Re: new slapd.d configuration format and Invalid DN syntax (34)

[Howard Chu <hyc@symas.com>]

Ah, you still have defaultSearchBase in cn=config, and it is preventing 
the rest of the config from being built correctly. I thought I had 
removed this from cn=config when I moved the attribute to the Frontend 
object, but apparently it's also still present in the cn=config entry. 
We'll fix this in the 2.3.7 release.

Samuel Tran wrote:
> Here is the full output:
>
> sudo /usr/local/libexec/slapd -d 255 -u ldap -F /etc/openldap/slapd.d -4
> [?1h=@(#) $OpenLDAP: slapd 2.3.6 (Aug 24 2005 12:46:47) $
>         stran@info-ldap-001:/usr/local/src/openldap-2.3.6/servers/slapd
> daemon_init: <null>
> daemon_init: listen on ldap:///
> daemon_init: 1 listeners to open...
> ldap_url_parse_ext(ldap:///)
> daemon: initialized ldap:///
> daemon_init: 1 listeners opened
> slapd init: initiated server.
> slap_sasl_init: initialized!
> bdb_back_initialize: initialize BDB backend
> bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3,
> 2003)
> hdb_back_initialize: initialize HDB backend
> hdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3,
> 2003)
> backend_startup_one: starting "cn=config"
> => str2entry: "dn: cn=config
> objectClass: olcGlobal
> cn: config
> olcConfigFile: /etc/openldap/slapd.conf
> olcConfigDir: /etc/openldap/slapd.d
> olcAllows: bind_v2
> olcAuthzPolicy: none
> olcConcurrency: 0
> olcConnMaxPending: 100
> olcConnMaxPendingAuth: 1000
> olcDefaultSearchBase: dc=example,dc=com
> olcGentleHUP: FALSE
> olcIdleTimeout: 0
> olcIndexSubstrIfMaxLen: 4
> olcIndexSubstrIfMinLen: 2
> olcIndexSubstrAnyLen: 4
> olcIndexSubstrAnyStep: 2
> olcLocalSSF: 71
> olcLogLevel: Any
> olcPasswordHash: {SSHA}
> olcPidFile: /var/tmp/slapd.pid
> olcReadOnly: FALSE
> olcReplicationInterval: 0
> olcReverseLookup: FALSE
> olcSaslSecProps: noplain,noanonymous
> olcSizeLimit: 5000
> olcSockbufMaxIncoming: 524288
> olcSockbufMaxIncomingAuth: 16777215
> olcThreads: 16
> olcTLSCACertificateFile: /etc/openldap/certs/cacert.pem
> olcTLSCRLCheck: none
> olcTLSVerifyClient: never
> structuralObjectClass: olcGlobal
> "
>   
> > > > dnPrettyNormal: <cn=config>
> > > >         
> => ldap_bv2dn(cn=config,0)
> ldap_err2string
> <= ldap_bv2dn(cn=config)=0 Success
> => ldap_dn2bv(272)
> ldap_err2string
> <= ldap_dn2bv(cn=config)=0 Success
> => ldap_dn2bv(272)
> ldap_err2string
> <= ldap_dn2bv(cn=config)=0 Success
> <<< dnPrettyNormal: <cn=config>, <cn=config>
> <= str2entry(cn=config) -> 0x81c5560
> => test_filter
>     PRESENT
> => access_allowed: search access to "cn=config" "objectClass" requested
> <= root access granted
> => access_allowed: search access granted by manage(=mwrscxd)
> <= test_filter 6
> line 1 (/etc/openldap/slapd.conf)
> line 1 (/etc/openldap/slapd.d)
> line 1 (bind_v2)
> line 1 (none)
> line 1 (0)
> line 1 (100)
> line 1 (1000)
> line 1 ("dc=example,dc=com")
>   
> > > > dnPrettyNormal: <dc=example,dc=com>
> > > >         
> => ldap_bv2dn(dc=example,dc=com,0)
> ldap_err2string
> <= ldap_bv2dn(dc=example,dc=com)=0 Success
> ldap_err2string
> olcDefaultSearchBase: value #0: <olcDefaultSearchBase> invalid DN 21
> (Invalid syntax)
> => str2entry: "dn: cn=include{0}
> objectClass: olcIncludeFile
> cn: include{0}
> olcInclude: /etc/openldap/schema/core.schema
> structuralObjectClass: olcIncludeFile
> "
>   
>   


--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/