# openldap-2.4.35 and rfc2307bis schema errors

## shivanova

I've just update openldap server and it picked up a new version of the rfc2307bis schema along the way. Now my slapd refuses to start. It complains about missing authPassword definition and and SUBSTRINGS in attribute declaration. Has anyone seen this? Did I overlook something emerging update?

----------

## KShots

Happened here too, although no complaint about "authPassword". I get the following on starting slapd:

```
522d5a82 /etc/openldap/schema/rfc2307bis.schema: line 30 attributetype: Unexpected token before  caseIgnoreSubstringsMatch         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15         SINGLE-VALUE )

AttributeTypeDescription = "(" whsp

  numericoid whsp      ; AttributeType identifier

  [ "NAME" qdescrs ]             ; name used in AttributeType

  [ "DESC" qdstring ]            ; description

  [ "OBSOLETE" whsp ]

  [ "SUP" woid ]                 ; derived from this other

                                   ; AttributeType

  [ "EQUALITY" woid ]            ; Matching Rule name

  [ "ORDERING" woid ]            ; Matching Rule name

  [ "SUBSTR" woid ]              ; Matching Rule name

  [ "SYNTAX" whsp noidlen whsp ] ; see section 4.3

  [ "SINGLE-VALUE" whsp ]        ; default multi-valued

  [ "COLLECTIVE" whsp ]          ; default not collective

  [ "NO-USER-MODIFICATION" whsp ]; default user modifiable

  [ "USAGE" whsp AttributeUsage ]; default userApplications

                                   ; userApplications

                                   ; directoryOperation

                                   ; distributedOperation

                                   ; dSAOperation

  whsp ")"

slapcat: bad configuration file!
```

Worked fine before updating to 2.4.35...  :Sad: 

This means that if I restart my other two slapd servers, I'm dead in the water (they've been updated but not restarted)... and my primary slapd server (as well as my master kerberos kdc as it ties into openldap) are now offline until this is resolved. Tracking bug 484244.

----------

## shivanova

Did you try fixing the schema, by any chance? As far as I remember line 30 is just the first error, there are a couple more of SUBSTRING errors flowed by several authPassword. After all edits I ended up with the same schema as on the bug you mentioned.

----------

## KShots

I'm afraid that's beyond my capabilities atm  :Sad: 

----------

## prote

 *KShots wrote:*   

> Happened here too, although no complaint about "authPassword". I get the following on starting slapd:
> 
> ```
> 522d5a82 /etc/openldap/schema/rfc2307bis.schema: line 30 attributetype: Unexpected token before  caseIgnoreSubstringsMatch         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15         SINGLE-VALUE )
> 
> ...

 

Got the same error but after changing two lines of

```
         SUBSTRINGS caseIgnoreSubstringsMatch
```

to

```
         SUBSTR caseIgnoreSubstringsMatch
```

in rfc2307bis.schema I could reproduce the "authPassword"-error of bug bug 484244.

----------

