so I did this:

ldapsearch -x -LLL  -b cn=Subschema -s base '(objectClass=subschema)' +

which returns all kinds of stuff including pwdAccountLockedTime:

attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.17 NAME 'pwdAccountLockedTime'

So it's there but I'm not sure how to set it for a user.

---


Regards,

Kevin Martin


On Mon, Jan 3, 2022 at 2:21 PM kevin martin <ktmdms@gmail.com> wrote:
# /usr/local/libexec/slapd -VVV
@(#) $OpenLDAP: slapd 2.5.7 (Aug 27 2021 21:09:45) $
        root@newldap0.mgt.ch3.bmi:/root/openldap-OPENLDAP_REL_ENG_2_5_7/servers/slapd

Included static overlays:
    accesslog
    ppolicy
    seqmod
    sssvlv
    syncprov
Included static backends:
    config
    ldif
    monitor
    mdb
    passwd
    relay

I'm not sure how exactly to browse the cn=subschema.

---


Regards,

Kevin Martin


On Mon, Jan 3, 2022 at 11:56 AM Michael Ströder <michael@stroeder.com> wrote:
On 1/3/22 18:45, kevin martin wrote:
> Hmm, module loaded.  I'm not doing a moduleload of anything ppolicy
> related, simply setting the overlay ppolicy, the ppolicy_default, and
> ppolicy_use_lockout.

Does slapd -VVV list ppolicy module as statically linked module?

If yes, the subschema subentry should contain 'pwdAccountLockedTime'.

Ciao, Michael.