https://bugs.openldap.org/show_bug.cgi?id=10369
--- Comment #4 from Howard Chu hyc@openldap.org --- (In reply to elecharny from comment #3)
Some more comment: The config is injected through a slapadd based on a flat config file:
dn: olcDatabase={3}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {3}mdb olcDbDirectory: /usr/local/openldap/data/worteks/ olcSuffix: o=service,o=worteks olcAccess: {0}to * by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn="uid=repl,ou=security,o=service,o=worteks" read by anony mous auth by * none break olcAccess: {1}to attrs=userPassword by * none olcAccess: {2}to dn.subtree="ou=security,o=service,o=worteks" by * none olcAccess: {3}to * by * none olcAddContentAcl: TRUE olcLimits: {0}dn="uid=repl,ou=security,o=service,o=worteks" size=unlimited time=unlimited olcLimits: {1}dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" size=unlimited time=unlimited olcRootDN: cn=admin,o=service,o=worteks olcRootPW: secret olcMultiProvider: TRUE olcDbCheckpoint: 1024 1 olcDbNoSync: TRUE olcDbIndex: entryUUID eq olcDbIndex: objectClass eq olcDbIndex: entryCSN eq olcDbIndex: uid eq olcDbIndex: mailboxServiceIMAP eq olcDbIndex: mailboxServicePOP eq olcDbIndex: mailPrimaryAddress eq olcDbIndex: mailAlternativeAddress eq olcDbIndex: mailboxHiddenAlias eq olcDbMaxSize: 137438953472 olcMirrorMode: TRUE structuralObjectClass: olcMdbConfig entryUUID: fba8341e-d724-103f-8366-85552694bbcc creatorsName: cn=admin,cn=config createTimestamp: 20250606132204Z olcSyncrepl: {0}rid=012 provider=ldap://openldap1:10389 binddn="uid=repl,ou=security,o=service,o=worteks" bindmethod=simple credentials="secret" searc hbase="o=service,o=worteks" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" type=refreshAndPersist retry="5 +" timeo ut=1 syncdata=accesslog olcSyncrepl: {1}rid=011 provider=ldap://openldap2:10389 binddn="uid=repl,ou=security,o=service,o=worteks" bindmethod=simple credentials="secret" searc hbase="o=service,o=worteks" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" type=refreshAndPersist retry="5 +" timeo ut=1 syncdata=accesslog entryCSN: 20250606143335.493116Z#000000#00b#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20250606143335Z
As we can see, the MultiProvider attribute is present only once, so I suppose the injection of this entry generates the double olcMultiProvider value.
So I correct the previous comment: the original config was proper, injecting it with slapadd incorrectly injected the olcMultiProvider twice.
No, the config is invalid.
slapadd should have rejected it. You have both olcMultiProvider and olcMirrorMode, which is just the old name of the olcMultiprovider attribute. It's still accepted as an alias. I think this means our checks for attribute uniqueness are fooled by using alternate names of attributes; that will have to be examined.