h postgres -U postgres ldap < /openldap-2.4.46/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_metadata.sql psql -h postgres -U postgres ldap < /openldap-2.4.46/servers/slapd/back-sql/rdbms_depend/pgsql/testdb_data.sql

for me this was more trouble than it was worth, so ive since abandoned this approach and have just gone with mdb.

If there is anyone out there that has a better way of doing this, please! I'm all ears.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.