#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    8
    Rep Power
    0

    Doing a simple ldap doesnt' work...


    I am doing a homework for the University and I am unable to success in doing an ADD of an attribute to a DN:

    The command line I used is:

    ldapmodify -f P17.txt -h hostname -p 7373 -D "UID=u23741,ou=AEC2,dc=EINFO
    ,dc=UPF,dc=EDU" W


    And the ldif file P17.txt is :

    dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
    changetype:add
    add:description
    description:1


    But ldapadd keeps on giving me the same error:

    adding new entry "UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU"
    ldapadd: update failed: UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
    ldap_add: Undefined attribute type (17)
    additional info: add: attribute type undefined

    I have changed the changetype many times and done a lot of things but I don't succes...

    If you can help me it would be great, thanks.
  2. #2
  3. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    12
    Ok - couple of questions:

    1. Does the entry already exist in the LDAP server?

    If yes:

    You should change the contents of your file to the following:

    dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
    changetype: modify
    add: description
    description: 1

    Also be sure to include spaces between the attribute and it's value:

    attribute: attributevalue

    It looks like you may not have done this - though it's hard to tell for sure.

    If no - the entry is not present in the LDAP directory:

    What schema are you using? You do not appear to have all the required attributes of any object class. If you don't know you should probably include:

    dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
    changetype: add
    description: 1
    sn: something
    uid: u23741
    cn: something
    givenname: something

    HTH
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    8
    Rep Power
    0
    Hmmm...
    It's the second case, the attribute doesn't exist.


    But if in the ldif file I put all those attributes:


    dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
    changetype: add
    description: 1
    sn: something
    uid: u23741
    cn: something
    givenname: something

    They will be added/overwritten right ? Those already exist on the dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU entry. Well, I suppose it will be needed to put the same values.

    Edit: Tested it. It doesn't work.
  6. #4
  7. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    12
    I am confused - does the entry exist already or not?
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    8
    Rep Power
    0
    The entry with the DN:
    dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
    exists and it has its own attributes:

    $ ldapsearch -h hostname -p 7373 -b "UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=
    EDU" -s base -D "UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU" -W
    # extended LDIF
    #
    # LDAPv3
    # base <UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU> with scope base
    # filter: (objectclass=*)
    # requesting: ALL
    #

    # u23741, AEC2, EINFO.UPF.EDU
    dn: uid=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
    groupPrac: 12462-1
    career: 337-3371-Enginyeria en Informatica
    nia: 23741
    sn: SARRADO LARA
    mark: null
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    objectClass: studentPerson
    uid: u23741
    cn: Enric
    groupMembers: null
    email: enric.sarrado.01@upf.es
    userPassword:: Ym9nYXJk

    # search result
    search: 2
    result: 0 Success

    # numResponses: 2
    # numEntries: 1

    I just want to add a description attribute to that entry.
  10. #6
  11. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    12
    Provided studentPerson allows description (which it should if it is built correctly) you should have no issues with the following:

    dn: UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
    changetype: modify
    add: description
    description: 1
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    8
    Rep Power
    0
    Originally Posted by ldap4u
    Provided studentPerson allows description (which it should if it is built correctly) you should have no issues with the following:

    dn: UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
    changetype: modify
    add: description
    description: 1
    Yes, I tried this. But then a new error appears:
    modifying entry "UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU"
    ldapadd: update failed: UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
    ldap_modify: Insufficient access (50)

    This seems related to the fact my username/password isn't allowed to do this change...But I consider it totally weird since I can (and I have) delete attributes.
  14. #8
  15. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    12
    Each vendor typically has their own way of implementing ACI's. Write and delete are usually separate permissions - but usually over the entire entry - meaning that I am surprised that you can delete an attribute but not add one - as they are both defined as writes with most vendor implementations. It looks like you are going to have to modify the ACI to allow yourself access to update the entry.

IMN logo majestic logo threadwatch logo seochat tools logo