Thank you - I didn't know about the relax rules control!

That has solved my problem.

Philip



On 10 April 2014 12:51, Michael Ströder <michael@stroeder.com> wrote:
On Thu, 10 Apr 2014 11:36:50 +0100 Philip Colmer <philip.colmer@linaro.org>
wrote
> Given that pwdHistory is read-only and therefore I cannot delete those
> entries, does anyone have any suggestions on how I can persuade OpenLDAP to
> forget those old passwords?

You can remove this attribute by using the relax rules control and a bind-DN
who has manage privileges on this attribute.

Ciao, Michael.