Any ideas for me on this?
Thanks, Eric Speake Web Systems Administrator O'Reilly Auto Parts (417) 862-2674 Ext. 1975
From: espeake@oreillyauto.com To: openldap-technical@openldap.org Date: 07/08/2014 09:55 AM Subject: Adding and attribute and editing a matchingRuleUse in the subschema Sent by: openldap-technical-bounces@OpenLDAP.org
On our current server running 2.4.31 we have an operational attribute in the schema labeled pwdFailureTime. I have done:
slapcat -n 0 -l /tmp/<my_config>.ldif on our production server. I have also used an LDAP browser to export the schema.
When I do a a slapadd -F /etc/your/config/goes/here/ -n 0 -l /tmp/<my_config>.ldif I do get the config loaded. I have confirmed that I am loading all of the same modules on both servers and that the config files match. What I don't have is the pwdFailureTime attribute which I need since it is in the data file as well, making it so I cannot import my data either. This is what the attribute looks like in the subschema:
attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime' DESC 'The timestamps of the last consecutive authentication failures' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation )
Here is the matchingRuleUse:
matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimesta mp $ modifyTimestamp $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ pwdGraceUseTime $ birthDate $ hireDate $ statusDate $ openDate ) )
From other posts that I have read I cannot edit the subschema directly and
that makes sense since that would be the fastest way to kill a server. I have tried doing an ldap modify to dn: cn={4}ppolicy,cn=schema,cn=config and I get a syntax error in trying to number the attribute.
The new version is 2.4.39 running on ubuntu 12.04 with 3.13 kernel.
Thanks Eric Speake Web Systems Administrator O'Reilly Auto Parts (417) 862-2674 Ext. 1975
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 5A63E6004D3.AE6DC
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.