Im trying to create an easily reproducible ldap setup for some testing.
I've been using bitnami's openldap docker container to load an exported ldif file at startup.
However, importing the ldif file fails.
When manually starting the import manually, I receive a [LDAP result code 53 - unwillingToPerform] no global superior knowledge error.
The ldif i'm using was generated with the export command from the apache directory studio client on a system that had the required structure (initially generated by the bitnami container, then extended through the client).
It's unclear to me whether this is an issue with the container, the server or the ldif file. The error would point to missing elements in the ldif, but I'd expect this definition to create all required elements, from top level to bottom.
Docker compose file
version: '3'
services:
ldap:
image: docker.io/bitnami/openldap:2.6
ports:
- '1389:1389'
- '1636:1636'
volumes:
- ldap:/bitnami/openldap
- ./resources/ldap/test2.ldif:/ldifs/test2.ldif
environment:
- LDAP_ADMIN_USERNAME=admin
- LDAP_ADMIN_PASSWORD=admin
- LDAP_CUSTOM_LDIF_DIR=/ldifs-custom
# envvars for generating the base ldap structure, not used when importing ldif
# - LDAP_ROOT=dc=xenit,dc=eu
# - LDAP_USERS=red,blue
# - LDAP_PASSWORDS=red,blue
# - LDAP_USER_DC=alfresco
# - LDAP_GROUP=users
LDIF file
version: 1
dn: dc=xenit,dc=eu
objectClass: dcObject
objectClass: organization
dc: xenit
o: example
createTimestamp: 20220117161334Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117161334.188111Z#000000#000#000000
entryDN: dc=xenit,dc=eu
entryUUID:: MjlmZjAwN2UtMGJmYy0xMDNjLTllZWEtZjFjY2M3ZTRiMGI1
hasSubordinates: TRUE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117161334Z
structuralObjectClass: organization
subschemaSubentry: cn=Subschema
dn: ou=alfresco,dc=xenit,dc=eu
objectClass: organizationalUnit
ou: alfresco
ou: users
createTimestamp: 20220117161334Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117161334.191736Z#000000#000#000000
entryDN: ou=alfresco,dc=xenit,dc=eu
entryUUID:: MjlmZjhlMGUtMGJmYy0xMDNjLTllZWItZjFjY2M3ZTRiMGI1
hasSubordinates: TRUE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117161334Z
structuralObjectClass: organizationalUnit
subschemaSubentry: cn=Subschema
dn: cn=red,ou=alfresco,dc=xenit,dc=eu
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: red
cn: User1
gidNumber: 1000
homeDirectory: /home/red
sn: Bar1
uid: red
uidNumber: 1000
userPassword:: cmVk
createTimestamp: 20220117161334Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117161334.197027Z#000000#000#000000
entryDN: cn=red,ou=alfresco,dc=xenit,dc=eu
entryUUID:: MmEwMDVkOGUtMGJmYy0xMDNjLTllZWMtZjFjY2M3ZTRiMGI1
hasSubordinates: FALSE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117161334Z
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema
dn: cn=blue,ou=alfresco,dc=xenit,dc=eu
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: blue
cn: User2
gidNumber: 1001
homeDirectory: /home/blue
sn: Bar2
uid: blue
uidNumber: 1001
userPassword:: Ymx1ZQ==
createTimestamp: 20220117161334Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117161334.203861Z#000000#000#000000
entryDN: cn=blue,ou=alfresco,dc=xenit,dc=eu
entryUUID:: MmEwMTY4YTAtMGJmYy0xMDNjLTllZWQtZjFjY2M3ZTRiMGI1
hasSubordinates: FALSE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117161334Z
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema
dn: cn=users,ou=alfresco,dc=xenit,dc=eu
objectClass: groupOfNames
cn: users
member: cn=blue,ou=alfresco,dc=xenit,dc=eu
member: cn=red,ou=alfresco,dc=xenit,dc=eu
createTimestamp: 20220117161334Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117161334.210702Z#000000#000#000000
entryDN: cn=users,ou=alfresco,dc=xenit,dc=eu
