Ralf Haferkamp writes:

There are multiple ways to fix this, I guess. I am not sure which one to take:

1. Make slap_mods_opattrs() create a LDAP_MOD_ADD operation, when the

attributes don't exist in the entry.

It'd be better to fix bconfig's LDAP_MOD_REPLACE. That should work like LDAP_MOD_ADD when the attribute is absent. Haven't looked at how easy that would(n't) be though.

2. Do not try to modify the attributes (not even add) in

slap_mods_opattrs() if they do not exist.

No idea...

I like the consistency it gives as far as it goes - keep the presence of the attrs independent of whether they were created over the protocol or with slapd -f -F. Except fix #2 doesn't do that since it won't know whether to add them when creating an entry. So in summary, no opinion:-)

3. Create the opattrs, when reading from slapd.conf

Doesn't help preexisting cn=config directories.