Database Error while adding .ldif data file in LDAP Server

HI
i am using openSuse11.1. while configuring LDAP Server 2.4.12 when i try to add my .ldif file i got this error message. The command i used for adding the file is "slapadd -l ./tree.ldif"

"bdb_db_open: database “o=bch”: database already in use.
backend_startup_one: bi_db_open failed! (-1)
slap_startup failed"

and if i use this command**“ldapadd -D “cn=admin,o=bch” -x -W -f tree.ldif”** then i get this message

adding new entry “o=bch”
ldap_add: Already exists (68)

where rcldap is running
any help or suggestion in this situation.
Thanks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The 68 message means just what it says it means… the O you are trying to
add already exists. Stop trying to add it. If you have multiple
operations in the LDIF file you can add (depending on your client) the
‘-c’ option to have it continue despite errors and do other things but so
far it seems like things are just fine.

Good luck.

w8swasi wrote:
> HI
> i am using openSuse11.1. while configuring LDAP Server 2.4.12 when i
> try to add my .ldif file i got this error message. The command i used
> for adding the file is “slapadd -l ./tree.ldif”
>
> “BDB_DB_OPEN: DATABASE “O=BCH”: DATABASE ALREADY IN USE.
> BACKEND_STARTUP_ONE: BI_DB_OPEN FAILED! (-1)
> SLAP_STARTUP FAILED”
>
> and if i use this command*“ldapadd -D “cn=admin,o=bch” -x -W -f
> tree.ldif”* then i get this message
>
> ADDING NEW ENTRY “O=BCH”
> LDAP_ADD: ALREADY EXISTS (68)
>
> where rcldap is running
> any help or suggestion in this situation.
> Thanks
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ7PlLAAoJEF+XTK08PnB5HiIQAKY9iQlUaoSr9yf5Dw8vKmIA
YCSDlmit5xyUHtEo+BiaiFafixtFJPoP1NcW9shyyt0nmOwzoKslbHdyVI4/TqI7
9opvH4k4w0wGwJRl3cQkwJSr9m4nk+uk586sMj8ar/RrToojcZf2e3adis1xcg15
sXMNYXD+QKqNAc/jLP2BBzLy6rfnjVQ7KS5mHsZA3qEVTn5IwFQ/8ZsnwHoio500
Ec6ohc7grdNInFGOKUz50HNhuAZ4Hb5CtZHMKkFk/KtZzbd4E3wuqpfLpaIdTFls
ej5eE+I+zKnpIUaTBoDn5vOPTTcBCEtU2mOWHoyXudQHb7XvSOYS7fDsbp4cmBbH
/yavfU62ZipboZn24xJa/8DfojDDW/cDaU5LoWGGa92uQa8yjWQQU1iCrf4C91Vt
ZPx5mD2c2Esn3myeL9hq3s3GcX/iLO4GQ9cgANmXN+6Wo6thOdisk5ZLIqiepxZq
J8TSkk0PePQIa8EoSV4Ke/FQT8TMbWVOC2DiIcaQ0jiE953rze185HOEymE8iNbb
VGixYeCekjcT5MlMmFY995zVxqGDkkppTWb4fy2NEOw7/lLstAGA1nGrT34tSNu1
RINiL8T8UQcWzTBlg6kA5aEmugwK6B+bo1HZNEPKYoiPW7dBeByEHIVgD6iReUZ6
Yki4YR+w3l9KMijLMaps
=nBoA
-----END PGP SIGNATURE-----

Well I also tried with -c option but i didn’t work.
the error 68 always occurs after adding 1st line only. and there are no entries in the system.
my schemas are

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/yast.schema

and the database is Kerberos 5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post your LDIF file. If LDAP says you have an object in there I’m
inclined to believe it. Have you exported the contents? I guess that
error could potentially be thrown for an unrelated issue (can’t find the
top object and so it’s just throwing up its hands) but it’d be odd.
Having what you are trying to import as well as what you already have in
the system would be helpful. Has this ever worked? Have you tried using
‘ldapadd’ instead?

