[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using search filter for operational attributes (pwdAccountLockedTime)

To: "Tyler Gates" <tjgates@castlebranch.com>
Subject: Re: using search filter for operational attributes (pwdAccountLockedTime)
From: masarati@aero.polimi.it
Date: Tue, 9 Jun 2009 05:34:18 +0200 (CEST)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <20090608170611.19d60f78@ittyler.castlebranch.com>
References: <20090608170611.19d60f78@ittyler.castlebranch.com>
User-agent: SquirrelMail/1.4.9a

> Hey guys,
>
>
>     From my understanding pwdAccountLockedTime is an operational
> attribute and by ldap v3 definition it must be 'requested' to obtain the
> value. However, when I include this attribute as part of a search filter
> against one of my master servers I get results back but when I run it
> against my proxy (back_ldap) ldap server, I get nothing. Only when I
> request the attribute do I get something off the proxy. If operational
> attributes should not be seen unless requesting them then how come on
> my master servers it returns fine but not on the proxy? Is there a way
> to make the proxy behave the same as the master's in this regard? Or do
> I possible have some ACL issues?

Likely, pwdAccountLockedTime is defined by slapo-ppolicy and you compiled
that overlay as a module and did not load it in the proxy's configuration.
 Filters require attributes to be defined in order to work.  This is slapd
and not proxy specific.

p.

Follow-Ups:
- Re: using search filter for operational attributes (pwdAccountLockedTime)
  - From: Tyler Gates <tjgates@castlebranch.com>

References:
- using search filter for operational attributes (pwdAccountLockedTime)
  - From: Tyler Gates <tjgates@castlebranch.com>

Prev by Date: using search filter for operational attributes (pwdAccountLockedTime)
Next by Date: Re: Newbie question about ldif
Index(es):
- Chronological
- Thread