Hi! After systemd tearing down one of our LDAP servers I noticed the following message when the server was restarted: slapd[10525]: UNKNOWN attributeDescription "AUDITCONTEXT" inserted. The next line logged was: slapd[10525]: olcServerID: value #1: SID=0x002 (listener=ldap://...:389) (the server is that of SLES12 SP4, 2.4.41 from opensuse-buildservice) The server is one of three MM servers that all have the same configuration and the same version. The schema knows in olcAttributeTypes (olcSchemaConfig): ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'DN of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) What I'l like to know: Is there any thing I could fix in the configuration to make the message go away, or is it some software issue in slapd?

> I've seen this when an attribute is introduced into the cn=config > database that's not part of the built‑in slapd schema. It can be > harmless in that case. I grepped for the attribute in external schema files, but didn't find it. As I found it when querying slapd, I conclude that the definition shown above must be build into slapd.

>>> Quanah Gibson-Mount <quanah(a)symas.com&gt; schrieb am 29.08.2019 um 15:41 in Nachricht <2B407C076711C27AEF9EBD7E(a)[192.168.1.144]&gt;: > > --On Thursday, August 29, 2019 9:32 AM +0200 Ulrich Windl > <Ulrich.Windl(a)rz.uni-regensburg.de&gt; wrote: > >>> I've seen this when an attribute is introduced into the cn=config >>> database that's not part of the built‑in slapd schema. It can be >>> harmless in that case. >> >> I grepped for the attribute in external schema files, but didn't find it. >> As I found it when querying slapd, I conclude that the definition shown >> above must be build into slapd. > > Using the power of the source, auditcontext is defined in the > slapo-accesslog overlay. Right, found it there: ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'DN of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) But I did not find an object definition that uses that attribute (any more).

>>> Quanah Gibson-Mount <quanah(a)symas.com&gt; schrieb am 28.08.2019 um 15:56 in Nachricht <F0468E4D7DD097415B5FC5C1(a)[192.168.1.144]&gt;: > ‑‑On Wednesday, August 28, 2019 11:02 AM +0200 Ulrich Windl > <Ulrich.Windl(a)rz.xn--uniregensburg-dm6g.de&gt; wrote: >> After systemd tearing down one of our LDAP servers I noticed the >> following message when the server was restarted: slapd[10525]: UNKNOWN >> attributeDescription "AUDITCONTEXT" inserted. >> [..] >> The schema knows in olcAttributeTypes (olcSchemaConfig): >> ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'DN of >> auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE‑VALUE >> NO‑USER‑MODIFICATION USAGE dSAOperation ) >> >> What I'l like to know: Is there any thing I could fix in the >> configuration to make the message go away, or is it some software issue >> in slapd? > > I've seen this when an attribute is introduced into the cn=config database > that's not part of the built‑in slapd schema. It can be harmless in that > case. I grepped for the attribute in external schema files, but didn't find it. As I found it when querying slapd, I conclude that the definition shown above must be build into slapd.

>>> Michael Ströder <michael(a)stroeder.com&gt; schrieb am 29.08.2019 um 16:34 in Nachricht <37c75ce9-b21e-9380-9f71-72c40086b01e(a)stroeder.com&gt;: > On 8/29/19 8:32 AM, Ulrich Windl wrote: >>>>> Quanah Gibson-Mount <quanah(a)symas.com&gt; schrieb am 28.08.2019 um 15:56 in >> Nachricht <F0468E4D7DD097415B5FC5C1(a)[192.168.1.144]&gt;: >>> ‑‑On Wednesday, August 28, 2019 11:02 AM +0200 Ulrich Windl >>> <Ulrich.Windl(a)rz.xn--uniregensburg-dm6g.de&gt; wrote: >>>> After systemd tearing down one of our LDAP servers I noticed the >>>> following message when the server was restarted: slapd[10525]: UNKNOWN >>>> attributeDescription "AUDITCONTEXT" inserted. >>>> [..] >>>> The schema knows in olcAttributeTypes (olcSchemaConfig): >>>> ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'DN of >>>> auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE‑VALUE >>>> NO‑USER‑MODIFICATION USAGE dSAOperation ) >>>> >>>> What I'l like to know: Is there any thing I could fix in the >>>> configuration to make the message go away, or is it some software issue >>>> in slapd? >>> >>> I've seen this when an attribute is introduced into the cn=config database >>> that's not part of the built‑in slapd schema. It can be harmless in that >>> case. >> >> I grepped for the attribute in external schema files, but didn't find it. As > I >> found it when querying slapd, I conclude that the definition shown above > must >> be build into slapd. > > Attribute type description 'auditContext' and all other schema > definitions for accesslog overlay are defined in C code of > slapo-accesslog. If you don't load slapo-accesslog then you normally > don't see the schema. > > I don't know what inconsistent content your cn=config has though. Still I don't quite understand it: It seems the attribute is also in the config database (dn: cn=schema,cn=config), so why is it unknown when slapd starts? It cannot be the reason that the schema is provided by an overlay. That would apply when starting the first time only, maybe (when the schema database isn't populated yet by the overlay).