Can't write to OpenLDAP: "shadow context; no update referral"

Question

I just set up an OpenLDAP server (v2.4.23) and loaded some data. I can browse and edit via Apache Directory Studio, but not deletions all fail.

For example, I tried to delete a list of DNs from a file:

ldapdelete -f rmroles.txt -W -D "cn=admin,cn=config"

but it dies with the message:

ldap_delete: Server is unwilling to perform (53)
        additional info: shadow context; no update referral

Most of the info I've found suggests that this is related to replication, but I haven't set up replication on this server yet. olcReadOnly is FALSE, and I've set olcAccess to to * by * manage.

Any other ideas what could be wrong?

score 3 · Accepted Answer · answered Jan 31 '13 at 01:29

3

Apparently just having the olcMirrorMode attribute present on cn=config (even when set to FALSE) is enough to trigger shadow context. Delete the attribute and restart slapd.

answered Jan 31 '13 at 01:29

Brad Mace

1,034
3
17
32

score 1 · Answer 2 · answered Aug 12 '16 at 04:52

Old thread, but I found that my solution was slightly different.

Again, my LDAP server was in a sync/replication setup and needed to be disabled.

In /etc/openldap/slapd.conf the syncrepl directive was specified (and some associated configuration underneath).

Commenting this out and restarting the ldap server allowed me to make changes to the LDAP database.

score -1 · Answer 3 · answered Jun 01 '20 at 07:57

-1

Just watch attribute userPassword's value.
It is prefixed by {MD5} (in my case)
Just select Encryption method according to it

answered Jun 01 '20 at 07:57

user2928048

99

Can't write to OpenLDAP: "shadow context; no update referral"

3 Answers3