Hello,
at the
moment we have installed OpenLDAP 2.3.17 on our production servers.
Recently we've decided to upgrade to 2.4.9 version and we came across an issue
which doesn't seem easy to solve.
It's about the "c"
(country) attribute syntax definition which has been changed in the core schema
between 2.3.17 and 2.4. In older days this attribute allowed string values,
but now it has been limited to 2-characters only ("Country
String").
Country value is
a part of suffix in our DIT (e.g. l=$locality,c=$country), the problem
is that our users in some cases used 3 or more letters for country
attribute . This was on 2.3 server. Now I want to upgrade the server to the
new version and at the same time I want to convert the old-fashioned slapd.conf
configuration to dynamic one (slapd.d). When I try to bring up the
database, the server fail to start and I get the following
error:
(a snippet from
slapd debug):
...
>>>
dnPrettyNormal: <olcDatabase={-1}frontend>
<<< dnPrettyNormal:
<olcDatabase={-1}frontend>,
<olcDatabase={-1}frontend>
>>> dnNormalize:
<cn=config>
<<< dnNormalize: <cn=config>
>>>
dnNormalize: <cn=config>
<<< dnNormalize:
<cn=config>
<= str2entry(olcDatabase={-1}frontend) ->
0x828cba4
>>> dnPrettyNormal:
<l=kranj,c=slo>
ldap_err2string
config error processing
olcDatabase={-1}frontend,cn=config: <olcDefaultSearchBase> invalid DN 21
(Invalid syntax)
send_ldap_result: conn=-1 op=0 p=0
slapd destroy: freeing
system resources.
slapd stopped.
connections_destroy: nothing to
destroy.
OK, I understand
that this is happening because of schema violation, but nevertheless, I still
need some advices or tips, how to avoid getting into trubles when
upgrading the servers. Is there an easy way to get rid of the problem, but
still using this type of suffix with country value longer that 2
characters?
Thanks a
lot.
Best
Regards,
Domen