[Date Prev][Date Next] [Chronological] [Thread] [Top]

can't delete userPassword when ppolicy is used

To: openldap-software@openldap.org
Subject: can't delete userPassword when ppolicy is used
From: Andreas Hasenack <ahasenack@terra.com.br>
Date: Sun, 17 Dec 2006 22:17:39 -0200
Content-disposition: inline
User-agent: KMail/1.9.4

openldap-2.3.30

Not sure if this it intended or not, but it seems to be impossible to delete 
the userPassword attribute from an entry if the ppolicy overlay is loaded.

I found this out when I accidentally added a userPassword attribute to a 
posixGroup entry and discovered I could no longer remove it:

$ ldapmodify -x -D cn=manager,dc=example,dc=com -w secret
dn: cn=ldapusers,ou=group,dc=example,dc=com
changetype: modify
delete: userpassword

modifying entry "cn=ldapusers,ou=group,dc=example,dc=com"
ldap_modify: Internal (implementation specific) error (80)
        additional info: Internal Error


If I unload the ppolicy overlay, the operation succeeds.

I have a default policy set which only specified the password attribute:
$ ldapsearch -x -LLL -b "ou=Password Policies,dc=example,dc=com"
dn: ou=Password Policies,dc=example,dc=com
ou: Password Policies
objectClass: organizationalUnit
description: Container for OpenLDAP password policies

dn: cn=default,ou=Password Policies,dc=example,dc=com
cn: default
objectClass: pwdPolicy
objectClass: namedObject
pwdAttribute: userPassword

Prev by Date: Re: Still unable to configure glue and rwm overlay correctly
Next by Date: Re: ldapsearch performance debugging
Index(es):
- Chronological
- Thread