The lack of responses indicates that people either do not use ppolicy or once used, they never remove it.
For future reference here's the procedure that I've worked up:
shutdown slapd on all MMR members slapcat the database edit the database to remove all "pwd*" attributes and all entries that are pwd* objectClass edit the slapd.conf file (if you are using slapd.d you are on your own) replace the database (delete, and slapadd) Empty the accesslog database if you are using that start slapd
Copy your edited database to the rest of your servers and use the tried and true "nuke & repave" process to delete the existing database, edit the config, slapadd the edited database
- Frank
On Apr 16, 2018, at 11:09, Frank Swasey Frank.Swasey@uvm.edu wrote:
Is there a recommended way to discontinue the use of the ppolicy overlay?
The only way I've found that works is to stop the ldap server and using slapcat/edit/slapadd eradicate all the ppolicy attributes (combined with removing the ppolicy overlay and schema from the slapd.conf file).
I'm attempting this on RHEL7 with OpenLDAP 2.4.46 (local built).
Thanks,
- Frank