[Date Prev][Date Next]
Re: using search filter for operational attributes (pwdAccountLockedTime)
I could of swore I tried that already. Works fine now... thanks.
On Tue, 9 Jun 2009 05:34:18 +0200 (CEST)
> > Hey guys,
> > From my understanding pwdAccountLockedTime is an operational
> > attribute and by ldap v3 definition it must be 'requested' to obtain the
> > value. However, when I include this attribute as part of a search filter
> > against one of my master servers I get results back but when I run it
> > against my proxy (back_ldap) ldap server, I get nothing. Only when I
> > request the attribute do I get something off the proxy. If operational
> > attributes should not be seen unless requesting them then how come on
> > my master servers it returns fine but not on the proxy? Is there a way
> > to make the proxy behave the same as the master's in this regard? Or do
> > I possible have some ACL issues?
> Likely, pwdAccountLockedTime is defined by slapo-ppolicy and you compiled
> that overlay as a module and did not load it in the proxy's configuration.
> Filters require attributes to be defined in order to work. This is slapd
> and not proxy specific.