Search code examples
pythonpython-2.7openldapldap-query

Understanding Naming Violations in Python-ldap

I have a set of diff's that need to be "saved" (they are all new records). The following code is used for committing the set of changes:

def commit(self):
    l = ldap.initialize(self.ldapURL)
    l.simple_bind_s(self.ldapUser,self.ldapPass)
    for dn,ldif in self.ldapAdds.iteritems():
        try:
            print json.dumps(ldif,indent=4)
            l.add_s(dn,ldif)
            print "a",
        except ldap.ALREADY_EXISTS:
            pass

    for dn,ldif in self.ldapMods.iteritems():
        l.modify_s(dn,ldif)
        print "m",
    print ""
    l.unbind_s()
    self.ldapAdds = dict()
    self.ldapMods = dict()

Unfortunately, I am getting the following error:

Traceback (most recent call last): File "./ldapUpdate.py", line 868, in lMods.commit() File "./ldapUpdate.py", line 769, in commit l.add_s(dn,ldif) File "/sites/utils/Python/lib/python2.7/site-packages/ldap/ldapobject.py", line 216, in add_s return self.add_ext_s(dn,modlist,None,None) File "/sites/utils/Python/lib/python2.7/site-packages/ldap/ldapobject.py", line 202, in add_ext_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/sites/utils/Python/lib/python2.7/site-packages/ldap/ldapobject.py", line 519, in result3 resp_ctrl_classes=resp_ctrl_classes File "/sites/utils/Python/lib/python2.7/site-packages/ldap/ldapobject.py", line 526, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/sites/utils/Python/lib/python2.7/site-packages/ldap/ldapobject.py", line 108, in _ldap_call result = func(*args,**kwargs) ldap.NAMING_VIOLATION: {'info': "naming attribute 'src' has no equality matching rule", 'desc': 'Naming violation'}

The failed ldiff record looks like this:

[
    [  "src",   "ecare/ecare-self.ear" ], 
    [  "modname",  "ecare-self"  ], 
    [  "dest",   "/sites/MODULES/ecare/ecare-self.ear"], 
    [  "objectClass",  [  "ctlapp", "ctlmodule", "top" ] ], 
    [  "action",  "rsync" ], 
    [  "depot",  "DEPOT" ]
]

What is it about the "src" field that SLAPD doesn't like? Does someone have more insight into NAMING_VIOLATIONs?

"src" has this definition in schema

attributetype ( 1.3.6.4.2.7888.5.1.16 NAME 'src'
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
                X-ORIGIN 'user defined' )

"ctlapp" has this definition in schema

objectclass ( 1.3.6.4.2.7888.5.1.22 NAME 'ctlapp'
                DESC 'ATT deployable component'
                SUP ctlmodule STRUCTURAL
                MUST ( src $ depot $ dest $ action )
                X-ORIGIN 'user defined' )
Solution

  • The proper schema definition for "src" should have been:

    attributetype ( 1.3.6.4.2.7888.5.1.16 NAME 'src'
                DESC 'ATT source path'
                EQUALITY caseExactMatch
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}
                X-ORIGIN 'user defined' )

    The "equality" clause was missing. Thats what the NAMING_VIOLATION was explaining.