The resolution to this, if anyone else ever gets stuck, is that the provided
sample SQL files do not have enough smarts to actually maintain the ldap
database properly. I think the overal layout/design stinks, but I at least
got it working enough to understand the moving parts. In the
ldap_oc_mappings table, it needs to know how to create additional rows in
the helper tables ('persons', in the case of inetOrgPerson from these
examples), and ldap_attr_mappings is unable to actually stuff the data in as
its add_proc, etc fields are empty. Included are some entries that work a
little better, but require MySQL functions to operate. They can't really
handle multiple updates at once, but it isn't too bad. Changing to mySQL's
auto_increment fields would fix that.Example additions for MySQL 5 These additions do NOT handle deletions, however they provide a much better starting point. They are based on the testdb and back_sql files shipped with 2.3.11. No table changes were made to the provided tables, however several functions have been added: INSERT INTO `ldap_attr_mappings` (`id`, `oc_map_id`, `name`, `sel_expr`, `sel_expr_u`, `from_tbls`, `join_where`, `add_proc`, `delete_proc`, `param_order`, `expect_return`) VALUES (1,1,'cn','concat(persons.name,\' \',persons.surname)',NULL,'persons',NULL,NULL,NULL,3,0), (2,1,'telephoneNumber','phones.phone',NULL,'persons,phones','phones.pers_id= persons.id','insert into phones (id,phone,pers_id) values (newphone(),?,?)',NULL,3,0), (3,1,'givenName','persons.name',NULL,'persons',NULL,'update persons set name=? where id=?',NULL,3,0), (4,1,'sn','persons.surname',NULL,'persons',NULL,'update persons set surname=? where id=?',NULL,3,0), (5,1,'userPassword','persons.password',NULL,'persons','persons.password IS NOT NULL','update persons set password=? where id=?',NULL,3,0), (6,1,'seeAlso','seeAlso.dn',NULL,'ldap_entries AS seeAlso,documents,authors_docs,persons','seeAlso.keyval=documents.id AND seeAlso.oc_map_id=2 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',NULL,NULL,3,0); INSERT INTO `ldap_oc_mappings` (`id`, `name`, `keytbl`, `keycol`, `create_proc`, `delete_proc`, `expect_return`) VALUES (1,'inetOrgPerson','persons','id','select newperson();',NULL,0),(2,'document','documents','id','select max(id)+1 from ldap_entries;',NULL,0),(3,'organization','institutes','id','select max(id)+1 from ldap_entries;',NULL,0),(4,'referral','referrals','id','select max(id)+1 from ldap_entries;',NULL,0); DELIMITER ;; DROP FUNCTION IF EXISTS `newperson` ;; SET SESSION SQL_MODE="";; CREATE FUNCTION `newperson`() RETURNS int(11) DETERMINISTIC BEGIN DECLARE newkey integer(11); select max(id)+1 into newkey from persons; insert into persons (id) values (newkey); RETURN newkey; END ;; SET SESSION [EMAIL PROTECTED];; DROP FUNCTION IF EXISTS `newphone` ;; SET SESSION SQL_MODE="";; CREATE FUNCTION `newphone`() RETURNS int(11) DETERMINISTIC BEGIN DECLARE newkey integer(11); select max(id)+1 into newkey from phones; RETURN newkey; END ;; DELIMITER ; -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, November 28, 2005 2:02 PM To: [EMAIL PROTECTED] Cc: [email protected] Subject: RE: sql-backend - ldapadd fails I'd say that it is likely do to my relative lack of understanding about LDAP, except the configurations and schemas I'm using were directly lifted from ~/src/openldap-2.3.11/servers/slapd/back-sql/rdbms_depend/mysql including slapd.conf which now reads: include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /usr/local/var/slapd.pid argsfile /usr/local/var/slapd.args ####################################################################### # sql database definitions ####################################################################### database sql suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" #suffix "o=sql,c=RU" #rootdn "cn=root,o=sql,c=RU" rootpw secret dbname ldap dbuser ldap dbpasswd ********* subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)" insentry_stmt "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)" has_ldapinfo_dn_ru no The ldif I was adding is: dn: cn=Dan Pinkard,dc=example,dc=com objectClass: inetOrgPerson cn: Dan Pinkard sn: Pinkard As you mentioned the tracelog does explain things a little, but I'm not sure what it's telling me to fix: ==>backsql_add("cn=Dan Pinkard,dc=example,dc=com") oc_check_required entry (cn=Dan Pinkard,dc=example,dc=com), objectClass "inetOrgPerson" oc_check_allowed type "objectClass" oc_check_allowed type "cn" oc_check_allowed type "sn" oc_check_allowed type "structuralObjectClass" oc_check_allowed type "entryUUID" oc_check_allowed type "creatorsName" oc_check_allowed type "createTimestamp" oc_check_allowed type "entryCSN" oc_check_allowed type "modifiersName" oc_check_allowed type "modifyTimestamp" backsql_add("cn=Dan Pinkard,dc=example,dc=com"): create procedure is not defined for structuralObjectClass "inetOrgPerson" - aborting send_ldap_result: conn=0 op=1 p=3 send_ldap_response: msgid=2 tag=105 err=53 ber_flush: 58 bytes to sd 9 <==backsql_add("cn=Dan Pinkard,dc=example,dc=com"): 53 "operation not permitted within namingContext" connection_get(9): got connid=0 connection_read(9): checking for input on id=0 The confusing part here is that it makes no reads to determine anything at all.. it just -----Original Message----- From: Pierangelo Masarati [mailto:[EMAIL PROTECTED] Sent: Monday, November 28, 2005 1:44 PM To: [EMAIL PROTECTED] Cc: [email protected] Subject: Re: sql-backend - ldapadd fails On Mon, 2005-11-28 at 12:03 -0800, [EMAIL PROTECTED] wrote: > Some time ago someone posted about a problem with the SQL back-end > connecting to a MySQL database. In my case I > 'm using unixODBC 2.2.11 and MySQL 5.0.15 against openldap-2.3.11, and I'm > getting the same problem I saw listed here some months ago. > > ldapadd -x -h 192.168.0.3 -D "cn=Manager,dc=example,dc=com" -wsecret -f > example.ldif3 > adding new entry "cn=Dan Pinkard,dc=example,dc=com"ldap_add: Server is > unwilling to perform (53) > additional info: operation not permitted within namingContext To say anything more about that we need to know more, because back-sql is far from something that just works out of the box. In detail, I need to know about your slapd.conf and your settings in ldap_oc_mappings and ldap_attr_mappings tables; a schematic of your ldap_entries would help as well. > I know that the ODBC and SQL pieces are functioning, as it can read > successfully when I execute ldapsearch -x -h 192.168.0.3 -b > 'dc=example,dc=com' '(objectclass=*)', however I do not even get a > connection to the MySQL database when I attempt the ldap add. sounds like back-sql doesn't let you there because it knows in advance it has no clues about how to write to the RDBMS; should be a mapping problem, but I'm just guessing. I'd note that back-sql write routines return that error code and that very message in many, many places; each of those places, however, produces a very specific log message (at "trace" level). If you look at the server logs at "trace" level you'll quickly discover if and what is missing from your configuration/metadata. p. Ing. Pierangelo Masarati Responsabile Open Solution SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
