[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8974) olcAttributeOptions cannot be modified once set

Full_Name: Scott Koranda
Version: 2.4.47
OS: Debian Linux 9.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

Once the option olcAttributeOptions has been configured it cannot be modified.

To reproduce begin with the following state:

#ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config -s base
olcAttributeOptions 2>/dev/null
dn: cn=config
olcAttributeOptions: lang- app-

Create an LDIF file to modify the value for olcAttributeOptions:

# cat /root/olcAttributeOptions.ldif 
dn: cn=config
changetype: modify
replace: olcAttributeOptions
olcAttributeOptions: lang- app- internal prior role- scope- time-

Use ldapmodify to attempt to modify the configuration:

# ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/olcAttributeOptions.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)

The slapd process running with -d -1 emits this output:

5c5c2e01 slapd: line 0: option "lang-" is already defined
5c5c2e01 olcAttributeOptions: value #0: <olcAttributeOptions> handler exited
with 1!

This behavior happens regardless of whether any directory has records that
include options with attributes.