I recently ran into an issue when setting up a new LDAP directory using OpenLDAP 2.4.23 on Mac OSX. The issue was that I would get the following error when attempting to modify any entry in the directory:
modifying entry "olcDatabase={1}bdb,cn=config"
ldap_modify: Server is unwilling to perform (53)
additional info: shadow context; no update referral
A few web searches for this error indicated that it might be bad credentials or that the server was setup as a replication consumer which would forced a read only state. I had dumped the directory from another server where it was a MMR member and thought I had removed the required parts to make it work here (olcSyncRepl, olcServerID, etc..).
I confirmed that the credentials were correct by issuing a search using the credentials used in my attempt to modify the directory.
The problem was that I had the olcMirrorMode directive set to FALSE. The fix was to remove this from the LDIF that I was importing with slapadd and re-import.
Note that you could alternately modify olcMirrorMode and set it to TRUE which should resolve this scenario if you are running MMR and require the olcSyncRepl directives.
Leave a Reply