--On Tuesday, July 12, 2022 1:31 PM +0200 Francesco Malvezzi
<[email protected]> wrote:
[...]
Whatever "it works" really means. Without seeing example entries and
their pwdChangedTime values it's impossible to say anything meaningful -
except the usual "it works for me".
it turns out this malfunctioning is affecting only entries whose password
has been changed last time before the upgrade [1].
So to be sure that 'it works for you' you should pick a pretty old entry
and craft the range pwdChangedTime query accordingly.
And of course this applies to you only if you did a in-place update. If
you slapcat-ed and slapadd-ed your entries, you are pretty safe,
This is due to ITS#9513 which changed the generalizedTime indexer. So any
time-based attributes need to be reindexed (or database exported/imported
will fix it too). This got missed being documented on the OpenLDAP side.
Can also affect replication when an in-place upgrade is done.
Regards,
Quanah
