On Sun, Apr 13, 2025 at 09:33:18AM +0200, Adrian Nöthlich wrote:
Hi all,
to answer / correct my own mail. I had an off-by-one with the versions I think. 2.2 did not have the refint overlay, at least not in code, so we might moved from 2.3 to 2.5 but I can't remember. It still stands that at some time refint lost the feature that it ensured validity of add/modify operations of references to other objects.
In the meanwhile I found: https://lists.openldap.org/hyperkitty/list/openldap-technical@openldap.org/m... where Michael Ströder pointed out that the attribute has to be entryDN. with
olcConstraintAttribute: member uri ldap:///dc=example,dc=com?entryDN?sub?(objectClass=*)
everything works now. I have no clue why slapd segfaults with a wrong attribute specified in the olcConstraintAttribute URI but it now works.
Hi Adrian, great that you found a solution already. It looks like your crash is related to ITS#10204[0] fixed in 2.6.8. If you've just upgraded to 2.5, I suggest you go all the way to 2.6 which is now the LTS release stream, while 2.5 is in the 2-year sunset phase already.
[0]. https://bugs.openldap.org/show_bug.cgi?id=10204
Regards,