LDAP: Type or value exists


Introduction

The result code decimal 20 ('Type or value exists' or 'Attribute or value exists') occurs when a user attempts to add an attribute to an entry with a value that already exists for that attribute type for that entry.

From RFC4511, the definition of result code 20 is:

      attributeOrValueExists (20)
         Indicates that the client supplied an attribute or value to
         be added to an entry, but the attribute or value already
         exists.

Example

For example, create the following LDIF in file ~/type-or-value-exists.LDIF which replaces the value of the description attribute, assuming that the user already exists:

dn: uid=user.0,ou=people,dc=example,dc=com
changetype: modify
replace: description
description: description 1

Modify the entry using ldapmodify three times:

ldapmodify --hostname localhost --port 1389 \
 --bindDn 'cn=directory manager' --bindPassword password \
 -c -a -f ~/type-or-value-exists.LDIF 
# Processing MODIFY request for uid=user.0,ou=people,dc=example,dc=com
# MODIFY operation successful for DN uid=user.0,ou=people,dc=example,dc=com
ldapmodify --hostname localhost --port 1389 \
 --bindDn 'cn=directory manager' --bindPassword password \
 -c -a -f ~/type-or-value-exists.LDIF 
# Processing MODIFY request for uid=user.0,ou=people,dc=example,dc=com
# MODIFY operation successful for DN uid=user.0,ou=people,dc=example,dc=com
ldapmodify --hostname localhost --port 1389 \
 --bindDn 'cn=directory manager' --bindPassword password \
 -c -a -f ~/type-or-value-exists.LDIF 
# Processing MODIFY request for uid=user.0,ou=people,dc=example,dc=com
# MODIFY operation successful for DN uid=user.0,ou=people,dc=example,dc=com

The same entry was modified three times using the same value for the attribute, using the replace keyword. What does the entry look like now?

ldapsearch -D 'cn=directory manager' \
 -w password  \
 --port 1389 \
 --searchScope base \
 --baseDn uid=user.0,ou=people,dc=example,dc=com '(objectClass=*)' 
dn: uid=user.0,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
postalAddress: Aaren Atp$91327 Broadway Street$Las Vegas, UT  08103
postalCode: 08103
description: description 1
uid: user.0
userPassword: {SSHA}cV5E+CQLD9MvGhYwNmbu1SSt//MGjL8Ir/hUPw==
employeeNumber: 0
initials: AWA
givenName: Aaren
pager: +1 214 214 4195
mobile: +1 947 007 3231
cn: Aaren Atp
sn: Atp
telephoneNumber: +1 089 907 9947
street: 91327 Broadway Street
homePhone: +1 457 787 9183
l: Las Vegas
mail: user.0@example.com
st: UT

Note the value of the description attribute. Now change the keyword in the LDIF to add:

dn: uid=user.0,ou=people,dc=example,dc=com
changetype: modify
add: description
description: description 1

Modify the entry using ldapmodify:

ldapmodify --hostname localhost --port 1389 \
 --bindDn 'cn=directory manager' --bindPassword password \
 -c -a -f ~/type-or-value-exists.LDIF 
# Processing MODIFY request for uid=user.0,ou=people,dc=example,dc=com
MODIFY operation failed
Result Code:  20 (Attribute or Value Exists)
Diagnostic Message:  Entry uid=user.0,ou=people,dc=example,dc=com cannot \
 be modified because it would have resulted in one or more duplicate \
 values for attribute description:  description 1

This fails because one cannot add an attribute with an existing value, but one can replace it with the same value.

References

About Terry Gardner

Terry Gardner was a leading directory services architect with experience with many large scale directory services installations and messaging server installations, and was a Subject Matter Expert in the field of Directory Services and Solaris (operating system) performance. Mr. Gardner also participated in the open-source software community. Mr. Gardner passed away in December, 2013.
This entry was posted in computing, LDAP and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s