HI!
I've implemented a sync job which has to also sync passwords with a password modification timestamp from an Oracle DB to OpenLDAP. There's a latency in this password sync so the exact password modification timestamp has to be copied from the source DB to attribute pwdChangedTime in OpenLDAP.
Setting the pwdChangedTime alone with the Relax Rules control is no problem. But when the add or modify request also contains the userPassword attribute slapo-ppolicy also wants to add a (later) value for pwdChangedTime and this results in:
Constraint violation: attribute 'pwdChangedTime' cannot have multiple values
Any chance to achieve this in a single add/modify request? I think this scenario is not so unusual in the real world. So slapo-ppolicy should not generate 'pwdChangedTime' if it's already in the write request in case of Relax Rules control enabled.
Ciao, Michael.