ldbdel error
Bob Miller
bob at computerisms.ca
Tue Aug 16 20:44:00 MDT 2011
Hi Matthieu
Thanks for the reply. I think you have put me on the right track.
> >
> > delete of
> > 'CN=qmailUser,CN=Schema,CN=Configuration,DC=computerisms,DC=ca' failed -
> > (Unwilling to perform) LDAP error 53 LDAP_UNWILLING_TO_PERFORM -
> > <00002035: Unwilling to perform - No Deleted Objects container for DN
> > CN=qmailUser,CN=Schema,CN=Configuration,DC=computerisms,DC=ca> <>
> There is no deleted object container in the Schema partition, I'm not
> sure that in Microsoft implementation you can delete wrong schema
> objects. You can just mark them as deprecated.
According to this you are correct, microsoft does not allow you to
delete schema objects:
http://technet.microsoft.com/en-us/library/cc961741.aspx
> >
> Well mark them deprecated with isDefunct, although I'm not sure how well
> we handle this ...
So it would seem there is no deleting your mistakes and re-adding
correct entries as one might do in openldap, instead use ldbmodify to
correct mistakes. Thank you for providing information that led me stop
imposing my presumptions on the software ;)
Matthieu, if I may ask a follow up question. Based on a couple of posts
by you saying such things should be possible, I randomly picked the
qmail-ldap schema to learn how I might use ldb as a SSO authentication
ldap directory. So far, things have been going *almost* exactly as you
predicted - good.
When I first ran the qmail.schema file through oLschema2ldif, it would
not convert the mailHost attribute. I ignored it and moved on till I
got stuck again. Then, when I went over things again, I found that
oLschema2ldif now gives an ldif of the mailHost attributetype and I can
import it into ldb. But when I try add the attributetype to its parent
qmailUser objectClass, I get an error:
ERR: (Invalid attribute syntax) "LDAP error 21
LDAP_INVALID_ATTRIBUTE_SYNTAX - <0000200B: Invalid attribute syntax -
objectclass_attrs: attribute 'mayContain' on entry
'CN=qmailUser,CN=Schema,CN=Configuration,dc=computerisms,dc=ca' contains
at least one invalid value!> <>" on DN
CN=qmailUser,CN=Schema,CN=Configuration,dc=computerisms,dc=ca
running with debug level 10 did not add anything useful to this message.
Maybe it is clearer to show you what I mean this way:
http://computerisms.ca/ldif.txt
I fail to understand where/what the invalid value might be, or how or
why ldbmodify arrives at the conclusion that there is one. If this
means there is a syntax problem in the ldif file, I do not see how,
since I use the same syntax successfully to add other attributes.
On the thought that maybe an invalid value is a conflicting entry
somewhere, for every attribute in the
CN=mailHost,CN=Schema,CN=Configuration,DC=computerisms,DC=ca container,
I searched the cn=Schema,CN=Configuration,DC=computerisms,DC=ca
container for any entry that had a conflicting attribute. Each
attribute is either common to all or unique to mailHost, the only
exception being "attributeSyntax: 2.5.5.5", which is common to 71 other
entries. 71 entries seems a lot to have only one conflict, so I am
ruling that out for now.
Do you have a suggestion as to how I might figure why this one attribute
is being so stubborn?
>
>
> Matthieu.
>
--
Bob Miller
334-7117/660-5315
http://computerisms.ca
bob at computerisms.ca
Network, Internet, Server,
and Open Source Solutions
More information about the samba-technical
mailing list