Full_Name: Sean Burford Version: 2.4.9 OS: Linux x86_64 URL: ftp://ftp.openldap.org/incoming/sean-burford-080529.tar.gz.1 Submission from: (NULL) (76.104.224.20)
Adding equality and substring matching to an existing in use attribute causes the schema and database contents to mismatch. I added equality and substring matching to an attribute in my schema. A modification of an attribute value was propogated a few days later, triggering the assertion and taking my replicas offline. Each restart replicated the change and triggered the assertion again.
When no matching is specified, new database entries do not have their normalized value populated in the database. When the matching is added, new database entries with have their normalized value populated in the database. There is an assertion in attr.c that checks that attributes from the database have the expected normalization.
I have attached a script and config to demonstrate the issue (ftp://ftp.openldap.org/incoming/sean-burford-080529.tar.gz.1)
These files are in the tarball:
slapd.d/ contains a server configuration that is suitable for reproducing the problem.
script/trigger-assertion.sh performs the ldap operations necessary to trigger the assertion. The important ones are: - An attribute is added to the schema without equality matching. - An entry is added to the directory that uses the new attribute. - The schema is modified so that the attribute has equality matching. - Another attribute value is added to the entry, triggering the assertion.
patch/attr-assertion.patch causes the operation to be rejected and logged, rather than triggering the assertion. It might not be the optimal patch for this problem, but it prevents the assertion and rejects the operation.