Full_Name: Version: 2.4.33 OS: openSuSE-12.3-x86_64 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (91.65.235.202) the pwdAttribute type requires a syntax of 1.3.6.1.4.1.1466.115.121.1.38, according to man slapo-ppolicy and ppolicy.schema. when adding a policy, the value of pwdAttribute gets changend from OID 2.5.4.35 to userPassword. In a replicated system syncrepl complaints about syncrepl_message_to_entry: rid=001 mods check (pwdAttribute: value #0 invalid per syntax) do_syncrepl: rid=001 rc 21 retrying. -Dieter
dieter@dkluenter.de wrote: > Full_Name: > Version: 2.4.33 > OS: openSuSE-12.3-x86_64 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (91.65.235.202) > > > the pwdAttribute type requires a syntax of 1.3.6.1.4.1.1466.115.121.1.38, > according to man slapo-ppolicy and ppolicy.schema. > when adding a policy, the value of pwdAttribute gets changend from OID 2.5.4.35 > to userPassword. You are mistaken. slapd never changes this attribute from what the user stored. > In a replicated system syncrepl complaints about > syncrepl_message_to_entry: rid=001 mods check (pwdAttribute: value #0 invalid > per syntax) do_syncrepl: rid=001 rc 21 retrying. This error will go away if you configure the ppolicy overlay on the consumer. Closing this ITS. > > -Dieter > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Howard, please try yourself first before answering. Dieter is right here. Example: dn: cn=Default Password Policy,ou=Policies,dc=stroeder,dc=de changetype: modify delete: pwdAttribute pwdAttribute: userPassword - add: pwdAttribute pwdAttribute: 2.5.4.35 - Reading it: dn: cn=Default Password Policy,ou=Policies,dc=stroeder,dc=de cn: Default Password Policy [..] pwdAttribute: userPassword [..] I vaguely remember I had to implement a work-around in web2ldap to deal with that when generating delta modification data when the user edits such an entry. Ciao, Michael.
Michael Ströder wrote: > Howard, please try yourself first before answering. > Dieter is right here. > > Example: > > dn: cn=Default Password Policy,ou=Policies,dc=stroeder,dc=de > changetype: modify > delete: pwdAttribute > pwdAttribute: userPassword > - > add: pwdAttribute > pwdAttribute: 2.5.4.35 > - > > Reading it: > > dn: cn=Default Password Policy,ou=Policies,dc=stroeder,dc=de > cn: Default Password Policy > [..] > pwdAttribute: userPassword > [..] > > I vaguely remember I had to implement a work-around in web2ldap to deal with > that when generating delta modification data when the user edits such an entry. BTW: This has nothing to do with replication. Howard Chu wrote before: "Also as a general rule the X.500 data model requires that a server store and return exactly what the user provided." see http://www.openldap.org/lists/openldap-technical/201303/msg00189.html Ciao, Michael.
moved from Incoming to Software Bugs
Not a bug
changed notes changed state Open to Closed