[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7608) cn=config with modifiersdn outside cn=config breaks recovery using slapadd



ck@cksoft.de wrote:
> Hi,
>
> Summary: it seems having a modifiersdn outside of cn=config in cn=config breaks replication once slapd is restarted.

Yeah, using DNs other than the cn=config rootDN is frequently a problem. This 
is why when cn=config was introduced in 2.3 only the cn=config rootDN was 
allowed access to the tree.

In this particular case, there's a simpler solution - add schema definitions 
for the missing RDN attributes directly to the cn=config entry. In your case, 
move the "ou" definition from the cn=core schema entry.

There's nothing dirty about this solution - it has always been valid to define 
schema elements in the top-level slapd.conf file as well as in the top 
cn=config global config entry. The feature doesn't get used much because most 
3rd party schemas are distributed as their own files, so it's simpler to just 
use the include directive to reference them. But for your current situation, 
you need to define these schema elements as early as possible, so that they 
can be processed as valid later on.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/