Hello Team,
We have upgraded from openldap2.4.52 to openldap2.6.2 in our system. With new openldap2.6.2 version, "pwdHistory" attribute isn't being deleted.
I have executed the below command:
ldapmodify -x -y /opt/Nokia_BP/etc/ldapfiles/fssecldap.ldaproot -D uid=fsLDAPRoot,ou=People,fsFragmentId=Security,fsClusterId=ClusterRoot >/dev/null<<EOF dn: uid=Nemuadmin,ou=People,fsFragmentId=Security,fsClusterId=ClusterRoot changetype: modify delete: pwdHistory EOF
I was able to delete "pwdHistory" in old openldap2.4.52 with the same command.
Anything got changed regarding this(pwdHistory) in new openldap2.6.2 ? Or is there any other way to delete the "pwdHistory".
Thanks in advance. Best Regards, Nagesh
--On Thursday, June 8, 2023 1:26 PM +0000 "Nagesh Nikavade (EXT-NSB)" nagesh.nikavade.ext@nokia-sbell.com wrote:
Anything got changed regarding this(pwdHistory) in new openldap2.6.2 ? Or is there any other way to delete the "pwdHistory".
The definition for the attribute is identical in 2.4 and 2.6, explicitly:
NO USER MODIFICATION
I'm not sure how you could delete it in 2.4 since it's explicitly prohibited.
2.4:
{ "( 1.3.6.1.4.1.42.2.27.8.1.20 " "NAME ( 'pwdHistory' ) " "DESC 'The history of users passwords' " "EQUALITY octetStringMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 " "NO-USER-MODIFICATION USAGE directoryOperation )", &ad_pwdHistory },
2.6:
{ "( 1.3.6.1.4.1.42.2.27.8.1.20 " "NAME ( 'pwdHistory' ) " "DESC 'The history of users passwords' " "EQUALITY octetStringMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 " "NO-USER-MODIFICATION " "USAGE directoryOperation )",
Regards, Quanah
openldap-technical@openldap.org
-
Nagesh Nikavade (EXT-NSB) -
Quanah Gibson-Mount