ldapmodify fails with “Server is unwilling to perform (53)”

I recently ran into an issue when setting up a new LDAP directory using OpenLDAP 2.4.23 on Mac OSX. The issue was that I would get the following error when attempting to modify any entry in the directory:

modifying entry "olcDatabase={1}bdb,cn=config"
ldap_modify: Server is unwilling to perform (53)
        additional info: shadow context; no update referral

A few web searches for this error indicated that it might be bad credentials or that the server was setup as a replication consumer which would forced a read only state. I had dumped the directory from another server where it was a MMR member and thought I had removed the required parts to make it work here (olcSyncRepl, olcServerID, etc..).

I confirmed that the credentials were correct by issuing a search using the credentials used in my attempt to modify the directory.

The problem was that I had the olcMirrorMode directive set to FALSE. The fix was to remove this from the LDIF that I was importing with slapadd and re-import.

Note that you could alternately modify olcMirrorMode and set it to TRUE which should resolve this scenario if you are running MMR and require the olcSyncRepl directives.

Leave a Reply

Your email address will not be published. Required fields are marked *