openldap “no global superior knowledge”

问题:

When I:

ldapadd -f pop01.ldif -x -D "cn=Manager,dc=ldap,dc=beonegroup,dc=be" -w 1234 

I get:

adding new entry "dc=ldap,dc=beonegroup,dc=org" ldapadd: Server is unwilling to perform (53)         additional info: no global superior knowledge 

Here is my slapd.conf:

database    bdb suffix      "dc=ldap,dc=beonegroup,dc=be" rootdn      "cn=Manager,dc=ldap,dc=beonegroup,dc=be" rootpw          1234 directory   /var/lib/ldap/beoneDirectory index objectClass                       eq,pres index ou,cn,mail,surname,givenname      eq,pres,sub index uidNumber,gidNumber,loginShell    eq,pres index uid,memberUid                     eq,pres,sub index nisMapName,nisMapEntry            eq,pres,sub 

And my file used to populate:

[root@local beoneDirectory]# pwd /var/lib/ldap/beoneDirectory [root@local beoneDirectory]# cat pop01.ldif dn: dc=ldap,dc=beone,dc=org objectClass: top objectClass: dcObject objectClass: organization dc: beone o: beone description: ldap.beone.be  dn: o=beone objectClass: top objectClass: organization o: beone description: Beone  dn: cn=Manager,o=beone objectClass: organizationalRole cn: Manager description: LDAP Directory Administrator  dn: ou=Employes,o=beone ou: Employes objectClass: top objectClass: organizationalUnit description: Employes beone  dn: ou=Clients,o=beone ou: Clients objectClass: top objectClass: organizationalUnit description: Clients beone  #1ere entrée dn: cn=Benoit Le,ou=Employes,o=beonegroup cn: Benoit Le objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson mail: benoit@beone.be givenname: Benoit sn: Lecomte ou: Employes street: 29 rue de cp l: jumet postalCode: 6040 telephoneNumber: 04942311 mobile: 01234345  #2eme employé dn: cn=Matteo Di,ou=Employes,o=beonegroup cn: Matteo Di objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson mail: mat@beone.be 

d d d d d d d d d d d d d d

I know this is a slapd.conf related issue, openldap doesn't know where to insert my entries but I don't really see how to specify it

回答1:

Your database is named (has suffix):

dc=ldap,dc=beonegroup,dc=be 

You are in the ldif trying to add stuff to

dn: dc=ldap,dc=beone,dc=org 

This is somewhat equivalent of makeing a directory called /something, then trying to create the file /some/file. It won't work since the directory /some doesn't exist.

Remember LDAP data is organized in a hierarchical structure, i.e. the form of a tree like directories and files are. The word superior refers to the level above (closer to top), similar to parent directory (closer to root) in the filesystem example.

In the filesystem you would get the error message /some/file: No such file or directory

The LDAP error could probably have been worded better.

回答2:

The domain component structure what you have defined "dc=ldap,dc=beonegroup,dc=be" in not matching with your input entry in pop01.ldif first line.

Try to change the first line in your pop01.ldif from dc=org to dc=be and try again.

文章来源: openldap “no global superior knowledge”