entryUUID:: MmEwMjczYzYtMGJmYy0xMDNjLTllZWUtZjFjY2M3ZTRiMGI1
hasSubordinates: FALSE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117161334Z
structuralObjectClass: groupOfNames
subschemaSubentry: cn=Subschema
dn: cn=aoslink,ou=alfresco,dc=xenit,dc=eu
objectClass: groupOfNames
objectClass: top
cn: aoslink
member: cn=blue,ou=alfresco,dc=xenit,dc=eu
createTimestamp: 20220117163003Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117163003.451742Z#000000#000#000000
entryDN: cn=aoslink,ou=alfresco,dc=xenit,dc=eu
entryUUID:: NzdhNGFiOWMtMGJmZS0xMDNjLTg5N2UtMjU3MWE4NTc4OTA4
hasSubordinates: FALSE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117163003Z
structuralObjectClass: groupOfNames
subschemaSubentry: cn=Subschema
Client import error log
version: 1
#!RESULT ERROR
#!CONNECTION ldap://localhost:1389
#!DATE 2022-01-17T17:37:36.043
#!ERROR [LDAP result code 53 - unwillingToPerform] no global superior knowledge
dn: dc=xenit,dc=eu
objectClass: dcObject
objectClass: organization
dc: xenit
o: example
createTimestamp: 20220117161334Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117161334.188111Z#000000#000#000000
entryDN: dc=xenit,dc=eu
entryUUID:: MjlmZjAwN2UtMGJmYy0xMDNjLTllZWEtZjFjY2M3ZTRiMGI1
hasSubordinates: TRUE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117161334Z
structuralObjectClass: organization
subschemaSubentry: cn=Subschema
#!RESULT ERROR
#!CONNECTION ldap://localhost:1389
#!DATE 2022-01-17T17:37:36.044
#!ERROR [LDAP result code 53 - unwillingToPerform] no global superior knowledge
dn: ou=alfresco,dc=xenit,dc=eu
objectClass: organizationalUnit
ou: alfresco
ou: users
createTimestamp: 20220117161334Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117161334.191736Z#000000#000#000000
entryDN: ou=alfresco,dc=xenit,dc=eu
entryUUID:: MjlmZjhlMGUtMGJmYy0xMDNjLTllZWItZjFjY2M3ZTRiMGI1
hasSubordinates: TRUE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117161334Z
structuralObjectClass: organizationalUnit
subschemaSubentry: cn=Subschema
#!RESULT ERROR
#!CONNECTION ldap://localhost:1389
#!DATE 2022-01-17T17:37:36.045
#!ERROR [LDAP result code 53 - unwillingToPerform] no global superior knowledge
dn: cn=red,ou=alfresco,dc=xenit,dc=eu
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: red
cn: User1
gidNumber: 1000
homeDirectory: /home/red
sn: Bar1
uid: red
uidNumber: 1000
userPassword:: cmVk
createTimestamp: 20220117161334Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117161334.197027Z#000000#000#000000
entryDN: cn=red,ou=alfresco,dc=xenit,dc=eu
entryUUID:: MmEwMDVkOGUtMGJmYy0xMDNjLTllZWMtZjFjY2M3ZTRiMGI1
hasSubordinates: FALSE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117161334Z
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema
#!RESULT ERROR
#!CONNECTION ldap://localhost:1389
#!DATE 2022-01-17T17:37:36.047
#!ERROR [LDAP result code 53 - unwillingToPerform] no global superior knowledge
dn: cn=blue,ou=alfresco,dc=xenit,dc=eu
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: blue
cn: User2
gidNumber: 1001
homeDirectory: /home/blue
sn: Bar2
uid: blue
uidNumber: 1001
userPassword:: Ymx1ZQ==
createTimestamp: 20220117161334Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117161334.203861Z#000000#000#000000
entryDN: cn=blue,ou=alfresco,dc=xenit,dc=eu
entryUUID:: MmEwMTY4YTAtMGJmYy0xMDNjLTllZWQtZjFjY2M3ZTRiMGI1
hasSubordinates: FALSE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117161334Z
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema
#!RESULT ERROR
#!CONNECTION ldap://localhost:1389
#!DATE 2022-01-17T17:37:36.049
#!ERROR [LDAP result code 53 - unwillingToPerform] no global superior knowledge
dn: cn=users,ou=alfresco,dc=xenit,dc=eu
objectClass: groupOfNames
cn: users
member: cn=blue,ou=alfresco,dc=xenit,dc=eu
