Home / server / Questions / 474008
Accepted
Brad Mace
Asked: 2013-01-31 14:45:45 +0800 CST

Can't write to OpenLDAP: "shadow context; no update referral"

  • 772

I just set up an OpenLDAP server (v2.4.23) and loaded some data. I can browse and edit via Apache Directory Studio, but not deletions all fail.

For example, I tried to delete a list of DNs from a file:

ldapdelete -f rmroles.txt -W -D "cn=admin,cn=config"

but it dies with the message:

ldap_delete: Server is unwilling to perform (53)
        additional info: shadow context; no update referral

Most of the info I've found suggests that this is related to replication, but I haven't set up replication on this server yet. olcReadOnly is FALSE, and I've set olcAccess to to * by * manage.

Any other ideas what could be wrong?

openldap

3 Answers

  1. Best Answer

    Apparently just having the olcMirrorMode attribute present on cn=config (even when set to FALSE) is enough to trigger shadow context. Delete the attribute and restart slapd.

    • 3

  2. Old thread, but I found that my solution was slightly different.

    Again, my LDAP server was in a sync/replication setup and needed to be disabled.

    In /etc/openldap/slapd.conf the syncrepl directive was specified (and some associated configuration underneath).

    Commenting this out and restarting the ldap server allowed me to make changes to the LDAP database.

    • 0
    1. Just watch attribute userPassword's value.
    2. It is prefixed by {MD5} (in my case)
    3. Just select Encryption method according to it
    • 0