Topic
  • 5 replies
  • Latest Post - ‏2013-06-19T07:42:54Z by nurulbalqis
nurulbalqis
nurulbalqis
9 Posts

Pinned topic Error in ldapmodify command.

‏2013-06-17T08:57:56Z |

Hi,

I have modify the dn value via command below:

idsldapmodify -v -h 172.19.1.5 -p 389 -D cn=binddn -w p@ssw0rd -k -b -r -i changeMailboxGBtoGENT.ldif

 

Ldif file:

dn: cn=binddn, dc=com
dn: erademailstorerdn=w2003adex: first storage group-mailbox store (w2003adex),erglobalid=662359382366933618,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com
changetype: modify
replace: dn
dn: erademailstorerdn=w2003adex: first storage group-mailbox store (w2003adex),erglobalid=713895863492463420,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com

 

But then the output is :

ldap_init(172.19.1.5, 389)
replace dn:
        BINARY (166 bytes) erademailstorerdn=w2003adex: first storage group-mail
box store (w2003adex),erglobalid=662359382366933618,ou=services,erglobalid=00000
000000000000000,ou=genting,dc=com
        BINARY (166 bytes) erademailstorerdn=w2003adex: first storage group-mail
box store (w2003adex),erglobalid=713895863492463420,ou=services,erglobalid=00000
000000000000000,ou=genting,dc=com
replace changetype:
        BINARY (6 bytes) modify
replace replace:
        BINARY (2 bytes) dn
Operation 0 modifying entry cn=binddn, dc=com
ldap_modify: No such attribute
ldap_modify: additional info: GLPRDB050E Attribute replace was not found in the
schema definition.

 

What is the error there?

Anyone can help me?

 

Thank you.

Updated on 2013-06-17T09:34:32Z at 2013-06-17T09:34:32Z by nurulbalqis
  • franzw
    franzw
    391 Posts

    Re: Error in ldapmodify command.

    ‏2013-06-17T10:09:02Z  

    2 things :

    1.Dns refered in the ldif files are the one you need to change - as you have no intention to change the binddn entry you should remove that from the ldif file.

    2.Working with binary attributes can be tricky and depend on your ldap client - I am a little baffled on what you are dealing with here - a little more background on what you are trying to do would be nice... In general (assumng this is TDS client) you can manipulate binary data 2 ways - either using the ldif format that TDS uses when specifying "-L" - I normally refer to this as ldif v2 - but I am not sure this is correct term - it specifies binary attributes using :

    <attribute>::<b64 encoded data>

    or using file references that contains you binary data - check the ldap client documentation for the actual syntax here : http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.IBMDS.doc/commandref64.htm?path=7_6_4_6#ldapadd

     

    In general it seems that your understanding of ldif files could use some improvements - I would recommending some studiying like this : http://www.zytrax.com/books/ldap/ - it was one of the places I learned a lot when I was a rookie :-). It does not cover the IBM specifics but tries to cover the RFC required things which is IMHO as important - the IBM stuff you can study in the reference guide I also linked to...

    HTH

    Regards

    Franz Wolfhagen

     

    HTH

  • TerryYau
    TerryYau
    24 Posts

    Re: Error in ldapmodify command.

    ‏2013-06-17T18:35:31Z  

    The LDIF format there seems a bit off.

    "ldapmodify" typically expects the first line to be the DN of the object that you want to modify, second line being the change type...

    Here, it seems that because your first line is "dn: cn=binddn, dc=com", the command then thinks that you're trying to modify the object at "cn=binddn, dc=com".  Now, because the second line doesn't have the change type specified, it then, by default (seems this way), thinks that you're asking it to replace the attribute "dn" with the value of "erademailstorerdn=w2003adex: first storage group-mailbox store (w2003adex),erglobalid=662359382366933618,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com".  The third line, it thinks you're trying to replace the attribute "changetype" with a value of "modify"...etc.