Good luck.

w8swasi wrote:
> Well I also tried with -c option but i didn’t work.
> the error 68 always occurs after adding 1st line only. and there are no
> entries in the system.
> my schemas are
>
> INCLUDE /ETC/OPENLDAP/SCHEMA/CORE.SCHEMA
> INCLUDE /ETC/OPENLDAP/SCHEMA/COSINE.SCHEMA
> INCLUDE /ETC/OPENLDAP/SCHEMA/INETORGPERSON.SCHEMA
> INCLUDE /ETC/OPENLDAP/SCHEMA/RFC2307BIS.SCHEMA
> INCLUDE /ETC/OPENLDAP/SCHEMA/SAMBA3.SCHEMA
> INCLUDE /ETC/OPENLDAP/SCHEMA/YAST.SCHEMA
>
> and the database is Kerberos 5
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ7cdHAAoJEF+XTK08PnB5xWAP/2rG+1dwObxGzq8uFo37GWOf
o3I0rip3JcqSuZBTqd3xGM3LNUlmOn5O28BmeToRT0e7tuxlM5AqOltu5RzznION
3A5ptsfGAD2ZG66CiPmYYIwKnWpSJ2k494m3UMduWCs5cBY5P7xX7Gs8hxtVpmnH
kPwg04Yu47ajzMQalO8m7kDsRzUsUkHY+7JnROixfBt76xyWlQpQ0l9vaya7S5/N
lCmXqn+qgmG1iP+5u+97hO80lNXzugqSSwJ1Xy4p0Ls9sMeP8237Hi02niyyZ5Q5
iFbA8a3bWLbrFa3ducP3kQHOZjkyWLtLTsmCqQiOna5X/orBVrUNmTSyxpmg/mvA
rjkZW0n1iq6OCPtVSg3rzEcG6N9x97p//kk9aZ9fB4RDZb3JCjiJFD/1C2enMvVU
ucEsJ5PlXsxVD+Qp+Fzi2b/qa3OB2hEzJGwfOkZoGrndLpxUSI9OJouk/pfPJSQ+
5RJagOl3NgF8k55JmVok6jETDtqHgaR6vys8TxvkSj6NsJgay9EtHS25wE47Aaad
tg6OIy5O1cv+wsuxwP/578RAykRPTVq1f5gv0g8Sl9rYAjqIl8Gtk9tTt9UflxX0
zYcb42M+ODBknUCzxtU88YDfBZ7pZ9fFVliXnWjVD9R09S5xBbx9nUmSyLOac6BE
qNKPT+iJT/13grpL+bXc
=MXoK
-----END PGP SIGNATURE-----

It may be simply that you need to remove that entry from the LDIF file with an editor since that object already exists.

It all depends on what you were trying to do, which isn’t very clear. If your LDIF file was created with slapcat, it should be read in with slapadd. If it created with ldapsearch, it should be added with ldapadd. The difference is that slapcat/slapadd provides no schema checks, and the server must not be running. It’s like a filesystem dump and restore. Whereas with slapadd, the server must be running, and any parents of an entry must exist already, and the entry must not be a duplicate of an existing entry (which is what you are seeing).

Entries in .ldif file are
dn: o=bch
objectClass: organization
objectClass: top
o: bch

this is just an sample file before i implement the actual system. but i always get the same error even with fresh system reload.
well i created the file in Kwrite and saved with .ldif extension.
my ldap server is always running even with ldapadd. and to create a file with ldapsearch i have no idea.
My plan is to make an directory system with openLDAP and then use Samba with windows-XP system for File and Print Share for about 65 users.
well i have used openLDAP Admin guide and other documents but it always stuck at this point.

