Full_Name: Beth Halsema Version: 2.4.44 OS: RHEL6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (128.210.177.153)

The ppolicy overlay attempts to perform an LDAP_MOD_DELETE on attributes that have already been removed via a SLAP_MOD_SOFTDEL. This results in an error like the following:

bdb_modify_internal: 16 modify/delete: pwdGraceUseTime: no such attribute bdb_modify: modify failed (16) send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=16 matched="" text="modify/delete: pwdGraceUseTime: no such attribute" null_callback : error code 0x10 slap_graduate_commit_csn: removing 0x7f38bc11c4c0 20170106184533.027966Z#000000#001#000000 syncrepl_message_to_op: rid=001 be_modify uid=nd,ou=People,dc=example,dc=com (16) ... do_syncrep2: rid=001 delta-sync lost sync on (reqStart=20170106184533.000001Z,cn=log), switching to REFRESH

I will be uploading a tarfile th c contains a test script, ldif files (used by the test script), and a suggested patch. We have performed limited testing which demonstrated desirable behavior.

NOTE: The test script looks for the LDIFs in the DATADIR. I tested the script using the openldap-2.4.44/tests/run script.