Run into this while setting up a new DN. The DN in namespace only matches if it is normalized. So it may be best to do this by default when adding a namespace. With this using a capitalized namespace like "o=OpenBSD,c=CA" will work. Also as a side note the rootdn is already normalized so no need to fix that.
Totally unrelated but I could not resist to change the error check for host from the somewhat funky <= 0 to a != 1 (host returns 1 on success and 0 and -1 on failure). I will split this into two commits in the end. -- :wq Claudio Index: parse.y =================================================================== RCS file: /cvs/src/usr.sbin/ldapd/parse.y,v retrieving revision 1.40 diff -u -p -r1.40 parse.y --- parse.y 2 May 2021 14:39:05 -0000 1.40 +++ parse.y 6 Oct 2021 16:56:50 -0000 @@ -207,7 +207,7 @@ conf_main : LISTEN ON STRING port ssl ce if (! interface($3, cert, &conf->listeners, $4, $5)) { if (host($3, cert, &conf->listeners, - $4, $5) <= 0) { + $4, $5) != 1) { yyerror("invalid virtual ip or interface: %s", $3); free($6); free($3); @@ -1206,15 +1206,16 @@ namespace_new(const char *suffix) if ((ns = calloc(1, sizeof(*ns))) == NULL) return NULL; - ns->suffix = strdup(suffix); ns->sync = 1; ns->cache_size = 1024; ns->index_cache_size = 512; + ns->suffix = strdup(suffix); if (ns->suffix == NULL) { free(ns->suffix); free(ns); return NULL; } + normalize_dn(ns->suffix); TAILQ_INIT(&ns->indices); TAILQ_INIT(&ns->request_queue); SIMPLEQ_INIT(&ns->acl);