Full_Name: Ryan Steele Version: 2.4.18 OS: Ubuntu Server URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (207.106.239.81)
When the chaining configuration for cn=config is added, as is done in test022-ppolicy, the process of adding the module and overlay succeed, but subsequent slapcat operations will fail with:
root@nebula:~# slapcat -n1 slapd-chain: first underlying database "olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config" cannot contain attribute "olcDbURI". config error processing olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config: slapcat: bad configuration file!
Additionally, if slapd is stopped after adding the configuration in test022-ppolicy, the server will not start again, and on the foreground shows:
slapd-chain: first underlying database "olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config" cannot contain attribute "olcDbURI". : config_add_internal: DN="olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config" no structural objectClass add function config error processing olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config: send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=65 matched="" text="" slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy.
The reason test022-ppolicy does not catch this is because an ldapsearch will still work. In fact, the chaining operations still succeed (writes are ferried off to the upstream server). But, this is a very grave problem, as it can cause the slapd server to stop functioning completely.