This is exactly the problem I was having, openldap is returning an error and still doing the modification, looks a lot like a bug.
See the log attached.
(This on debian wheezy with sldapd 2.4.31-1+nmu2)
Côme
On 2014-02-07 15:55, Nerijus Kislauskas wrote:
Hi,
What is a proper set of actions to add attribute via cn=config to custom schema, also add attribute to custom objectclass?
My way:
- Add attribute
- Delete old objectlass definition
- Add new objectClass with new attribute included
What if I have 100 objectClasses, and want replace only 1? I am in trouble to do this on Debian wheezy, slapd 2.4.31.
My test.ldif:
dn: cn={8}ktuEduPerson,cn=schema,cn=config changetype: modify add: olcAttributeTypes olcAttributeTypes: ( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP attribute for macaroni' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Let's add the attribute:
$ ldapmodify ... -f test.ldif Enter LDAP Password: modifying entry "cn={8}ktuEduPerson,cn=schema,cn=config" ldap_modify: No such object (32)
$
Ooops, something went wrong, but cn=config sees this attribute:
$ ldapsearch ... "cn={8}ktuEduPerson,cn=schema,cn=config" | grep macaroni Enter LDAP Password: olcAttributeTypes: {41}( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP ... $
But in case of VM/slapd restart, my macaroni attribute will be gone:
$ sudo grep -iR macaroni /etc/ldap/slapd.d/ $
Access rights of process and config files are ok. Changing lets say olcLogLevel works fine, config is synced.
Am I the only one in the world facing this problem? Or I should fill 69th bug on slapd in Debian? Is slapd package usable in Debian for something bigger than kindergarden? And yes, I know about "Why is using the OpenLDAP server from a Linux distribution not recommended?".