openldap "no global superior knowledge"

openldap
stKKd picture stKKd · Mar 4, 2014 · Viewed 50.6k times · Source

When I:

ldapadd -f pop01.ldif -x -D "cn=Manager,dc=ldap,dc=beonegroup,dc=be" -w 1234

I get:

adding new entry "dc=ldap,dc=beonegroup,dc=org"
ldapadd: Server is unwilling to perform (53)
        additional info: no global superior knowledge

Here is my slapd.conf:

database    bdb
suffix      "dc=ldap,dc=beonegroup,dc=be"
rootdn      "cn=Manager,dc=ldap,dc=beonegroup,dc=be"
rootpw          1234
directory   /var/lib/ldap/beoneDirectory
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

And my file used to populate:

[root@local beoneDirectory]# pwd
/var/lib/ldap/beoneDirectory
[root@local beoneDirectory]# cat pop01.ldif
dn: dc=ldap,dc=beone,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
dc: beone
o: beone
description: ldap.beone.be

dn: o=beone
objectClass: top
objectClass: organization
o: beone
description: Beone

dn: cn=Manager,o=beone
objectClass: organizationalRole
cn: Manager
description: LDAP Directory Administrator

dn: ou=Employes,o=beone
ou: Employes
objectClass: top
objectClass: organizationalUnit
description: Employes beone

dn: ou=Clients,o=beone
ou: Clients
objectClass: top
objectClass: organizationalUnit
description: Clients beone

#1ere entrée
dn: cn=Benoit Le,ou=Employes,o=beonegroup
cn: Benoit Le
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
mail: [email protected]
givenname: Benoit
sn: Lecomte
ou: Employes
street: 29 rue de cp
l: jumet
postalCode: 6040
telephoneNumber: 04942311
mobile: 01234345

#2eme employé
dn: cn=Matteo Di,ou=Employes,o=beonegroup
cn: Matteo Di
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
mail: [email protected]

I know this is a slapd.conf related issue, openldap doesn't know where to insert my entries but I don't really see how to specify it

Answer

tetra picture tetra · Mar 8, 2014

Your database is named (has suffix):

dc=ldap,dc=beonegroup,dc=be

You are in the ldif trying to add stuff to

dn: dc=ldap,dc=beone,dc=org

This is somewhat equivalent of makeing a directory called /something, then trying to create the file /some/file. It won't work since the directory /some doesn't exist.

Remember LDAP data is organized in a hierarchical structure, i.e. the form of a tree like directories and files are. The word superior refers to the level above (closer to top), similar to parent directory (closer to root) in the filesystem example.

In the filesystem you would get the error message /some/file: No such file or directory

The LDAP error could probably have been worded better, but to fix this you have to either change the suffix in your slapd.conf or change the stuff you want to add. They have to match.

(Thanks to lilalinux for in the comments also specifying how to fix)

Related questions

Querying Windows Active Directory server using ldapsearch from command line

Can anyone let me know if querying Active Directory server using ldapsearch, ldapadd, ldapdelete, etc. utilities is possible or not?

Read More
ldap_bind: Invalid Credentials (49)

I'm running OpenLDAP 2.4-28 on XUBUNTU 12.04. I'm reading "Mastering OpenLDAP" and configuring along with the book. When I try to perform the following search (page 47): $ ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base I am …

Read More
Enter LDAP Password keeps saying ldap_bind: Invalid credentials (49)

I looked everywhere for a solution to my problem but still didn't find it. I have these two simple files as sladp.conf and mytree.ldif and when i try to add something to mytree.ldif it keeps asking me …

Read More