Am 5. Februar 2021 22:15:47 MEZ schrieb Liam Gretton liam.gretton@gmail.com:
On 2021-02-05 18:55, Uwe Sauter wrote:
# slaptest 601d92d6 /etc/openldap/acl.conf: line 84: unknown attr "pwdHistory"
in to clause
[…] slaptest: bad configuration file!
This is on CentOS with openldap-servers-2.4.44-22.el7.
I'm using 2.4.50 (my own build) on CentOS 7 and I have ACLs on this and
other ppolicy attributes without any problems.
You obviously have the ppolicy schema included, but is the ppolicy overlay actually loaded?
Yes it is. Account locking after failed attempts, password changes honoring configured rules, password history etc. all works since this was set up in 2017. Back then I just forgot to hide the pwd* attributes that are managed by the ppolicy overlay.
Perhaps I need to set up a minimal environment to figure this out...