Uwe Sauter uwe.sauter.de@gmail.com schrieb am 06.02.2021 um 00:06 in
Nachricht 9D89F4B3-DE37-40CB-A14A-6225933BD564@gmail.de:
Am 5. Februar 2021 22:15:47 MEZ schrieb Liam Gretton
On 2021-02-05 18:55, Uwe Sauter wrote:
# slaptest 601d92d6 /etc/openldap/acl.conf: line 84: unknown attr "pwdHistory"
in to clause
[…] slaptest: bad configuration file!
This is on CentOS with openldap-servers-2.4.44-22.el7.
I'm using 2.4.50 (my own build) on CentOS 7 and I have ACLs on this and
other ppolicy attributes without any problems.
You obviously have the ppolicy schema included, but is the ppolicy overlay actually loaded?
Yes it is. Account locking after failed attempts, password changes honoring
configured rules, password history etc. all works since this was set up in 2017. Back then I just forgot to hide the pwd* attributes that are managed
by
the ppolicy overlay.
What happens if you query "cn=schema,cn=config" for olcObjectClasses=*? (assuming you can query cn=config)
Here I see: ( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory' DESC 'The history of users passwords' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 NO-USER-MODIFICATION USAGE directoryOperation )
Perhaps I need to set up a minimal environment to figure this out...
-- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.