--On Tuesday, February 15, 2022 3:56 AM +0530 Chandeshwar Mishra
Thanks for your response. Our setup is a very old one and we are
planning to migrate it to the latest stable version but Since this
openldap is deployed in Production
it is not possible for us to upgrade it suddenly.
As you mentioned that ppolicy schema is missing in configuration, so is
it possible that without having ppolicy schema, Openldap will remember
the pwdHistory of the user ?
In my case pwdHistory is visible to users, for which I want to apply ACL
so that a user can only see his/her pwdHistory , not other users
If the user entries have pwdHistory attribute value pairs, and you've
removed the ppolicy schema file from your configuration, then your server
configuration is invalid. There must be a corresponding schema definition
for all data stored in your server.
If you're trying to remove the ppolicy functionality, then you will need to
clean the data from your system.
You will not be able to set ACLs on attributes that slapd is unaware of.
You either need to (a) fix your slapd configuration so the ppolicy schema
is loaded or (b) remove the ppolicy specific attributes from your dataset
and reload the DB.