Hello,
How do I delete the pwdFailureTime attribute on a slave?
I have a DN where pwdFailureTime entries are growing and its slowly filling up /var/lib/ldap/. Ive tried the following LDIF:
dn: uid=foo,ou=People,dc=example,dc=com changetype: modify delete: pwdFailureTime
But since the system is slave, its giving ldapmodify(1) a redirect to the master. I've also tried the script in ITS#8185:
http://www.openldap.org/lists/openldap-bugs/201507/msg00012.html
that connects to ldapi:///, and that also referral/redirects (since we have olcUpdateRef configured). We are not using the slapo-chain(5) funcionality.
Is there any way to manipulate pwdFailureTime on the slaves without going into the raw databases files? Or do we have to enable slapo-chain(5) when using slapo-ppolicy(5) and then do things on the master?
Thanks for any info.
Regards, David