--On Thursday, April 2, 2020 1:41 PM +0200 ""POISSON Frédéric"" frederic.poisson@admin.gmessaging.net wrote:
Hello,
I'm doing a OpenLDAP test with a master/slave replication configuration including ppolicy overlay. I would like to enable password change from the slave replica with chain overlay, in order to validate the ppolicy olcPPolicyForwardUpdates attribute to TRUE. I'm using LDAPS from slave to master with SASL External authentication with client certificate. The client certificate correspond to a user DN entry with "manage" rights on the master server (the same used for the replication). This user DN has authzTo attribute in order to match the correct PROXYAUTHZ request from its dn to user DN.
Sounds like a bug if it requires a failed operation first to work. Please file on at https://bugs.openldap.org
I would note you already have an account in the system, but you'll likely need to request a password reset first. :)
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com