'LDAP error 19 LDAP_CONSTRAINT_VIOLATION - <entryDN: no user
modification allowed> <>')
Sassy Natan
sassyn at gmail.com
Mon Dec 22 12:16:49 GMT 2008
Hi All
Did someone had the problem when running the openchange_provision and
getting the following error:
./openchange_provision --password=admin --username=samba-admin
--simple-bind-dn=cn=samba-admin,cn=samba
NOTE: This operation can take several minutes
[+] Step 1: Register Exchange OIDs
[+] Step 2: Add new Exchange classes and attributes to Samba schema
Traceback (most recent call last):
File "./openchange_provision", line 53, in <module>
openchange.provision(setup_path, lp, creds, firstorg=opts.firstorg,
firstou=opts.firstou)
File "/usr/lib/python2.5/site-packages/openchange/provision.py", line 309,
in provision install_schemas(setup_path, names, lp, creds)
File "/usr/lib/python2.5/site-packages/openchange/provision.py", line 144,
in install_schemas "SCHEMADN": names.schemadn
File "/usr/lib/python2.5/site-packages/samba/provision.py", line 163, in
setup_add_ldif ldb.add_ldif(data)
File "/usr/lib/python2.5/site-packages/samba/__init__.py", line 188, in
add_ldif self.add(msg)
_ldb.LdbError: (19, 'LDAP error 19 LDAP_CONSTRAINT_VIOLATION - <entryDN: no
user modification allowed> <>')
In the OpenLDAP (running –d-1 debug level) I getting the following:
<<< dnNormalize:
<cn=class-schema,cn=schema,cn=configuration,dc=edu,dc=local>
>>> dnPretty:
<CN=ms-Exch-Active-Directory-Connector,CN=Schema,CN=Configuration,DC=edu,DC=local>
<<< dnPretty:
<cn=ms-Exch-Active-Directory-Connector,cn=Schema,cn=Configuration,dc=edu,dc=local>
>>> dnNormalize:
<cn=ms-Exch-Active-Directory-Connector,cn=Schema,cn=Configuration,dc=edu,dc=local>
<<< dnNormalize:
<cn=ms-exch-active-directory-connector,cn=schema,cn=configuration,dc=edu,dc=local>
bdb_dn2entry("cn=ms-exch-active-directory-connector,cn=schema,cn=configuration,dc=edu,dc=local")
=>
hdb_dn2id("cn=ms-exch-active-directory-connector,cn=schema,cn=configuration,dc=edu,dc=local")
<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30990)
hdb_referrals: tag=104
target="cn=ms-Exch-Active-Directory-Connector,cn=Schema,cn=Configuration,dc=edu,dc=local"
matched="cn=Schema,cn=Configuration,dc=edu,dc=local"
I'm quite sure it's not a security issue since my samba-admin user as full
permission on the entire LDAP DB. But maybe the samba-admin can't write to
this DN?
Or maybe I should run this command with no OpenLDAP backend? Cause if I
change the username to Administrator like this :
--username=Administartor
--simple-bind-dn=cn=Administrator,cn=users,dc=edu,dc=local then I gettting:
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <> <>
Failed to connect to 'ldapi://%2Fvar%2Flib%2Fsamba-4.0%2Fldap%2Fldapi'
module partition initialization failed
Which is true cause User Like Administrator can only login to LDAP://server
name and not to the 'ldapi://%2Fvar%2Flib%2Fsamba-4.0%2Fldap%2Fldapi'.
maybe I should check from where the python script get the value:
ldapi://%2Fvar%2Flib%2Fsamba-4.0%2Fldap%2Fldapi' and change it to ldap://
style
Someone can help?
Thanks
Sassy
More information about the samba-technical
mailing list