[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Adding and attribute and editing a matchingRuleUse in the subschema

To: espeake@oreillyauto.com
Subject: Re: Adding and attribute and editing a matchingRuleUse in the subschema
From: espeake@oreillyauto.com
Date: Thu, 10 Jul 2014 07:10:57 -0500
Cc: openldap-technical-bounces@openldap.org, openldap-technical@openldap.org
In-reply-to: <OF9F9F3DFB.1CB422AB-ON86257D0F.004D3FB1-86257D0F.0050752F@LocalDomain>
References: <OF9F9F3DFB.1CB422AB-ON86257D0F.004D3FB1-86257D0F.0050752F@LocalDomain>

Any ideas for me on this?

Thanks,
Eric Speake
Web Systems Administrator
O'Reilly Auto Parts
 (417) 862-2674  Ext. 1975



From:	espeake@oreillyauto.com
To:	openldap-technical@openldap.org
Date:	07/08/2014 09:55 AM
Subject:	Adding and attribute and editing a matchingRuleUse in the
            subschema
Sent by:	openldap-technical-bounces@OpenLDAP.org




On our current server running 2.4.31 we have an operational attribute in
the schema labeled pwdFailureTime.  I have done:

slapcat -n 0 -l /tmp/<my_config>.ldif on our production server.  I have
also used an LDAP browser to export the schema.

When I do a a slapadd -F /etc/your/config/goes/here/ -n 0
-l /tmp/<my_config>.ldif  I do get the config loaded.  I have confirmed
that I am loading all of the same modules on both servers and that the
config files match.  What I don't have is the pwdFailureTime attribute
which I need since it is in the data file as well, making it so I cannot
import my data either.  This is what the attribute looks like in the
subschema:

attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime' DESC
'The timestamps of the last consecutive authentication failures' EQUALITY
generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION USAGE
directoryOperation )

Here is the matchingRuleUse:

matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES
( createTimesta
 mp $ modifyTimestamp $ pwdChangedTime $ pwdAccountLockedTime $
pwdFailureTime $
  pwdGraceUseTime $ birthDate $ hireDate $ statusDate $ openDate ) )

>From other posts that I have read I cannot edit the subschema directly and
that makes sense since that would be the fastest way to kill a server.  I
have tried doing an ldap modify to dn: cn={4}ppolicy,cn=schema,cn=config
and I get a syntax error in trying to number the attribute.

The new version is 2.4.39 running on ubuntu 12.04 with 3.13 kernel.


Thanks
Eric Speake
Web Systems Administrator
O'Reilly Auto Parts
 (417) 862-2674  Ext. 1975

This communication and any attachments are confidential, protected by
Communications Privacy Act 18 USCS § 2510, solely for the use of the
intended recipient, and may contain legally privileged material. If you are
not the intended recipient, please return or destroy it immediately. Thank
you.


--
This message has been scanned for viruses and dangerous content,
and is believed to be clean.
  Message id: 5A63E6004D3.AE6DC




This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.

Follow-Ups:
- Re: Adding and attribute and editing a matchingRuleUse in the subschema
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- Adding and attribute and editing a matchingRuleUse in the subschema
  - From: espeake@oreillyauto.com

Prev by Date: Re: SASL not honoring slapo-ppolicy
Next by Date: Outlook LDAP Addressbook Browsing - Add ORDERING caseIgnoreOrderingMatch on CN or NAME core attributes without source code modification and re-compilition
Index(es):
- Chronological
- Thread