On our current server running 2.4.31 we have an operational attribute in the schema labeled pwdFailureTime. I have done:
slapcat -n 0 -l /tmp/<my_config>.ldif on our production server. I have also used an LDAP browser to export the schema.
When I do a a slapadd -F /etc/your/config/goes/here/ -n 0 -l /tmp/<my_config>.ldif I do get the config loaded. I have confirmed that I am loading all of the same modules on both servers and that the config files match. What I don't have is the pwdFailureTime attribute which I need since it is in the data file as well, making it so I cannot import my data either. This is what the attribute looks like in the subschema:
attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime' DESC 'The timestamps of the last consecutive authentication failures' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation )
Here is the matchingRuleUse:
matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimesta mp $ modifyTimestamp $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ pwdGraceUseTime $ birthDate $ hireDate $ statusDate $ openDate ) )
From other posts that I have read I cannot edit the subschema directly and
that makes sense since that would be the fastest way to kill a server. I have tried doing an ldap modify to dn: cn={4}ppolicy,cn=schema,cn=config and I get a syntax error in trying to number the attribute.
The new version is 2.4.39 running on ubuntu 12.04 with 3.13 kernel.
Thanks Eric Speake Web Systems Administrator O'Reilly Auto Parts (417) 862-2674 Ext. 1975
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.