[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using search filter for operational attributes (pwdAccountLockedTime)

> Hey guys,
>     From my understanding pwdAccountLockedTime is an operational
> attribute and by ldap v3 definition it must be 'requested' to obtain the
> value. However, when I include this attribute as part of a search filter
> against one of my master servers I get results back but when I run it
> against my proxy (back_ldap) ldap server, I get nothing. Only when I
> request the attribute do I get something off the proxy. If operational
> attributes should not be seen unless requesting them then how come on
> my master servers it returns fine but not on the proxy? Is there a way
> to make the proxy behave the same as the master's in this regard? Or do
> I possible have some ACL issues?

Likely, pwdAccountLockedTime is defined by slapo-ppolicy and you compiled
that overlay as a module and did not load it in the proxy's configuration.
 Filters require attributes to be defined in order to work.  This is slapd
and not proxy specific.