--On Wednesday, April 13, 2011 3:09 PM +0000 quanah@zimbra.com wrote:

As a follow up -- This issue is caused by instantiating overlays outside of the database. Specifically this will trigger the problem:

# INCLUDES include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/dyngroup.schema

# RUNFILE LOCATIONS pidfile /usr/local/var/run/openldap/slapd.pid argsfile /usr/local/var/run/openldap/slapd.args

security ssf=127

# MODULES modulepath /usr/local/libexec/openldap moduleload back_hdb moduleload refint moduleload dynlist moduleload memberof

# OVERLAYS AND OVERLAY CONFIG overlay refint refint_attributes member uniqueMember seeAlso refint_nothing cn=EMPTY

overlay dynlist dynlist-attrset groupOfURLs memberURL member

overlay memberof memberof-refint TRUE

# DATABASE database hdb directory /usr/local/var/openldap-data

# GLOBAL LDAP SETTINGS suffix "dc=example,dc=org" rootdn "cn=root,dc=example,dc=org" rootpw blahblahblah

# SSL / TLS - note - these are all real, valid, issued certs. TLSCACertificatePath /etc/ssl/certs TLSCACertificateFile /etc/ssl/certs/gd_bundle.crt TLSCertificateFile /etc/ssl/certs/ldap.example.org.combined.crt TLSCertificateKeyFile /etc/ssl/private/ldap.example.org.key

access to * by * write

# PERFORMANCE index objectClass eq index cn eq,sub,pres,approx index uid eq,sub,pres index sn eq,sub,approx index member eq index givenName eq,sub,approx index mail eq,sub,approx

#limits limits users size=10000 size.pr=unlimited

--

Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration