ck@cksoft.de wrote:

Hi,

Summary: it seems having a modifiersdn outside of cn=config in cn=config breaks replication once slapd is restarted.

Yeah, using DNs other than the cn=config rootDN is frequently a problem. This is why when cn=config was introduced in 2.3 only the cn=config rootDN was allowed access to the tree.

In this particular case, there's a simpler solution - add schema definitions for the missing RDN attributes directly to the cn=config entry. In your case, move the "ou" definition from the cn=core schema entry.

There's nothing dirty about this solution - it has always been valid to define schema elements in the top-level slapd.conf file as well as in the top cn=config global config entry. The feature doesn't get used much because most 3rd party schemas are distributed as their own files, so it's simpler to just use the include directive to reference them. But for your current situation, you need to define these schema elements as early as possible, so that they can be processed as valid later on.