>>> Uwe Sauter <[email protected]> schrieb am 06.02.2021 um 00:06 in Nachricht <[email protected]>:
> > Am 5. Februar 2021 22:15:47 MEZ schrieb Liam Gretton <[email protected]>: >>On 2021-02-05 18:55, Uwe Sauter wrote: >>> # slaptest >>> 601d92d6 /etc/openldap/acl.conf: line 84: unknown attr "pwdHistory" >>in to clause >>> […] >>> slaptest: bad configuration file! >>> >>> >>> This is on CentOS with openldap-servers-2.4.44-22.el7. >> >>I'm using 2.4.50 (my own build) on CentOS 7 and I have ACLs on this and >> >>other ppolicy attributes without any problems. >> >>You obviously have the ppolicy schema included, but is the ppolicy >>overlay actually loaded? > > Yes it is. Account locking after failed attempts, password changes honoring > configured rules, password history etc. all works since this was set up in > 2017. Back then I just forgot to hide the pwd* attributes that are managed by > the ppolicy overlay. What happens if you query "cn=schema,cn=config" for olcObjectClasses=*? (assuming you can query cn=config) Here I see: ( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory' DESC 'The history of users passwords' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 NO-USER-MODIFICATION USAGE directoryOperation ) > > Perhaps I need to set up a minimal environment to figure this out... > > -- > Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
