https://bugs.openldap.org/show_bug.cgi?id=10369
--- Comment #2 from elecharny@apache.org --- Ok, so basically the olcMultiProvider attribute is declared twice in the slapd.d/cn=config/olcDatabase={3}mdb.ldif file:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 faa42c6c dn: olcDatabase={3}mdb objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {3}mdb olcDbDirectory: /usr/local/openldap/data/worteks/ olcSuffix: o=service,o=worteks olcAccess: {0}to * by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=a uth" read by dn="uid=repl,ou=security,o=service,o=worteks" read by anonymous auth by * none break olcAccess: {1}to attrs=userPassword by * none olcAccess: {2}to dn.subtree="ou=security,o=service,o=worteks" by * none olcAccess: {3}to * by * none olcAddContentAcl: TRUE olcLimits: {0}dn="uid=repl,ou=security,o=service,o=worteks" size=unlimited tim e=unlimited olcLimits: {1}dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" siz e=unlimited time=unlimited olcRootDN: cn=admin,o=service,o=worteks olcRootPW:: c2VjcmV0 olcSyncrepl: {0}rid=012 provider=ldap://openldap1:10389 binddn="uid=repl,ou=se curity,o=service,o=worteks" bindmethod=simple credentials="secret" searchbase ="o=service,o=worteks" logbase="cn=accesslog" logfilter="(&(objectClass=audit WriteObject)(reqResult=0))" type=refreshAndPersist retry="5 +" timeout=1 sync data=accesslog olcSyncrepl: {1}rid=011 provider=ldap://openldap2:10389 binddn="uid=repl,ou=se curity,o=service,o=worteks" bindmethod=simple credentials="secret" searchbase ="o=service,o=worteks" logbase="cn=accesslog" logfilter="(&(objectClass=audit WriteObject)(reqResult=0))" type=refreshAndPersist retry="5 +" timeout=1 sync data=accesslog olcMultiProvider: TRUE <----------Here olcDbCheckpoint: 1024 1 olcDbNoSync: TRUE olcDbIndex: entryUUID eq olcDbIndex: objectClass eq olcDbIndex: entryCSN eq olcDbIndex: uid eq olcDbIndex: mailboxServiceIMAP eq olcDbIndex: mailboxServicePOP eq olcDbIndex: mailPrimaryAddress eq olcDbIndex: mailAlternativeAddress eq olcDbIndex: mailboxHiddenAlias eq olcDbMaxSize: 137438953472 olcMultiProvider: TRUE <----------And here again
So it's a config error, and the error message I get is normal. Still, the slapd.d config is read and applied as is, and the server starts, but it has internally loaded the value twice!
Still a bug, but the workaround is clear: don't mess with the original config...