[Date Prev][Date Next] [Chronological] [Thread] [Top]

cannot delete pwdFailureTime attribute

To: openldap-technical@openldap.org
Subject: cannot delete pwdFailureTime attribute
From: "David Magda" <dmagda@ee.ryerson.ca>
Date: Wed, 30 Sep 2015 10:18:02 -0400
User-agent: SquirrelMail/1.4.23 [SVN]

Hello,

How do I delete the ?pwdFailureTime? attribute on a slave?

I have a DN where pwdFailureTime entries are growing and it?s slowly
filling up /var/lib/ldap/. I?ve tried the following LDIF:

    dn: uid=foo,ou=People,dc=example,dc=com
    changetype: modify
    delete: pwdFailureTime

But since the system is slave, it?s giving ldapmodify(1) a redirect to the
master. I've also tried the script in ITS#8185:

    http://www.openldap.org/lists/openldap-bugs/201507/msg00012.html

that connects to ldapi:///, and that also referral/redirects (since we
have  olcUpdateRef configured). We are not using the slapo-chain(5)
funcionality.

Is there any way to manipulate pwdFailureTime on the slaves without going
into the raw databases files? Or do we have to enable slapo-chain(5) when
using slapo-ppolicy(5) and then do things on the master?

Thanks for any info.

Regards,
David

Follow-Ups:
- Re: cannot delete pwdFailureTime attribute
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: SSHA hash are stores as '{ssha}......' and '{SSHA}......'
Next by Date: How to build contrib pw-radius?
Index(es):
- Chronological
- Thread