    And guessing from the output, it somehow grouped the attribute replacement in the order of "dn, dn, changetype, replace".  By the time it reached to "replace", it was then telling you that this attribute doesn't exist in the schema.

    In short, Franz is absolutely correct.  Understanding the LDIF format is what's required here.

  • nurulbalqis
    nurulbalqis
    9 Posts

    Re: Error in ldapmodify command.

    ‏2013-06-18T02:43:51Z  

    Dear all,

    Thank you for the advise :)

    I have removed my cn=binddn, dc=com inside ldif file.

    I leave the ldif file like below:

    dn: erademailstorerdn=w2003adex: first storage group-mailbox store (w2003adex),erglobalid=662359382366933618,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com
    changetype: modify
    replace: dn
    dn: erademailstorerdn=ws2003conn: first storage group-mailbox store (ws2003conn),erglobalid=713895863492463420,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com

     

    Then i run below command:

    idsldapmodify -v -h 172.19.1.5 -p 389 -D cn=binddn -w p@ssw0rd -b -r -i changeMailboxGBtoGENT.ldif

     

    The output is like below:

     

    ldap_init(172.19.1.5, 389)
    replace dn:
            BINARY (166 bytes) erademailstorerdn=ws2003con: first storage group-mail
    box store (ws2003con),erglobalid=713895863492463420,ou=services,erglobalid=00000
    000000000000000,ou=genting,dc=com
    Operation 0 modifying entry erademailstorerdn=w2003adex: first storage group-mai
    lbox store (w2003adex),erglobalid=662359382366933618,ou=services,erglobalid=0000
    0000000000000000,ou=genting,dc=com
    ldap_modify: Object class violation

    Do i need to put other parameters in command used?

  • TerryYau
    TerryYau
    24 Posts

    Re: Error in ldapmodify command.

    ‏2013-06-18T04:02:50Z  

    Dear all,

    Thank you for the advise :)

    I have removed my cn=binddn, dc=com inside ldif file.

    I leave the ldif file like below:

    dn: erademailstorerdn=w2003adex: first storage group-mailbox store (w2003adex),erglobalid=662359382366933618,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com
    changetype: modify
    replace: dn
    dn: erademailstorerdn=ws2003conn: first storage group-mailbox store (ws2003conn),erglobalid=713895863492463420,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com

     

    Then i run below command:

    idsldapmodify -v -h 172.19.1.5 -p 389 -D cn=binddn -w p@ssw0rd -b -r -i changeMailboxGBtoGENT.ldif

     

    The output is like below:

     

    ldap_init(172.19.1.5, 389)
    replace dn:
            BINARY (166 bytes) erademailstorerdn=ws2003con: first storage group-mail
    box store (ws2003con),erglobalid=713895863492463420,ou=services,erglobalid=00000
    000000000000000,ou=genting,dc=com
    Operation 0 modifying entry erademailstorerdn=w2003adex: first storage group-mai
    lbox store (w2003adex),erglobalid=662359382366933618,ou=services,erglobalid=0000
    0000000000000000,ou=genting,dc=com
    ldap_modify: Object class violation

    Do i need to put other parameters in command used?

    It seems that you're trying to do two tasks in one go:

    1. Changing the RDN from "erademailstorerdn=w2003adex: first storage group-mailbox store (w2003adex)" to "erademailstorerdn=ws2003conn: first storage group-mailbox store (ws2003conn)".

    2. [Trying to] Move the object from subtree of "erglobalid=662359382366933618,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com"  to "erglobalid=713895863492463420,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com".

    Typically if you just want to carry out point 1, you would use "modrdn".  To carry out point 2, you would actually need to create a new object in the new subtree (add operation), then delete the old object from the old subtree.  See 4.2.5: http://webhelp.ucs.ed.ac.uk/direct/ldifspec.htm

    Updated on 2013-06-18T04:03:10Z at 2013-06-18T04:03:10Z by TerryYau
  • nurulbalqis
    nurulbalqis
    9 Posts

    Re: Error in ldapmodify command.

