尝试向 openLDAP 添加新 objectClass 时，出现“ldap_add：服务器不愿意执行（53）附加信息：没有全局高级知识”

我已经创建了如下所示的新模式

attributetype ( 2.25.3236588
        NAME 'x-candidateNumber'
        DESC 'Candidate number'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )


attributetype ( 2.25.3536282
        NAME 'x-candidateFullName'
        DESC 'Candidate name'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

attributetype ( 2.25.6587875
        NAME 'x-candidateTitleBeforeName'
        DESC 'Candidate title before name'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

attributetype ( 2.25.6164147
        NAME 'x-candidateTitleAfterName'
        DESC 'Candidate title after name'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

attributetype ( 2.25.1702122
        NAME 'x-candidateBirthNumber'
        DESC 'Candidate title after name'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

attributetype ( 2.25.3134432
        NAME 'x-candidateListedAt'
        DESC 'Candidate listed at'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

attributetype ( 2.25.3682754
        NAME 'x-candidateErasedAt'
        DESC 'Candidate erased at'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

attributetype ( 2.25.5497561
        NAME 'x-candidateNote'
        DESC 'Candidate note'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

attributetype ( 2.25.9736218
        NAME 'x-candidateStatus'
        DESC 'Candidate status'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

objectclass ( 2.25.1798306
        NAME 'ekcrCandidate'
        DESC 'RFC1274: simple security object'
        SUP ( top $ person $ organizationalPerson $ inetOrgPerson )
        STRUCTURAL
        MUST (cn $ ou)
        MAY ( x-candidateNumber $ x-candidateFullName $ x-candidateTitleBeforeName $
                x-candidateBirthNumber $ x-candidateTitleAfterName $ x-candidateListedAt $
                x-candidateErasedAt $ x-candidateNote $ x-candidateStatus
         ))

将此模式添加到 schema_convert.conf 文件中

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/pmi.schema
include /etc/ldap/schema/ekcrconcipient.schema
include /etc/ldap/schema/ekcrcandidate.schema
include /etc/ldap/schema/ekcrlegalofficer.schema

然后将架构转换为 ldif 文件

slaptest -f schema_convert.conf -F /tmp/ldif_output

它生成了我按照说明修改的文件这里在步骤 4 中。生成的 cn={14}ekcrlegalofficer.ldif 文件现在如下所示

dn: cn=ekcrlegalofficer
objectClass: olcSchemaConfig
cn: ekcrlegalofficer
olcAttributeTypes: {0}( 2.25.7702021 NAME 'x-legalOfficerNumber' DESC 'Legal o
 fficer number' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{
 32768} )
olcAttributeTypes: {1}( 2.25.960171 NAME 'x-legalOfficerFullName' DESC 'Legal
 officer name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{3
 2768} )
olcAttributeTypes: {2}( 2.25.196694 NAME 'x-legalOfficerTitleBeforeName' DESC
 'Legal officer title before name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1
 .1466.115.121.1.15{32768} )
olcAttributeTypes: {3}( 2.25.7643140 NAME 'x-legalOfficerTitleAfterName' DESC
 'Legal officer title after name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.
 1466.115.121.1.15{32768} )
olcAttributeTypes: {4}( 2.25.1064416 NAME 'x-legalOfficerListedAt' DESC 'Legal
  officer listed at' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
 1.15{32768} )
olcAttributeTypes: {5}( 2.25.1005975 NAME 'x-legalOfficerErasedAt' DESC 'Legal
  Officer erased at' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
 1.15{32768} )
olcAttributeTypes: {6}( 2.25.5513419 NAME 'x-legalOfficerNote' DESC 'Legal Off
 icer note' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{3276
 8} )
olcAttributeTypes: {7}( 2.25.4535859 NAME 'x-legalOfficerStatus' DESC 'Legal O
 fficer status' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{
 32768} )
olcObjectClasses: {0}( 2.25.6182638 NAME 'ekcrLegalOfficer' DESC 'RFC1274: sim
 ple security object' SUP ( top $ person $ organizationalPerson $ inetOrgPerso
 n ) STRUCTURAL MUST ( cn $ ou ) MAY ( x-legalOfficerNumber $ x-legalOfficerFu
 llName $ x-legalOfficerTitleBeforeName $ x-legalOfficerTitleAfterName $ x-leg
 alOfficerListedAt $ x-legalOfficerErasedAt $ x-legalOfficerNote $ x-legalOffi
 cerStatus ) )

然后我尝试添加这个新的 objectClass

ldapadd -D "cn=admin,cn=config" -W -f cn={14}ekcrlegalofficer.ldif

这导致了

ldap_add: Server is unwilling to perform (53)
        additional info: no global superior knowledge

我明白，当您尝试将新记录添加到错误的数据库时可能会发生此错误，但由于我正在尝试创建新的对象类，所以这不应该是我的情况。

它实际上在过去对我来说是有效的，但后来我使用重新配置了我的 openLDAP 服务器

dpkg-reconfigre slapd

从那时起我就面临这个问题。

现在已经第三天了，我被困在这个问题上，我真的很绝望，如果能得到任何帮助我将非常感激。