Full_Name: Jochen Keutel Version: 2.4.46 OS: Debian 9 URL: Submission from: (NULL) (80.146.191.218)
With certain configurations it happens that the attribute namingContexts of the rootDSE contains the same value twice (which is not correct). It seems to be related to the fact that the naming context of a hidden backend is not ignored (servers/slapd/root_dse.c).
To reproduce it: I started to configure replication: szenario syncrepl proxy (push based replication, see 18.3.5 in OpenLDAP Admin Guide - "primary directory also contains back-ldap databases"). Configuring the LDAP backend leads unfortunately to a root DSE showing the same name context twice:
namingContexts: dc=keutel,dc=de namingContexts: dc=keutel,dc=de
Is this a known problem? Esp. this stops PHPLDAPAdmin from working: It prints a lot of PHP arrays in this case.
I've set "hidden on" for this backend but the problem remains.
My configuration:
1. slapd.conf on server1 (master):
database mdb suffix "dc=keutel,dc=de" ...
database ldap hidden on suffix "dc=keutel,dc=de" rootdn "cn=admin,dc=keutel,dc=de" uri ldaps://server2/
lastmod on restrict all
acl-bind bindmethod=simple binddn="cn=replication,dc=keutel,dc=de" credentials=secret
syncrepl rid=001 provider=ldaps://server1/ binddn="cn=replication,dc=keutel,dc=de" bindmethod=simple credentials=secret searchbase="dc=keutel,dc=de" type=refreshAndPersist retry="5 5 300 5"
2. converting this to dynamic config using slaptest gives the following entry:
dn: olcDatabase={2}ldap objectClass: olcDatabaseConfig objectClass: olcLDAPConfig olcDatabase: {2}ldap olcHidden: TRUE olcSuffix: dc=keutel,dc=de ...
3. starting slapd with this dynamic configuration
4. reading rootDSE: attribute namingContexts occurs twice with the same value.
-
jochen@keutel.de