https://bugs.openldap.org/show_bug.cgi?id=10369
--- Comment #4 from Howard Chu <[email protected]> --- (In reply to elecharny from comment #3) > Some more comment: The config is injected through a slapadd based on a flat > config file: > > dn: olcDatabase={3}mdb,cn=config > objectClass: olcDatabaseConfig > objectClass: olcMdbConfig > olcDatabase: {3}mdb > olcDbDirectory: /usr/local/openldap/data/worteks/ > olcSuffix: o=service,o=worteks > olcAccess: {0}to * by > dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by > dn="uid=repl,ou=security,o=service,o=worteks" read by anony > mous auth by * none break > olcAccess: {1}to attrs=userPassword by * none > olcAccess: {2}to dn.subtree="ou=security,o=service,o=worteks" by * none > olcAccess: {3}to * by * none > olcAddContentAcl: TRUE > olcLimits: {0}dn="uid=repl,ou=security,o=service,o=worteks" size=unlimited > time=unlimited > olcLimits: {1}dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" > size=unlimited time=unlimited > olcRootDN: cn=admin,o=service,o=worteks > olcRootPW: secret > olcMultiProvider: TRUE > olcDbCheckpoint: 1024 1 > olcDbNoSync: TRUE > olcDbIndex: entryUUID eq > olcDbIndex: objectClass eq > olcDbIndex: entryCSN eq > olcDbIndex: uid eq > olcDbIndex: mailboxServiceIMAP eq > olcDbIndex: mailboxServicePOP eq > olcDbIndex: mailPrimaryAddress eq > olcDbIndex: mailAlternativeAddress eq > olcDbIndex: mailboxHiddenAlias eq > olcDbMaxSize: 137438953472 > olcMirrorMode: TRUE > structuralObjectClass: olcMdbConfig > entryUUID: fba8341e-d724-103f-8366-85552694bbcc > creatorsName: cn=admin,cn=config > createTimestamp: 20250606132204Z > olcSyncrepl: {0}rid=012 provider=ldap://openldap1:10389 > binddn="uid=repl,ou=security,o=service,o=worteks" bindmethod=simple > credentials="secret" searc > hbase="o=service,o=worteks" logbase="cn=accesslog" > logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" > type=refreshAndPersist retry="5 +" timeo > ut=1 syncdata=accesslog > olcSyncrepl: {1}rid=011 provider=ldap://openldap2:10389 > binddn="uid=repl,ou=security,o=service,o=worteks" bindmethod=simple > credentials="secret" searc > hbase="o=service,o=worteks" logbase="cn=accesslog" > logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" > type=refreshAndPersist retry="5 +" timeo > ut=1 syncdata=accesslog > entryCSN: 20250606143335.493116Z#000000#00b#000000 > modifiersName: cn=admin,cn=config > modifyTimestamp: 20250606143335Z > > > As we can see, the MultiProvider attribute is present only once, so I > suppose the injection of this entry generates the double olcMultiProvider > value. > > So I correct the previous comment: the original config was proper, injecting > it with slapadd incorrectly injected the olcMultiProvider twice. No, the config is invalid. slapadd should have rejected it. You have both olcMultiProvider and olcMirrorMode, which is just the old name of the olcMultiprovider attribute. It's still accepted as an alias. I think this means our checks for attribute uniqueness are fooled by using alternate names of attributes; that will have to be examined. -- You are receiving this mail because: You are on the CC list for the issue.
