>> Uwe Sauter <uwe.sauter.de(a)gmail.com> schrieb am
06.02.2021 um 00:06 in
Nachricht
<9D89F4B3-DE37-40CB-A14A-6225933BD564(a)gmail.de>:
Am 5. Februar 2021 22:15:47 MEZ schrieb Liam Gretton
<liam.gretton(a)gmail.com>:
>On 2021-02-05 18:55, Uwe Sauter wrote:
>> # slaptest
>> 601d92d6 /etc/openldap/acl.conf: line 84: unknown attr "pwdHistory"
>in to clause
>> […]
>> slaptest: bad configuration file!
>>
>>
>> This is on CentOS with openldap-servers-2.4.44-22.el7.
>
>I'm using 2.4.50 (my own build) on CentOS 7 and I have ACLs on this and
>
>other ppolicy attributes without any problems.
>
>You obviously have the ppolicy schema included, but is the ppolicy
>overlay actually loaded?
Yes it is. Account locking after failed attempts, password changes honoring
configured rules, password history etc. all works since this was set
up in
2017. Back then I just forgot to hide the pwd* attributes that are managed
by
the ppolicy overlay.
What happens if you query "cn=schema,cn=config" for olcObjectClasses=*?
(assuming you can query cn=config)
Here I see:
( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory' DESC 'The history of users
passwords' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
NO-USER-MODIFICATION USAGE directoryOperation )
Perhaps I need to set up a minimal environment to figure this out...
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.