Ciao, Michael, Yes, it is a slapcat output and it is filtered: BASEDN is just a replacement. I had to remove slapo-accesslog because I was unable to login to the server anymore. So properly delete these entries was not an option for me. This is the origin of the problem.
Thanks, Giuseppe 2018-05-17 10:57 GMT+02:00 Michael Ströder <[email protected]>: > Giuseppe Civitella wrote: > > while doing some tests to enable accesslog in my directory, I did enable > the > > overlay and then disabled it because of login problems. > > I doubt that you had login problems caused by slapo-accesslog. > > > Once restored the directory, I found a few entries like this: > > > > dn: reqStart=20180509102412.000000Z,BASEDN > > objectClass: auditModify > > structuralObjectClass: auditModify > > REQSTART: 20180509102412.000000Z > > REQEND: 20180509102412.000001Z > > REQTYPE: modify > > Is this slapcat output? Did you obfuscate your e-mail with "BASEDN"? > > Note that removing slapo-accesslog also removed the object class and > attribute type descriptions from your subschema. Typically slapcat > outputs names of attribute types missing in subschema all with capital > letters. > > > deleting entry "reqStart=20180509102412.000000Z,BASEDN" > > ldap_delete: Invalid DN syntax (34) > > additional info: invalid DN > > OpenLDAP server checks schema even for DNs. Hence a DN containing > 'reqStart' is an invalid DN if you don't have slapo-accesslog loaded. > > Ciao, Michael. > >
