OpenStack Identity (keystone)

"Duplicate option" error when adding the LDAP schema to OpenLDAP

Bug #904380 reported by Patrick Hetu
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Ziad Sawalha
OpenStack Identity (keystone) 2012.1 "essex"

Bug Description

With:
 * keystone current trunk
 * slapd 2.4.25-1.1ubuntu4.1

When I try to add the schema, I have this error:

 root@dino:/etc/ldap# slaptest
olcObjectClasses: value #1 olcObjectClasses: Duplicate option before ( keystoneEnabled ) MAY ( mail $ userPassword ) )
ObjectClassDescription = "(" whsp
  numericoid whsp ; ObjectClass identifier
  [ "NAME" qdescrs ]
  [ "DESC" qdstring ]
  [ "OBSOLETE" whsp ]
  [ "SUP" oids ] ; Superior ObjectClasses
  [ ( "ABSTRACT" / "STRUCTURAL" / "AUXILIARY" ) whsp ]
                                  ; default structural
  [ "MUST" oids ] ; AttributeTypes
  [ "MAY" oids ] ; AttributeTypes
  whsp ")"
config error processing cn={3}keystone,cn=schema,cn=config: olcObjectClasses: Duplicate option before ( keystoneEnabled ) MAY ( mail $ userPassword ) )
slaptest: bad configuration file!

Removing those lines (see the patch):

   MUST ( keystoneName )
   MUST ( keystoneEnabled )

Make slaptest pass and slapd can run. I don't have tested further yet, I'll add more detail if the rest works.

Revision history for this message
Patrick Hetu (patrick-hetu) wrote :
Revision history for this message
Patrick Hetu (patrick-hetu) wrote :

Nope, doesn't works without defining keystoneName and keystoneEnabled.

Revision history for this message
Patrick Hetu (patrick-hetu) wrote :

Alright, I think I go it now.

 It's the "MUST" keywords that is duplicated; if I write it this way:

  MUST ( keystoneName $ keystoneEnabled )

The error is gone.

Revision history for this message
Ziad Sawalha (ziad-sawalha) wrote :

Does this look right to you? https://review.openstack.org/#change,2449

Changed in keystone:
milestone: none → essex-3
assignee: nobody → Ziad Sawalha (ziad-sawalha)
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Openstack Gerrit (openstack-gerrit) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/2449
Committed: http://github.com/openstack/keystone/commit/8741597f624177e5172140054f27e60b6b376b26
Submitter: Jenkins
Branch: master

 status fixcommitted
 done

commit 8741597f624177e5172140054f27e60b6b376b26
Author: Ziad Sawalha <email address hidden>
Date: Sat Dec 17 13:34:34 2011 -0600

    LDAP: fix to keystone.ldif

    - fixes bug 904380

    Change-Id: I8812512108aa9cfc1a325a513a3a77ce5cde8397

Changed in keystone:
status: Confirmed → Fix Committed
Revision history for this message
Ralf Haferkamp (rhafer) wrote :

The same issue is present in keystone/backends/ldap/keystone.schema as well. Patch attached

Changed in keystone:
status: Fix Committed → Incomplete
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/3140
Committed: http://github.com/openstack/keystone/commit/3d08211972e295291284bcc46462ec7c4e05dc60
Submitter: Jenkins
Branch: master

commit 3d08211972e295291284bcc46462ec7c4e05dc60
Author: Ralf Haferkamp <email address hidden>
Date: Wed Dec 21 14:16:36 2011 +0100

    Fix LDAP Schema Syntax (bug 904380)

    Apply the change from commit 8741597f62 to the .schema file as well
    (additional fix for bug 904380)

    Change-Id: Ifd7e7de235b9c81c746cdc64ce699073697c8bb0

Changed in keystone:
status: Incomplete → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: essex-3 → 2012.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.