[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapdelete: Invalid DN on an Accesslog generated DN



Ciao, Michael,

Yes, it is a slapcat output and it is filtered: BASEDN is just a replacement.
I had to remove slapo-accesslog because I was unable to login to the server anymore. So properly delete these entries was not an option for me.
This is the origin of the problem.

Thanks,
Giuseppe

2018-05-17 10:57 GMT+02:00 Michael Ströder <michael@stroeder.com>:
Giuseppe Civitella wrote:
> while doing some tests to enable accesslog in my directory, I did enable the
> overlay and then disabled it because of login problems.

I doubt that you had login problems caused by slapo-accesslog.

> Once restored the directory, I found a few entries like this:
>
> dn: reqStart=20180509102412.000000Z,BASEDN
> objectClass: auditModify
> structuralObjectClass: auditModify
> REQSTART: 20180509102412.000000Z
> REQEND: 20180509102412.000001Z
> REQTYPE: modify

Is this slapcat output? Did you obfuscate your e-mail with "BASEDN"?

Note that removing slapo-accesslog also removed the object class and
attribute type descriptions from your subschema. Typically slapcat
outputs names of attribute types missing in subschema all with capital
letters.

> deleting entry "reqStart=20180509102412.000000Z,BASEDN"
> ldap_delete: Invalid DN syntax (34)
>         additional info: invalid DN

OpenLDAP server checks schema even for DNs. Hence a DN containing
'reqStart' is an invalid DN if you don't have slapo-accesslog loaded.

Ciao, Michael.