[Date Prev][Date Next]
Re: strange issue with pwdAccountLockedTime
Guillaume Rousse wrote:
> The following ldif fragment:
> dn: uid=melancon,ou=saclay,ou=futurs,ou=users,dc=futurs,dc=inria,dc=fr
> changetype: modify
> replace: userpassword
> userpassword: XXXXX
> replace: gidnumber
> gidnumber: 5050
> replace: homedirectory
> homedirectory: /home/gravite/melancon
> delete: pwdAccountLockedTime
> causes the server to choke with error:
> ldapmodify: No such attribute (16)
> additional info: modify/delete: pwdAccountLockedTime: no such
> However, when removing other changes, and keeping only
> pwdAccountLockedTime deletion, everything works OK....
1. enabled slapo-ppolicy,
2. set the userPassword attribute and
3. disabled slapo-ppolicy afterwards.
Since schema declaration of attribute type pwdAccountLockedTime is
hard-coded in slapo-ppolicy and slapo-ppolicy also sets this operational
attribute you now have an entry which contains an attribute for which no
schema information is available anymore.
This also happened to me when having a master with slapo-ppolicy
enabledn and having a consumer replica with slapo-ppolicy disabled.