(ITS#8912) incorrect rootDSE (namingContexts)

[jochen@keutel.de]

Full_Name: Jochen Keutel
Version: 2.4.46
OS: Debian 9
URL: 
Submission from: (NULL) (80.146.191.218)


With certain configurations it happens that the attribute namingContexts of the
rootDSE contains the same value twice (which is not correct). It seems to be
related to the fact that the naming context of a hidden backend is not ignored
(servers/slapd/root_dse.c).

To reproduce it: I started to configure replication: szenario syncrepl proxy
(push based replication, see 18.3.5 in OpenLDAP Admin Guide - "primary directory
also contains back-ldap databases"). Configuring the LDAP backend leads
unfortunately to a root DSE showing the same name context twice:

namingContexts: dc=keutel,dc=de
namingContexts: dc=keutel,dc=de

Is this a known problem? Esp. this stops PHPLDAPAdmin from working: It prints a
lot of PHP arrays in this case.

I've set "hidden on" for this backend but the problem remains.

My configuration:

1. slapd.conf on server1 (master):

database mdb
suffix          "dc=keutel,dc=de"
...

database ldap
hidden on
suffix          "dc=keutel,dc=de"
rootdn          "cn=admin,dc=keutel,dc=de"
uri ldaps://server2/

lastmod on
restrict all

acl-bind    bindmethod=simple
        binddn="cn=replication,dc=keutel,dc=de"
        credentials=secret

syncrepl    rid=001
        provider=ldaps://server1/
        binddn="cn=replication,dc=keutel,dc=de"
        bindmethod=simple
        credentials=secret
        searchbase="dc=keutel,dc=de"
        type=refreshAndPersist
        retry="5 5 300 5"

2. converting this to dynamic config using slaptest gives the following entry:


dn: olcDatabase={2}ldap
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcHidden: TRUE
olcSuffix: dc=keutel,dc=de
...

3. starting slapd with this dynamic configuration

4. reading rootDSE: attribute namingContexts occurs twice with the same value.