My goal is to transfer entries from one ldap server to another – preserving the original base dn so that we do not have to modify the base dn reference on our mac os mail clients (we have hundreds). Now granted, I realize we could go into each computer and change the dn, but we want to avoid this.
source: the LDAP that has the dn I want to preserve
target: the Active Directory LDAP I want to add the entry to
I can’t seem to add entries above the base dn of target LDAP:
dn: dc=odmaster,dc=mhc,dc=org
dc: odmaster
objectclass: domain
The target LDAP currently has several entries below the dc=odmaster,dc=mhc,dc=org dn.
When I try imporing the following .ldif file via phpldapadmin I get the following error:
Could not add the object to the LDAP server server is unwilling to perform. It doesn’t work on the terminal via the ldapadd command either.
dn: ou=users,dc=mhc,dc=org
description: Users
objectclass: organizationalUnit
ou: users
But it is successful when I add the entry below the base dn like this:
dn: ou=users,dc=odmaster,dc=mhc,dc=org
description: Users
objectclass: organizationalUnit
ou: users
Any idea why I cannot add entries at the dc=mhc,dc=org dn on the target LDAP?
One possible answer is that the server database naming context is set to
dc=odmaster,dc=mhc,dc=org. If this is the case, LDAP clients may not add entries abovedc=odmaster. Check for this configuration by:Another possibility is a access control that prevents clients from accessing, adding, or modifying entries.
See Also