Full_Name: Bill MacAllister Version: RE24 pulled 11-Feb-2013 OS: debian wheezy (testing) URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (67.180.239.194)
When attempting to add a new entry to a back-mdb database I am seeing the following failure:
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "suRegID=uniqueid1,cn=people,dc=stanford,dc=edu" ldap_add: Other (e.g., implementation specific) error (80) additional info: index generation failed
The attribute that is causing the failure is suPrivilegeGroup. The schema definition for this attribute is:
olcAttributeTypes: ( StanfordLDAPattributeType:19 NAME ( 'suPrivilegeGroup' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
The index defined for this attribute is:
olcDbIndex: suPrivilegeGroup eq,sub
I have been able to successfully load the entry by either:
* Modifying the index definition by removing the substring index, i.e. 'olcDbIndex: suPrivilegeGroup eq,sub'.
or
* Modifying the data. The value 'suPrivilegeGroup: n:all' succeeds and the value 'suPrivilegeGroup: ne:all' fails.
Here is a complete failing entry:
dn: suRegID=uniqueid1,cn=people,dc=stanford,dc=edu objectClass: suPerson objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: person displayName: Bill MacAllister suCN: bill macallister suDisplayNameLF: MacAllister, Bill suGeneralID: billmacallister suRegID: uniqueid1 suRegisteredName: William Henry MacAllister suRegisteredNameLF: MacAllister, William Henry suSN: macallister suUniqueIdentifier: unique1 sn: macallister o: University ou: netdocs-access:all uid: whm cn: bill macallister cn: william macallister givenName: william givenName: bill suPrivilegeGroup: ne:all
I first started investigating this problem because some entries where not present in the directory after a complete refresh from an ldif dumped from a 2.4.26 server. I used slapadd to load the ldif and there were no error messages during the load, just some entries were missing. I expect that the lack of an error message from slapadd is a separate, but related issue.
-
whm@stanford.edu