Hello,
at the moment we have installed OpenLDAP 2.3.17 on our production
servers. Recently we've decided to upgrade to 2.4.9 version and we came
across an issue which doesn't seem easy to solve.
It's about the "c" (country) attribute syntax definition which has been
changed in the core schema between 2.3.17 and 2.4. In older days this
attribute allowed string values, but now it has been limited to
2-characters only ("Country String").
Country value is a part of suffix in our DIT (e.g.
l=$locality,c=$country), the problem is that our users in some cases
used 3 or more letters for country attribute . This was on 2.3 server.
Now I want to upgrade the server to the new version and at the same time
I want to convert the old-fashioned slapd.conf configuration to dynamic
one (slapd.d). When I try to bring up the database, the server fail to
start and I get the following error:
(a snippet from slapd debug):
...
>>> dnPrettyNormal: <olcDatabase={-1}frontend>
<<< dnPrettyNormal: <olcDatabase={-1}frontend>,
<olcDatabase={-1}frontend>
>>> dnNormalize: <cn=config>
<<< dnNormalize: <cn=config>
>>> dnNormalize: <cn=config>
<<< dnNormalize: <cn=config>
<= str2entry(olcDatabase={-1}frontend) -> 0x828cba4
>>> dnPrettyNormal: <l=kranj,c=slo>
ldap_err2string
config error processing olcDatabase={-1}frontend,cn=config:
<olcDefaultSearchBase> invalid DN 21 (Invalid syntax)
send_ldap_result: conn=-1 op=0 p=0
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
OK, I understand that this is happening because of schema violation, but
nevertheless, I still need some advices or tips, how to avoid getting
into trubles when upgrading the servers. Is there an easy way to get rid
of the problem, but still using this type of suffix with country value
longer that 2 characters?
Thanks a lot.
Best Regards,
Domen
