Hey guys,
From my understanding pwdAccountLockedTime is an operational attribute and by ldap v3 definition it must be 'requested' to obtain the value. However, when I include this attribute as part of a search filter against one of my master servers I get results back but when I run it against my proxy (back_ldap) ldap server, I get nothing. Only when I request the attribute do I get something off the proxy. If operational attributes should not be seen unless requesting them then how come on my master servers it returns fine but not on the proxy? Is there a way to make the proxy behave the same as the master's in this regard? Or do I possible have some ACL issues?
Thanks, Tyler
Hey guys,
From my understanding pwdAccountLockedTime is an operational
attribute and by ldap v3 definition it must be 'requested' to obtain the value. However, when I include this attribute as part of a search filter against one of my master servers I get results back but when I run it against my proxy (back_ldap) ldap server, I get nothing. Only when I request the attribute do I get something off the proxy. If operational attributes should not be seen unless requesting them then how come on my master servers it returns fine but not on the proxy? Is there a way to make the proxy behave the same as the master's in this regard? Or do I possible have some ACL issues?
Likely, pwdAccountLockedTime is defined by slapo-ppolicy and you compiled that overlay as a module and did not load it in the proxy's configuration. Filters require attributes to be defined in order to work. This is slapd and not proxy specific.
p.
I could of swore I tried that already. Works fine now... thanks.
Tyler
On Tue, 9 Jun 2009 05:34:18 +0200 (CEST) masarati@aero.polimi.it wrote:
Hey guys,
From my understanding pwdAccountLockedTime is an operational
attribute and by ldap v3 definition it must be 'requested' to obtain the value. However, when I include this attribute as part of a search filter against one of my master servers I get results back but when I run it against my proxy (back_ldap) ldap server, I get nothing. Only when I request the attribute do I get something off the proxy. If operational attributes should not be seen unless requesting them then how come on my master servers it returns fine but not on the proxy? Is there a way to make the proxy behave the same as the master's in this regard? Or do I possible have some ACL issues?
Likely, pwdAccountLockedTime is defined by slapo-ppolicy and you compiled that overlay as a module and did not load it in the proxy's configuration. Filters require attributes to be defined in order to work. This is slapd and not proxy specific.
p.
openldap-technical@openldap.org