#121 Syntax error in LDAP schema in v3.5
Closed: Fixed None Opened 5 years ago by timeos.

there is syntax error in 3.5 version of bind-dyndb-ldap LDAP "schema" file when used with OpenLDAP server. Problematic part:

objectClasses: ( 2.16.840.1.113730.
NAME 'idnsForwardZone'
DESC 'Forward Zone class'
SUP top
MUST ( idnsName $ idnsZoneActive )
MAY ( idnsForwarders $ idnsForwardPolicy ) )

/etc/openldap/schema/bind-dyndb-ldap.schema: line 355: unknown directive <objectclasses:> outside backend info and database definitions.
slaptest: bad configuration directory!

of course the "objectClasses:" should be replaced by "objectclass" like the previous objectclass definitions.

Thank you very much for bug report. I will fix it in 3.6 and 4.0 release. Are you okay with editing the schema file manually for now? The other way would be to build own bind-dyndb-ldap from sources. I will add comment to this ticket when the schema file in Git repo is fixed.

Regarding OpenLDAP

Please make sure that options psearch and serial_autoincrement are disabled if you plan to use bind-dyndb-ldap with OpenLDAP.

Bind-dyndb-ldap 4.0 will support syncrepl (RFC 4533), so it will support the same features with OpenLDAP and [Directory Server]]([http://port389.org/|389) at the same time.

Any information about your use case and experience with bind-dyndb-ldap is very welcome. Please express your opinions in this ticket or write an e-mail to freeipa-users@redhat.com. Thank you!

Hi Petr,
thanks for reply, no problem at all, I managed to correct the syntax on my side manually and schema is working perfectly now.

thanks also for update regarding openldap - yes, that was problem when I firstly updated to 3.5 - psearch changed to "on" by default and this caused the unavailability of DNS zones in LDAP. once I changed this setting back to "off", everything started to work again. thanks also about advisement regarding future releases in conjunction with openldap as we are using it in our environment.

regarding feedback - I am very happy for such bind LDAP "connector" as it perfectly fits our needs for managing internal DNS zones without need to update text files. We are using bind-dyndb-ldap without FreeIPA support purely as is in conjunction with other LDAP related stuff (like ISC DHCPD LDAP connector and so on) for internal organizational purposes. I am also very happy that this piece of software is still under heavy development and includes new fixes and features that some of them are interested to us.

and also thanks again for your support - I remember you've helped me with another bind-dyndb-ldap issue some months ago.


Error in "contrib" documentation does not need cloning.

Metadata Update from @pspacek:
- Issue assigned to pspacek
- Issue set to the milestone: Fedora 20

2 years ago

Login to comment on this ticket.