I appreciate for the help

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So, as stated, it is trying to create O=BCH. Since it apparently already
exists you shouldn’t need to add it again. Get the export LDIF from your
system and see if it includes this same entry as I’m guessing it does.

ldapsearch is simple enough to use. The man page will help you, but try
this to start:

ldapsearch -h yourServerHere -p 389 -x

Good luck.

w8swasi wrote:
> Entries in .ldif file are
> DN: O=BCH
> OBJECTCLASS: ORGANIZATION
> OBJECTCLASS: TOP
> O: BCH
>
> this is just an sample file before i implement the actual system. but i
> always get the same error even with fresh system reload.
> well i created the file in Kwrite and saved with .ldif extension.
> my ldap server is always running even with ldapadd. and to create a
> file with ldapsearch i have no idea.
> My plan is to make an directory system with openLDAP and then use Samba
> with windows-XP system for File and Print Share for about 65 users.
> well i have used openLDAP Admin guide and other documents but it always
> stuck at this point.
>
> I appreciate for the help
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ7ex2AAoJEF+XTK08PnB5qHcP/jM4CU8DdWSFR+uFypq8rx+g
xKuIiQRW3UV+xM/2w5MpmuXv9TKLj+72H6OCs3FwqJp5ziNic+IFV8G0BZuAL6El
QHCEOrrhUrRc/1Y1BLMk2UxXNafTtmQ1xATWHfag0V7xUsy6NkCNiI6xh95lUA2f
HbTThjzWWTZHH1jx6IN4dE2Ijq3x/lRId8jyzF5l8icYm9U3sXn+6NgIlJnrxmxN
uGxyhFNmUqnIGrXOaJ1aofASGEA5RZyRPvcCslK+f8WzU9XaAkPcDxhndHFfGFnp
a+hUDBCuPCXokFxsDyAAM5GFGNenW9YGD+0vRFnV1kjGif0KGYkt9IBEXTBZQ+mn
XzTB+tM+3WWauVtTnf/uSPh4rk8KOzNN/VsaKFJ/a+GPkTfrqMPN0qYeL4oEpJlf
3vcI36eR6kW2dGH89KTQ4nJ02vekODZitVnL32lUIvUhYYOtQ1RVJQG8rhHYsOiI
CoLJa3Ks8PqJi+UiLfdmm/8yqJtm50KmNx2mX0EG4mtXu5gkccfHQtxn0QmqYncb
HWDCLvLk2kNsG+sMGopA4+4qatdsO28BVFxV5utpIiSAwbGRu4P7Y08UbViS9j9S
srA+ec14rI8d/v8i2jI2MrOvNK0lL5c0v8q0WFqOoU6Ap52oITuhuct6qrbRyGeH
F/lCqdbQUAS0TxpYN/dG
=x57t
-----END PGP SIGNATURE-----

so you mean that o=BCH is stated twice so it creating an error like “dn: o=bch” and again “o=bch”

dn: o=bch
objectClass: organization
objectClass: top
o: bch

if this is the case and i’ve used this santax from openLDAP Admin guide ???

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No, I mean it already exists (still waiting for your export) and you are
trying to add it again, so you get an error stating you cannot add it
again. Let’s move on to something else and try to add a new object
underneath this one:

dn: uid=testuser0,o=bch
objectclass: inetorgperson
uid: testuser0
sn: testuser0lname
givenname: testuser0

Good luck.

w8swasi wrote:
> so you mean that o=BCH is stated twice so it creating an error like “dn:
> o=bch” and again “o=bch”
>
> DN: O=BCH
> OBJECTCLASS: ORGANIZATION
> OBJECTCLASS: TOP
> O: BCH
>
> if this is the case and i’ve used this santax from openLDAP Admin guide
> ???
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ7fa/AAoJEF+XTK08PnB5SvgP/21vyjSe/0P3HaHRfIeVzUnU
ulpur8Dzlkr8SaKR4VFf4f1AEiu+ds20Wrxbr8n2HQMh/zNScaTB53Dx68ZfFgv3
38XktNI1AN1v62iDp/pS2LJ0jLxUuokzrB7RcxaT4HsKF0bsQ9/hLsiBSOQwyadU
2yMrRGLfFPIrpBAa23UuExUgMT0StqAhDYKJ84hIJAKie+C0Bhrg5X465oNznXbx
o9GKOFJj3pUVI1XzG8MvNSIvQT26Dt1HBhqSmXsT7MmvbhxUAxG1d2Hw+4gdZzTT
DF4bAlITresycS3b8bmCrXmf6qu6kNodufgfSjXOyrb9jZHqpazerG0VVA+XCJYK
kfgl+inuLaq+tH0G+G69P58eYwYB5W0sTRi8e6ZEsNb2h97fnc34uqCEgTk3oXyU
UFFuAruyQgAQiZMYs5fvh7y2W2Fc4nMkjvRpwZgxBONIGO190NYks392ASULMdPe
TtcXuF4wUOWmiUODnvRxYLVCBrMRBJfpvdYf1IJ/tslY3J2BS2XYhBJzDC0IdcCh
djvQH3WxOI2YfMIFwCRg7gRZokn3VosirccVyA4PujzJkW6g3sddsFtQs3HrkVF4
aabTmxv6BJ+ykqotCqC8iRfL/6hbMv8yqODHxXL30cxWNBWxZwmRawxHlbRDVq8+
TeTxPFbdeUGi7EO6IXYx
=LAIY
-----END PGP SIGNATURE-----

