On 2/5/21 7:55 PM, Uwe Sauter wrote:
Am 05.02.21 um 17:31 schrieb Michael Ströder:
On 2/5/21 8:40 AM, Uwe Sauter wrote:
I'm trying to restrict access to the operational attributes that are provided by the ppolicy overlay (e.g. pwdChangedTime, pwdHistory).
When I add the following to my ACL configuration file and try to verify the configuration an error occurs:
#### ACL access to attrs=pwdHistory by * none ########
#### slaptest output 601cf554 /etc/openldap/acl.conf: line 96: unknown attr "pwdHistory" in to clause
The above error means you did not load ppolicy schema.
Add to slapd.conf:
include /etc/openldap/schema/ppolicy.schema
Adjust the path to match the exact path of your local OpenLDAP build.
I would totally agree with you if that wasn't already the case.
Ah, forgot that this was changed to be hard-coded in slapo-ppolicy. So you have to load overlay ppolicy.
Ciao, Michael.