Error “no equality matching rule” when editing LDAP Syncprov Overlay

openldap

I have an OpenLDAP OLC server (2.4.23) to which I am trying to simply add two attributes to the Syncprov overlay file, but am encountering some difficulty.

Here are the contents of the olcOverlay={0}syncprov.ldif file:

# cat /etc/openldap/slapd.d/cn\=config/olcDatabase\={1}bdb/olcOverlay\={0}syncprov.ldif 

dn: olcOverlay={0}syncprov
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpCheckpoint: 100 60
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 727d29d6-cc5c-1032-89d0-2fc7acd5ca31
creatorsName: cn=config
createTimestamp: 20131018161654Z
entryCSN: 20131018161654.036436Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20131018161654Z

And I am attempting to apply this LDIF:

# cat SyncprovOverlayAdd2.ldif 

dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config
changetype: modify
add: olcSpCheckpoint
olcSpCheckpoint: 100 30
-
add: olcSpSessionlog
olcSpSessionlog: 1000

The error:

# ldapadd -v -f SyncprovOverlayAdd2.ldif -D "cn=config" -H "ldap://ldap01.lab.com" -W -x

ldap_initialize( ldap://ldap01.lab.com:389/??base )
Enter LDAP Password: 
add olcSpCheckpoint:
    100 30
add olcSpSessionlog:
    1000
modifying entry "olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config"
ldap_modify: Inappropriate matching (18)
    additional info: modify/add: olcSpCheckpoint: no equality matching rule

I get the same error if I invoke it with ldapmodify. Am I using the wrong add/modify directives or attributes?

Further Troubleshooting Attempts:

I tried modifying the LDIF without the "add:" directives to look like:

dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config
changetype: add
olcSpCheckpoint: 100 30
olcSpSessionlog: 1000

But when I do that I get a different error:

add olcSpCheckpoint:
    100 30
add olcSpSessionlog:
    1000
adding new entry "olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config"
ldap_add: Object class violation (65)
    additional info: no objectClass attribute

I don't quite have the hang of these OLC live changes and when you need to add/modify/replace, when "changetype" needs to be set explicitly, when you need to specify an objectClass when using ldapadd/ldapmodify for an existing entry, etc.

Reference: This ServerFault question had an answer that suggested replacing "add" with "replace" for this error, but that did not work for me.

Best Answer

This is http://www.openldap.org/its/index.cgi/?findid=8616 which will be fixed in the OpenLDAP 2.4.47 release.

Related Topic