    ‏2013-06-19T07:42:54Z  
    • TerryYau
    • ‏2013-06-18T04:02:50Z

    It seems that you're trying to do two tasks in one go:

    1. Changing the RDN from "erademailstorerdn=w2003adex: first storage group-mailbox store (w2003adex)" to "erademailstorerdn=ws2003conn: first storage group-mailbox store (ws2003conn)".

    2. [Trying to] Move the object from subtree of "erglobalid=662359382366933618,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com"  to "erglobalid=713895863492463420,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com".

    Typically if you just want to carry out point 1, you would use "modrdn".  To carry out point 2, you would actually need to create a new object in the new subtree (add operation), then delete the old object from the old subtree.  See 4.2.5: http://webhelp.ucs.ed.ac.uk/direct/ldifspec.htm

    Dear Terry,

    I got what you mean here.From my ldif file, i have many child to carry out.

    I want to replace w2003adex with ws2003con.

    So i need to create new entries that has same value like ws2003con right?

    ADD LDIF FILE:

    dn: erademailstorerdn=ws2003con: first storage group-mailbox store (ws2003con),erglobalid=713895863492463420,ou=services,erglobalid=00000000000000000000,ou=genting,dc=com
    changetype: add
    objectClass: top
    objectClass: erADDAMLService
    objectClass: organizationalUnit
    objectClass: organization
    objectClass: ertenant
    objectClass: erADMailStore
    dc: com
    ou: genting
    erPswdEditAllowed: True
    erLostPswdByMail: True
    erIsActive: True
    erBucketCount: 1
    o: -
    ou: services
    erUid: agent
    erPassword: Binary data  1
    erADEMailStoreRDN: Binary data  1
    erADEMailStoreGN: first storage group\mailbox store (ws2003con)
    erADEMailStoreDN: Binary data  1
    erADEMailStoreCN: mailbox store (ws2003con)

    Then, I do run following command:(add operation)

    idsldapadd -v -h 172.19.1.5 -p 389 -D cn=binddn -w passW0rd -i changeMailboxGBtoGENT.ldif

    Then , the output like below:

    ldap_init(172.19.1.5, 389)
    add objectClass:
            BINARY (3 bytes) top
            BINARY (15 bytes) erADDAMLService
            BINARY (18 bytes) organizationalUnit
            BINARY (12 bytes) organization
            BINARY (8 bytes) ertenant
            BINARY (13 bytes) erADMailStore
    add dc:
            BINARY (3 bytes) com
    add ou:
            BINARY (7 bytes) genting
            BINARY (8 bytes) services
    add erPswdEditAllowed:
            BINARY (4 bytes) True
    add erLostPswdByMail:
            BINARY (4 bytes) True
    add erIsActive:
            BINARY (4 bytes) True
    add erBucketCount:
            BINARY (1 bytes) 1
    add o:
            BINARY (1 bytes) -
    add erUid:
            BINARY (5 bytes) agent
    add erURL:
            BINARY (28 bytes) http://192.168.134.200:45580
    add erPassword:
            BINARY (14 bytes) Binary data  1
    add erADEMailStoreRDN:
            BINARY (14 bytes) Binary data  1
    add erADEMailStoreGN:
            BINARY (45 bytes) first storage group\mailbox store (ws2003con)
    add erADEMailStoreDN:
            BINARY (14 bytes) Binary data  1
    add erADEMailStoreCN:
            BINARY (25 bytes) mailbox store (ws2003con)
    Operation 0 adding new entry erademailstorerdn=ws2003con: first storage group-ma
    ilbox store (ws2003con),erglobalid=713895863492463420,ou=services,erglobalid=000
    00000000000000000,ou=genting,dc=com
    ldap_add: Object class violation
     

    The output still same.Object violation.

    May i know,object class violation here refer on what thing?

    Is it related with ACL part?I do run using cn=root also the same output is retrieved.

    Updated on 2013-06-19T08:18:32Z at 2013-06-19T08:18:32Z by nurulbalqis