Hello,
How do I delete the pwdFailureTime attribute on a slave?
I have a DN where pwdFailureTime entries are growing and its slowly filling up /var/lib/ldap/. Ive tried the following LDIF:
dn: uid=foo,ou=People,dc=example,dc=com changetype: modify delete: pwdFailureTime
But since the system is slave, its giving ldapmodify(1) a redirect to the master. I've also tried the script in ITS#8185:
http://www.openldap.org/lists/openldap-bugs/201507/msg00012.html
that connects to ldapi:///, and that also referral/redirects (since we have olcUpdateRef configured). We are not using the slapo-chain(5) funcionality.
Is there any way to manipulate pwdFailureTime on the slaves without going into the raw databases files? Or do we have to enable slapo-chain(5) when using slapo-ppolicy(5) and then do things on the master?
Thanks for any info.
Regards, David
--On Wednesday, September 30, 2015 11:18 AM -0400 David Magda dmagda@ee.ryerson.ca wrote:
Hello,
How do I delete the "pwdFailureTime" attribute on a slave?
3 solutions:
1) backport the code fix for ITS#8185 and rebuild your openldap binary (best) 2) slapcat your database, fix the entry in question, reload (sucky) 3) wait for 2.4.43 to release (don't know when it'll release)
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On Wed, September 30, 2015 18:28, Quanah Gibson-Mount wrote:
--On Wednesday, September 30, 2015 11:18 AM -0400 David Magda dmagda@ee.ryerson.ca wrote:
Hello,
How do I delete the "pwdFailureTime" attribute on a slave?
3 solutions:
- backport the code fix for ITS#8185 and rebuild your openldap binary
(best) 2) slapcat your database, fix the entry in question, reload (sucky) 3) wait for 2.4.43 to release (don't know when it'll release)
Okay, thanks. We're looking at using slapo-chain(5) set up, as each of the above isn't ideal for us. Find clear documentation on it is a bit difficult, but these 'recipes' seem useful:
http://www.rjsystems.nl/en/2100-openldap-consumer.php http://www.rjsystems.nl/en/2100-d6-openldap-consumer.php#refr
For (3), has any though given to doing time-based releases? Say March and/or September, just so there's a predictable release cycle for patch roll-ups? (Emergency security updates would be ad-hoc.)
openldap-technical@openldap.org
-
David Magda -
Quanah Gibson-Mount