Bug 204957 - net/openldap24-server: User Schema load failed for attribute "pwdMaxRecordedFailure". Error code 17: attribute type undefined
Summary: net/openldap24-server: User Schema load failed for attribute "pwdMaxRecordedF...
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Xin LI
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-02 09:12 UTC by O. Hartmann
Modified: 2018-01-12 13:18 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (delphij)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description O. Hartmann 2015-12-02 09:12:21 UTC
After Updating from version openldap-sasl-server-2.4.42_2 to openldap-sasl-server-2.4.43, I persitently get on one box the error shown below. Since we use a similar config on each system hostin OpenLDAP, the problem is definitely not obvious to me since  openldap-sasl-server-2.4.42_2 worked fine!

[...]
565eb2e6 <<< dnPrettyNormal: <cn=default,ou=policies,dc=walstatt,dc=dynvpn,dc=de>, <cn=default,ou=policies,dc=walstatt,dc=dynvpn,dc=de>
565eb2e6 User Schema load failed for attribute "pwdMaxRecordedFailure". Error code 17: attribute type undefined
565eb2e6 config error processing olcOverlay={1}ppolicy,olcDatabase={1}mdb,cn=config: User Schema load failed for attribute "pwdMaxRecordedFailure". Error code 17: attribute type undefined
Comment 1 Xin LI freebsd_committer 2015-12-02 09:28:58 UTC
(In reply to ohartman from comment #0)
I think it's probably more efficient to contact upstream (OpenLDAP.org) for help.

In the meantime, have you enabled PPOLICY when building the server?  You seem to be using ppolicy properties.
Comment 2 O. Hartmann 2015-12-02 10:11:14 UTC
I solved the problem by copying and modifying the port's ppolicy.ldif file according to the old one.

Yes, I have checked PPOLICY to be build!

The problem is: without the ppolicy schema loaded correctly, my whole DIT gets inaccessible, so I'm unable to "ldapmodify" the OLC-based configuration.

Since I use PPOLICY on all OpenLDAP installations and most of them got updated the very same time, I'm courious about what is different to the system in question - but a review of the LDIF files didn't reveal much to me. I stays obscure.
Comment 3 O. Hartmann 2015-12-05 15:30:34 UTC
Dec  5 16:27:36 <0.6> thor kernel: pid 7553 (slapd), uid 389: exited on signal 6

I receive massively SIGNAL 6 corruptions a a non-working LDAP environment! This happens on systems used with port net/nss-pam-ldapd-sasl-0.8.14_3.
Comment 4 Walter Schwarzenfeld freebsd_triage 2018-01-12 13:18:08 UTC
Is this still relevant, or could it closed.