Annoying changes in syntax between versions of OpenLDAP that I didn’t pick up consumed my time at work today. I was beating my head against the wall trying to work out why the slapd
config wasn’t being parsed correctly.
Setting the slaptest debug level to -1 reveals all, however:
slapd.conf: line 78: expecting <what> got "attribute"
<access clause> ::= access to <what> [ by <who> <access> [ <control> ] ]+
<what> ::= * | [dn[.<dnstyle>]=<dn>] [filter=<filter>] [attrs=<attrlist>]
<attrlist> ::= <attr> [val[.<style>]=<value>] | <attr> , <attrlist>
<attr> ::= <attrname> | entry | children
Under newer versions of OpenLDAP, when defining access controls the attribute
definition has been renamed to attrs
. This means that your config will mystically stop working and slapd
will die in a horrible flaming mess.