(ITS#8763) ACL scope warning - openldap-bugs

28 Oct 2017


      Full_Name: Claude
Version: 2.4.45 
OS: entOS Linux release 7.3.1611 (Core) 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (198.168.152.20)
the slapd.conf openldap configuration file see below.
slapd daemon is issuing ACL scope warning for unknown reason that ACL is in the
slapd.conf
warning messages :
config_back_db_open: line 0: warning: cannot assess the validity of the ACL
scope within backend naming context
How that warning can be addressed?
Thanks
how to recreate warning messages based on slapd.conf below.
I'd like to get of rid of that ACL scope warning
Thanks, Claude
### - slapd is launched by this running command ###
/usr/sbin/slapd -d acl
#
# output of slapd daemon
#
59f51611 @(#) $OpenLDAP: slapd 2.4.45 (Sep 10 2017 16:37:12) $
        root@templateldap:/a/admin/ldap/openldap-2.4.45/servers/slapd
59f51611 => access_allowed: search access to "cn=config" "objectClass"
requested
59f51611 <= root access granted
59f51611 => access_allowed: search access granted by manage(=mwrscxd)
59f51611 => access_allowed: search access to "cn=schema,cn=config" "objectClass"
requested
59f51611 <= root access granted
59f51611 => access_allowed: search access granted by manage(=mwrscxd)
59f51611 => access_allowed: search access to "cn={0}core,cn=schema,cn=config"
"objectClass" requested
59f51611 <= root access granted
59f51611 => access_allowed: search access granted by manage(=mwrscxd)
59f51611 => access_allowed: search access to "cn={1}cosine,cn=schema,cn=config"
"objectClass" requested
59f51611 <= root access granted
59f51611 => access_allowed: search access granted by manage(=mwrscxd)
59f51611 => access_allowed: search access to
"cn={2}inetorgperson,cn=schema,cn=config" "objectClass" requested
59f51611 <= root access granted
59f51611 => access_allowed: search access granted by manage(=mwrscxd)
59f51611 => access_allowed: search access to
"olcDatabase={-1}frontend,cn=config" "objectClass" requested
59f51611 <= root access granted
59f51611 => access_allowed: search access granted by manage(=mwrscxd)
Backend ACL: access to dn.base="dc=example,dc=com"
        by * read
59f51611 => access_allowed: search access to "olcDatabase={0}config,cn=config"
"objectClass" requested
59f51611 <= root access granted
59f51611 => access_allowed: search access granted by manage(=mwrscxd)
Backend ACL: access to dn.base="cn=admin,cn=config"
        by * none
59f51611 => access_allowed: search access to "olcDatabase={1}mdb,cn=config"
"objectClass" requested
59f51611 <= root access granted
59f51611 => access_allowed: search access granted by manage(=mwrscxd)
Backend ACL: access to dn.children="dc=example,dc=com"
        by * search
Backend ACL: access to dn.base="dc=example,dc=com"
        by * read
Backend ACL: access to *
        by * none
59f51611 config_back_db_open: line 0: warning: cannot assess the validity of the
ACL scope within backend naming context
59f51611 slapd starting
#### - slapd.conf - #####
#
# NOTES: inetorgperson picks up attributes and objectclasses
#        from all three schemas
#
# NB: RH Linux schemas in /etc/openldap
#
include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/inetorgperson.schema
# NO REFERRALS
# DON'T bother with ARGS file
pidfile  /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel    ACL 
disallow bind_anon
#
#####################################
# frontend database
#####################################
#
access to dn.base="dc=example,dc=com" by * read
#######################################################################
# bdb database definitions
# 
# replace example and com below with a suitable domain
# 
# If you don't have a domain you can leave it since example.com
# is reserved for experimentation or change them to My and inc
#######################################################################
database mdb
#access  to dn.base="dc=example,dc=com"  by * read
access to dn.children="dc=example,dc=com" by * search
access to dn.base="dc=example,dc=com"     by * read
suffix "dc=example, dc=com"
#
# superuser
rootdn "cn=jimbob, dc=example, dc=com"
rootpw dirtysecret
# The database directory MUST exist prior to running slapd AND 
# change path as ncessary
directory   /var/lib/ldap
# Indices to maintain for this directory
# required if searches will use 
# unique id so equality match only
index   uid eq
# allows general searching on commonname, givenname and email
index   cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub
# sub above includes subintial,subany,subfinal
# optimise department searches
index ou eq
# if searches will include objectClass uncomment following
# index objectClass eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber
#
#####################################
# config database
#####################################
#
database config
access  to dn.base="cn=admin,cn=config"  by * none
rootdn   "cn=admin,cn=config"
rootpw   {SSHA}rZGfPJkJYWy036tqoQb9jZ4Tz36c7ddG