Re: slapcat output from 2.0.21 to slapadd to openldap-2.3.24

[Aaron Richton <richton@nbcs.rutgers.edu>]

> The question might seem like it's on the level of "Why do people make
> spelling errors?", but it seems like many others who are running older
> openldap servers migrating to newer servers also have had this
> problem.  Did the standards change?

I don't think the standards changed; OpenLDAP 2.0.21 was in error for 
allowing it. This error has been realized and corrected, as you see in the 
recent version.

> I guess the best approach is to make sure I have legit data on the new
> server and then cutover and pray that applications that use the ldap
> server continue on working.  If not, then revert back to the old ldap
> server and regroup..  Any feedback is greatly appreciated!

Personally, I'd hope that the vast majority of your clients expect data 
that complies with standards and will work better with cleaned up data on 
2.3 than non-compliant data on 2.0. However, it is conceivable that you 
have applications that sadly depend on the broken data. In the absence of 
a 2.3-based UA/testing environment (which would probably be a very clean 
solution), your approach sounds like a balance between possible 
bug-for-bug compatibilities and trying to upgrade your infrastructure 
quickly.