Thanks Alot.
i havent tried it yet because i have a an important question. In slapd.conf file i changed the suffix and rootdn manually before loading the .ldif file is it right or not and i’ve also change the index files
index objectClass eq
index sn,cn,uid,uidNumber,gidNumber,member,memberUid,eq
index default sub

Please do tell me that is it right or not

the error message is
**adding new entry “uid=testuser0,o=bch”
ldap_add: Object class violation (65)
additional info: object class ‘inetOrgPerson’ requires attribute ‘cn’
**
and my slapd.config file is as follows

**#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/yast.schema

Define global ACLs to disable default read access.

Do not enable referrals until AFTER you have a working directory

service AND an understanding of referrals.

#referral ldap://root.openldap.org

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

Load dynamic backend modules:

modulepath /usr/lib/openldap/modules

moduleload back_bdb.la

moduleload back_hdb.la

moduleload back_ldap.la

Sample security restrictions

Require integrity protection (prevent hijacking)

Require 112-bit (3DES or better) encryption for updates

Require 63-bit encryption for simple bind

security ssf=1 update_ssf=112 simple_bind=64

Sample access control policy:

Root DSE: allow anyone to read it

Subschema (sub)entry DSE: allow anyone to read it

Other DSEs:

Allow self write access to user password

Allow anonymous users to authenticate

Allow read access to everything else

Directives needed to implement policy:

access to dn.base=""
by * read

access to dn.base=“cn=Subschema”
by * read

access to attrs=userPassword,userPKCS12
by self write
by * auth

access to attrs=shadowLastChange
by self write
by * read

access to *
by * read

if no access controls are present, the default policy

allows anyone and everyone to read anything but restricts

updates to rootdn. (e.g., “access to * by * read”)

rootdn can always read and write EVERYTHING!

#######################################################################

BDB database definitions

#######################################################################

database bdb
suffix “o=bch”
checkpoint 1024 5
cachesize 10000
rootdn “cn=admin,o=bch”

Cleartext passwords, especially for the rootdn, should

be avoid. See slappasswd(8) and slapd.conf(5) for details.

Use of strong authentication encouraged.

rootpw {SSHA}2g2BSLtUOhPHfZie0VRuOGdRJvbqaUzj

The database directory MUST exist prior to running slapd AND

should only be accessible by the slapd and slap tools.

Mode 700 recommended.

directory /var/lib/ldap

Indices to maintain

index objectClass eq
index sn,cn,uid,uidNumber,gidNumber,member,memberUid eq**

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Try:

dn: uid=testuser0,o=bch
objectclass: inetorgperson
uid: testuser0
sn: testuser0lname
givenname: testuser0
cn: testuser0

Good luck.

