[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: strange issue with pwdAccountLockedTime

Guillaume Rousse wrote:
> The following ldif fragment:
> dn: uid=melancon,ou=saclay,ou=futurs,ou=users,dc=futurs,dc=inria,dc=fr
> changetype: modify
> replace: userpassword
> userpassword: XXXXX
> -
> replace: gidnumber
> gidnumber: 5050
> -
> replace: homedirectory
> homedirectory: /home/gravite/melancon
> -
> delete: pwdAccountLockedTime
> causes the server to choke with error:
> ldapmodify: No such attribute (16)
>         additional info: modify/delete: pwdAccountLockedTime: no such
> attribute
> However, when removing other changes, and keeping only
> pwdAccountLockedTime deletion, everything works OK....

You likely
1. enabled slapo-ppolicy,
2. set the userPassword attribute and
3. disabled slapo-ppolicy afterwards.

Since schema declaration of attribute type pwdAccountLockedTime is
hard-coded in slapo-ppolicy and slapo-ppolicy also sets this operational
attribute you now have an entry which contains an attribute for which no
schema information is available anymore.

This also happened to me when having a master with slapo-ppolicy
enabledn and having a consumer replica with slapo-ppolicy disabled.

Ciao, Michael.