From kumarchandeshwar99@gmail.com Sun Feb 13 05:19:03 2022
From: kumarchandeshwar99@gmail.com
To: openldap-technical@openldap.org
Subject: How to restrict access to pwdHistory attributes
Date: Sat, 12 Feb 2022 05:22:18 +0000
Message-ID: <20220212052218.5262.73458@hypatia.openldap.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0299988397880134968=="

--===============0299988397880134968==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi,
 I am trying to restrict access to pwdHistory attributes provided by ppolicy =
overlay.
I have applied the below ACL

access to attrs=3DpwdHistory
     by * none
 but while doing slaptest,  its throwing below error:-
/etc/openldap/slapd.conf: line 212: unknown attr "pwdHistory" in to clause
<access clause> ::=3D access to <what> [ by <who> [ <access> ] [ <control> ] =
]+
<what> ::=3D * | dn[.<dnstyle>=3D<DN>] [filter=3D<filter>] [attrs=3D<attrspec=
>]
<attrspec> ::=3D <attrname> [val[/<matchingRule>][.<attrstyle>]=3D<value>] | =
<attrlist>
<attrlist> ::=3D <attr> [ , <attrlist> ]
<attr> ::=3D <attrname> | @<objectClass> | !<objectClass> | entry | children
<who> ::=3D [ * | anonymous | users | self | dn[.<dnstyle>]=3D<DN> ]
        [ realanonymous | realusers | realself | realdn[.<dnstyle>]=3D<DN> ]
        [dnattr=3D<attrname>]
        [realdnattr=3D<attrname>]
        [group[/<objectclass>[/<attrname>]][.<style>]=3D<group>]
        [peername[.<peernamestyle>]=3D<peer>] [sockname[.<style>]=3D<name>]
        [domain[.<domainstyle>]=3D<domain>] [sockurl[.<style>]=3D<url>]
        [ssf=3D<n>] [transport_ssf=3D<n>] [tls_ssf=3D<n>] [sasl_ssf=3D<n>]

Before posting here I searched archive and found one similar, issue , but it =
did not resolve my issue.
I have running openldap-servers-2.4.23 on RHEL-6.5.
If any further details requires , Please let me know.
Thanks.

--===============0299988397880134968==--