Hi! Oh well, the typical (data) administrator is using some frontend that just shows objects' attributes, and it may not be quite obvious which ones are "virtual": After all they (e.g. pwdPolicySubentry) are stored permanently in the database (and they are synced, fortunately).
Kind regards, Ulrich Windl > -----Original Message----- > From: Ondřej Kuzník <on...@mistotebe.net> > Sent: Tuesday, May 6, 2025 11:54 AM > To: Windl, Ulrich <u.wi...@ukr.de> > Cc: openldap-technical@openldap.org > Subject: [EXT] Re: Re: using refint overlay for pwdPolicySubentry > > On Mon, May 05, 2025 at 07:46:34AM +0000, Windl, Ulrich wrote: > > Ondřej, > > > > thanks for explaining. Maybe you misunderstood the final part of my > > message: I wanted to point out that a "normal" (=member) attribute > > seemed to work just fine, while an attribute provided by an overlay > > (i.e. policy) may not work as expected. Is there some ordering > > requirement (refint, policy overlays) involved here, maybe? > > And yes, I've configured refint the same way on all nodes. > > Hi Ulrich, > only data stored in the database can be managed by refint, it won't > update virtual attributes, much less actual configuration. It is your > responsibility as administrator to keep your configuration consistent > and correct. > > Regards, > > -- > Ondřej Kuzník > Senior Software Engineer > Symas Corporation http://www.symas.com > Packaged, certified, and supported LDAP solutions powered by OpenLDAP
