The syncrepl overlay reads from the provider and writes its changes to the back_ldap backend. The ppolicy overlay affects everything what is beeing written to the backend and I haven't found anything that could control or exclude the attributes written to the backend.
If i disable the ppolicy on the push instance, everyything because of unknown attributes, so that's not an option either.
What's more confusing, is the fact that the MOD operation logged on the slave (push replication receiver) that no pwdHistory atttribute is beeing pushed but the error still occurs. (See log messages in my initial mail).
thanks for you suggestions, Daniel
Am 17.11.2022 um 20:56 schrieb Michael Ströder:
On 11/17/22 20:26, Daniel Hoffend wrote:
Thanks for your response. I’ve opened an issue in Bugzilla with the ID 9935.
As a work-around you could exclude pwdHistory attribute from the push replication to read-only replicas because it's used only on writeable replicas.