https://bugs.openldap.org/show_bug.cgi?id=9888
--- Comment #11 from Quanah Gibson-Mount quanah@openldap.org --- Hit an issue with this again today, where no actual schema changes were made. In this case the change involved:
a) Adding an additional olcAuthzRegexp configuration b) Adding an ACL
It is useful to note that the process that triggers cn=config updates regenerates the contextCSN of all the entries in the config db, so it causes a 'force sync' of all schema, even if they've had no changes.
After the change was replicated to the downstream consumers, the slapd process lost all knowledge of the schema it uses, leading to filters showing missing schema:
(&(?objectClass=person))
being one example. Although an odd practice this seems indicative of some serious issues internal to slapd. I think that we should go back to marking cn=config replication experimental and not advised until this can be fixed.