LDAP modify aborts with `LDAP Error: Undefined attribute type: entry update failed`

Problem

LDAP modify operation aborts with LDAP Error: Undefined attribute type: entry update failed

Solution

Run slapschema to check if there is an attribute in the OpenLDAP backend database that is not covered by the currently loaded schema. If the output is similar to

54f0829b UNKNOWN attributeDescription “AUTHTIMESTAMP” inserted.

then this may be the source of the problem. In this example, the attribute authTimestamp comes from an LDAP overlay slapo-lastbind that may have been activated temporarily in the environment. To fix this, either re-activate the missing schema (or overlay) or stop the LDAP server and filter the obsolete attribute from the output of slapcat, like this:

systemctl stop slapd; slapcat  | sed '/^AUTHTIMESTAMP: /d' > slapcat.ldif
mv /var/lib/univention-ldap/ldap /var/lib/univention-ldap/ldap.bak && install -d /var/lib/univention-ldap/ldap && cat slapcat.ldif | slapadd

Then check again with slapschema and start the slapd again. We recommend first doing this in a cloned test system. Also, the duration of the slapadd may depend on the size of your OpenLDAP data, so a service window is required.

If the slapschema check doesn’t report an error, please check the exact error message again. If it is something like Other (e.g., implementation specific) error: entry update failed then refer to https://help.univention.com/t/10295

1 Like