w8swasi wrote:
> the error message is
> ADDING NEW ENTRY “UID=TESTUSER0,O=BCH”
> LDAP_ADD: OBJECT CLASS VIOLATION (65)
> ADDITIONAL INFO: OBJECT CLASS ‘INETORGPERSON’ REQUIRES
> ATTRIBUTE ‘CN’
>
> and my slapd.config file is as follows
>
> #
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/rfc2307bis.schema
> include /etc/openldap/schema/samba3.schema
> include /etc/openldap/schema/yast.schema
>
> # Define global ACLs to disable default read access.
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /var/run/slapd/slapd.pid
> argsfile /var/run/slapd/slapd.args
>
> # Load dynamic backend modules:
> # modulepath /usr/lib/openldap/modules
> # moduleload back_bdb.la
> # moduleload back_hdb.la
> # moduleload back_ldap.la
>
> # Sample security restrictions
> # Require integrity protection (prevent hijacking)
> # Require 112-bit (3DES or better) encryption for updates
> # Require 63-bit encryption for simple bind
> # security ssf=1 update_ssf=112 simple_bind=64
>
> # Sample access control policy:
> # Root DSE: allow anyone to read it
> # Subschema (sub)entry DSE: allow anyone to read it
> # Other DSEs:
> # Allow self write access to user password
> # Allow anonymous users to authenticate
> # Allow read access to everything else
> # Directives needed to implement policy:
> access to dn.base=""
> by * read
>
> access to dn.base=“cn=Subschema”
> by * read
>
> access to attrs=userPassword,userPKCS12
> by self write
> by * auth
>
> access to attrs=shadowLastChange
> by self write
> by * read
>
> access to *
> by * read
>
> # if no access controls are present, the default policy
> # allows anyone and everyone to read anything but restricts
> # updates to rootdn. (e.g., “access to * by * read”)
> #
> # rootdn can always read and write EVERYTHING!
>
> #######################################################################
> # BDB database definitions
> #######################################################################
>
> database bdb
> suffix “o=bch”
> checkpoint 1024 5
> cachesize 10000
> rootdn “cn=admin,o=bch”
> # Cleartext passwords, especially for the rootdn, should
> # be avoid. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw {SSHA}2g2BSLtUOhPHfZie0VRuOGdRJvbqaUzj
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory /var/lib/ldap
> # Indices to maintain
> index objectClass eq
> index sn,cn,uid,uidNumber,gidNumber,member,memberUid eq

>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ7hGPAAoJEF+XTK08PnB5MKIQAM50DU5qPlGXkhAS4YCKWm/3
GJdEeKWtHWC796X3nefGbpJCE+pwx/oQVDDsqhhqUzthOS6GgApQfw/kChUEBxnT
xPFPwSu6johG/VgegwaK8SMH1n31lDWA6pnmIIbFpFwe8Nmb8UF1DIoKYD2U3HiB
4kyhNG1EyrAjj4kbMBT9EZl/J6Y48GJhlEPYfMW9csq/TBBQ50WNGqRXHL/hCLFG
X8nyFcl06OFVz4+9YhDtCCSG7J2tALqqSZwuKPneECbPFkdrFxpMIbaNa0HCJejK
034SbbwmLEmHE+blZaWcaEW0PeFRD0muk2rzfixGRmypiu2JvV+umEIfXEJTcM/r
cKMUNoi6yxCaevJqEk56A6bgS7TLAteQcYyTM6/SaM7FUwm7gUXMSlIFEd11/mET
rmy4HNQTmiJYRySNBvMd3C5ft8BThNVdMFWFT2l1YMOwO4RHt0ZPlHd5lBaZ4Bc4
mUAFh8H1zl7md3BnNUAqCM4iB1NHMtgY9Sez+GKzCmJrrAgl2Fb5KfnY4LnhoogE
+lNNdkTjZf1+zjK94UilYTWoh2FDPYpb/SMAe5mX3OcCUzP0KrJMrbJ/FLpzGnTY
O0YuKlgj87oiVij7yePhZ3u62WUMP7w2uTxQdYhmGSB83NsrinxzSgkocdMnPZT5
RjBx82/eVP6552hACGHY
=gF4q
-----END PGP SIGNATURE-----

Thanks for your help man but it still did not work.
the error message:
**adding new entry “uid=testuser0,o=bch”
ldap_add: No such object (32)
**
i’ve checked all the files remove all the previously entries. but still errors
the command i’ve used is
dapadd -D “cn=admin,o=bch” -x -W -f tree.ldif

Thanks Alot, i think i got the idea, because i,ve never been this far always stuck at object already present. so i,ll check every thing again and check my ldif file again. i hope it will work now

Hii,
i have used this command
ldapadd -x -D cn=Administrator,dc=local -W -f ldap-sample.ldif

after entering password it gives following error

ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
Any ideas??

thanks
Harlin