On 12/1/21 22:58, Dave Macias wrote:
I'm assuming authTimestamp is going the way of the dinosaur, maybe not immediately, but eventually.
How can I migrate my data from authTimestamp to pwdLastSuccess? Is it even possible?
Without the fix for ITS#9725 you can only export your DB to LDIF and replace authTimestamp by pwdLastSuccess and reload your DB while all your slapd replicas are down.
With the fix for ITS#9725 you can write a script which does appropriate LDAP operations using the relax rules control. That's what I plan to do for Æ-DIR once Symas RPMs are ready for RHEL8 with the patch. (All my own openSUSE/SLE and Debian/Ubuntu packages already have the backport patch.)
After one or the other migration step you can then remove using slapo-lastbind from your configuration.
Ciao, Michael.