LDAP modify operation aborts with
LDAP Error: Undefined attribute type: entry update failed
slapschema to check if there is an attribute in the OpenLDAP backend database that is not covered by the currently loaded schema. If the output is similar to
54f0829b UNKNOWN attributeDescription “AUTHTIMESTAMP” inserted.
then this may be the source of the problem. In this example, the attribute
authTimestamp comes from an LDAP overlay
slapo-lastbind that may have been activated temporarily in the environment. To fix this, either re-activate the missing schema (or overlay) or stop the LDAP server and filter the obsolete attribute from the output of slapcat, like this:
systemctl stop slapd; slapcat | sed '/^AUTHTIMESTAMP: /d' > slapcat.ldif mv /var/lib/univention-ldap/ldap /var/lib/univention-ldap/ldap.bak && install -d /var/lib/univention-ldap/ldap && cat slapcat.ldif | slapadd
Then check again with slapschema and start the slapd again. We recommend first doing this in a cloned test system. Also, the duration of the slapadd may depend on the size of your OpenLDAP data, so a service window is required.
If the slapschema check doesn’t report an error, please check the exact error message again. If it is something like
Other (e.g., implementation specific) error: entry update failed then refer to https://help.univention.com/t/10295