Full_Name: Emmanuel Lecharny Version: 2.4.24 OS: Ubuntu URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (78.226.4.211)

The olcSuffix AT, which is not declared as SINGLE-VALUED, does not support more than one value. Per se, the definition of this AT should be explicit about it. However, this is not the main issue.

Trying to modify its value using such a LDIF file :

dn: olcDatabase={3}ldif,cn=config changetype: modify delete: olcSuffix olcSuffix: cn=test2 - add: olcSuffix olcSuffix: cn=test3 -

leads to an error : #!ERROR [LDAP: error code 80 - <olcSuffix> Only one suffix is allowed on this ldif backend]

It seems that there is an internal check that is done to insure that the olcSuffix does not contain more than one value, bypassing the AT definition, and that this check is not correctly done when a modify operation is sent.

Deleting the olcSuffix AT and injcting a new one works.