I think "-" is only for modify changetype. I have tested anyway without success.
2013/8/30 Ulrich Windl <[email protected]> > >>> Sylvain <[email protected]> schrieb am 30.08.2013 um 12:41 in > Nachricht > <calhnj+svk2ryj9_y46that-zxhxkm0sx-7a9cz55sy1pf0t...@mail.gmail.com>: > > Hi ! > > > > In my logs, I saw lot of lines like this (we have a poor script which > > refresh the base with delete/add primitives) : > > > > memberof_value_modify DN="uid=v6971,ou=people,dc=xxx,dc=com" delete > > memberOf="cn=VAC,ou=groups,dc=xxx,dc=com" failed err=16 > > > > I can reproduce the problem with a small LDIF : > > > > # 1st part > > dn: uid=V6971,ou=people,dc=xxx,dc=com > > changetype: delete > Could it be you need a line with "-" here? > > dn: uid=V6971,ou=people,dc=xxx,dc=com > > changetype: add > > objectClass... > > > > # 2nd part > > dn: cn=VAC,ou=groups,dc=xxx,dc=com > > changetype: delete > And there? > > dn: cn=VAC,ou=groups,dc=xxx,dc=com > > changetype: add > > objectClass... > > > > In the logs (shown below), we saw that problem occurs only on the delete > of > > cn=VAC but if I reduce the LDIF to that (2nd part), I have no more the > > problem !? I don't understand... > > > > Here the logs with all the LDIF : > > > > Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 fd=32 ACCEPT from IP= > > 192.168.0.1:48049 (IP=0.0.0.0:389) > > Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 BIND > > dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" method=128 > > Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 BIND > > dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" mech=SIMPLE ssf=0 > > Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 RESULT tag=97 err=0 > > text= > > --> Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=1 DEL > > dn="cn=VAC,ou=groups,dc=xxx,dc=com" > > --> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=1: > > memberof_value_modify DN="uid=v6971,ou=people,dc=xxx,dc=com" delete > > memberOf="cn=VAC,ou=groups,dc=xxx,dc=com" failed err=16 > > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=1 RESULT tag=107 err=0 > > text= > > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=2 ADD > > dn="cn=VAC,ou=groups,dc=xxx,dc=com" > > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=2 RESULT tag=105 err=0 > > text= > > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=3 DEL > > dn="uid=V6971,ou=people,dc=xxx,dc=com" > > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=3 RESULT tag=107 err=0 > > text= > > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=4 ADD > > dn="uid=V6971,ou=people,dc=xxx,dc=com" > > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=4 RESULT tag=105 err=0 > > text= > > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=5 UNBIND > > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 fd=32 closed > > > > And here the logs with only the 2nd part of LDIF : > > > > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 fd=107 ACCEPT from IP= > > 192.168.0.1:43599 (IP=0.0.0.0:389) > > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 BIND > > dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" method=128 > > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 BIND > > dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" mech=SIMPLE ssf=0 > > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 RESULT tag=97 err=0 > > text= > > --> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=1 DEL > > dn="cn=VAC,ou=groups,dc=xxx,dc=com" > > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=1 RESULT tag=107 err=0 > > text= > > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=2 ADD > > dn="cn=VAC,ou=groups,dc=xxx,dc=com" > > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=2 RESULT tag=105 err=0 > > text= > > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=3 UNBIND > > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 fd=107 closed > > > > For information, here the configuration of memberOf overlay : > > > > dn: olcOverlay={0}memberof, olcDatabase={1}hdb, cn=config > > olcMemberOfMemberAD: member > > olcMemberOfRefInt: FALSE > > olcOverlay: memberof > > olcMemberOfDangling: ignore > > objectClass: olcMemberOf > > objectClass: olcOverlayConfig > > olcMemberOfMemberOfAD: memberOf > > olcMemberOfGroupOC: groupOfNames > > > > We run OpenLDAP 2.4.31 replicated onto another host on Debian Wheezy. > > Do you have an idea on the problem ? > > > > Thanks, > > Sylvain > > > >
