Hi!
Oh well, the typical (data) administrator is using some frontend that just shows objects' attributes, and it may not be quite obvious which ones are "virtual": After all they (e.g. pwdPolicySubentry) are stored permanently in the database (and they are synced, fortunately).
Kind regards, Ulrich Windl
-----Original Message----- From: Ondřej Kuzník ondra@mistotebe.net Sent: Tuesday, May 6, 2025 11:54 AM To: Windl, Ulrich u.windl@ukr.de Cc: openldap-technical@openldap.org Subject: [EXT] Re: Re: using refint overlay for pwdPolicySubentry
On Mon, May 05, 2025 at 07:46:34AM +0000, Windl, Ulrich wrote:
Ondřej,
thanks for explaining. Maybe you misunderstood the final part of my message: I wanted to point out that a "normal" (=member) attribute seemed to work just fine, while an attribute provided by an overlay (i.e. policy) may not work as expected. Is there some ordering requirement (refint, policy overlays) involved here, maybe? And yes, I've configured refint the same way on all nodes.
Hi Ulrich, only data stored in the database can be managed by refint, it won't update virtual attributes, much less actual configuration. It is your responsibility as administrator to keep your configuration consistent and correct.
Regards,
-- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP