Hi Quanah,

I figured that was the problem, but after I ran the module load:

dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: ppolicy

I received errors. slapcat -n 0 | grep olcModuleLoad did not indicate that ppolicy was loaded. However ldapsearch indicated that it was loaded.

I expect that first, I need to remove the ppolicy overlay, but am not sure how to accomplish that. I would be grateful for any guidance.

John Alexander

On Mon, Jun 8, 2020 at 8:36 AM Quanah Gibson-Mount quanah@symas.com wrote:

--On Monday, June 8, 2020 9:16 AM -0700 John Alexander jalexander@concentricsky.com wrote:

...

5ede54b5 UNKNOWN attributeDescription "OLCPPOLICYDEFAULT" inserted. 5ede54b5 config error processing olcOverlay={1}ppolicy,olcDatabase={2}hdb,cn=config: slapcat: bad configuration file!

I assume this is because there is no olcModuleLoad attribute in the ldif for ppolicy. Would it be appropriate to remove the olcOverlay={1}ppolicy,oldDatabase={2}hdb.ldif file - since by my understanding ldapdelete does not work against cn=config

You must moduleload the ppolicy module before you can instantiate ppolicy against a database backend.

Regards, Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com