member: cn=red,ou=alfresco,dc=xenit,dc=eu
createTimestamp: 20220117161334Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117161334.210702Z#000000#000#000000
entryDN: cn=users,ou=alfresco,dc=xenit,dc=eu
entryUUID:: MmEwMjczYzYtMGJmYy0xMDNjLTllZWUtZjFjY2M3ZTRiMGI1
hasSubordinates: FALSE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117161334Z
structuralObjectClass: groupOfNames
subschemaSubentry: cn=Subschema
#!RESULT ERROR
#!CONNECTION ldap://localhost:1389
#!DATE 2022-01-17T17:37:36.051
#!ERROR [LDAP result code 53 - unwillingToPerform] no global superior knowledge
dn: cn=aoslink,ou=alfresco,dc=xenit,dc=eu
objectClass: groupOfNames
objectClass: top
cn: aoslink
member: cn=blue,ou=alfresco,dc=xenit,dc=eu
createTimestamp: 20220117163003Z
creatorsName: cn=admin,dc=xenit,dc=eu
entryCSN: 20220117163003.451742Z#000000#000#000000
entryDN: cn=aoslink,ou=alfresco,dc=xenit,dc=eu
entryUUID:: NzdhNGFiOWMtMGJmZS0xMDNjLTg5N2UtMjU3MWE4NTc4OTA4
hasSubordinates: FALSE
modifiersName: cn=admin,dc=xenit,dc=eu
modifyTimestamp: 20220117163003Z
structuralObjectClass: groupOfNames
subschemaSubentry: cn=Subschema
Update 1
Tried a simpler search with ldapsearch based on Oleg's answer, but ended up with the same errors:
ldapsearch -L -b dc=xenit,dc=eu -s sub -x -D cn=admin,dc=xenit,dc=eu -w admin -H ldap://localhost:1389 > /home/red/Desktop/TMP/reduced2.ldif
version: 1
#
# LDAPv3
# base <dc=xenit,dc=eu> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# xenit.eu
#!RESULT ERROR
#!CONNECTION ldap://localhost:7070
#!DATE 2022-01-20T11:17:59.541
#!ERROR [LDAP result code 53 - unwillingToPerform] no global superior knowledge
dn: dc=xenit,dc=eu
objectClass: dcObject
objectClass: organization
dc: xenit
o: example
# alfresco, xenit.eu
#!RESULT ERROR
#!CONNECTION ldap://localhost:7070
#!DATE 2022-01-20T11:17:59.543
#!ERROR [LDAP result code 53 - unwillingToPerform] no global superior knowledge
dn: ou=alfresco,dc=xenit,dc=eu
objectClass: organizationalUnit
ou: users
ou: alfresco
# red, alfresco, xenit.eu
#!RESULT ERROR
#!CONNECTION ldap://localhost:7070
#!DATE 2022-01-20T11:17:59.546
#!ERROR [LDAP result code 53 - unwillingToPerform] no global superior knowledge
dn: cn=red,ou=alfresco,dc=xenit,dc=eu
cn: User1
cn: red
sn: Bar1
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword:: cmVk
uid: red
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/red
# blue, alfresco, xenit.eu
#!RESULT ERROR
#!CONNECTION ldap://localhost:7070
#!DATE 2022-01-20T11:17:59.549
#!ERROR [LDAP result code 53 - unwillingToPerform] no global superior knowledge
dn: cn=blue,ou=alfresco,dc=xenit,dc=eu
cn: User2
cn: blue
sn: Bar2
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword:: Ymx1ZQ==
uid: blue
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/blue
# aoslink, alfresco, xenit.eu
#!RESULT ERROR
#!CONNECTION ldap://localhost:7070
#!DATE 2022-01-20T11:17:59.554
#!ERROR [LDAP result code 53 - unwillingToPerform] no global superior knowledge
dn: cn=aoslink,ou=alfresco,dc=xenit,dc=eu
cn: aoslink
objectClass: groupOfNames
member: cn=red,ou=alfresco,dc=xenit,dc=eu
member: cn=blue,ou=alfresco,dc=xenit,dc=eu
# search result
# numResponses: 6
# numEntries: 5
You exported system attributes of the nodes from ApacheDS. To import the file you need only the regular ones.
You need to adjust the attributes filter in ApacheDS or ldapsearch(if you want to use it instead). It seems it contained
+character, but you need*. Please, check this doc for additional info: https://man7.org/linux/man-pages/man1/ldapsearch.1.html# UPDATE
Keep in mind that your
dc=xenitshould also be created before referencing it in further steps. You start immediately with the level of*.xenit.eu, but should with*.eu. see example of organisation initialisation in the official doc