Hi! Sorry for the length delay. I tested again: * I copied a policy and assigned that copy to a user * then I renamed that copied pppolicy to a new name * searching the server I see that the pwdPolicySubentry attribute is updated
The confusing part is that I find the rename in accesslog, but not the attribute change. Of course, the rename triggered an attribute change on the other replicated node as well, but I would find it more consistent if the change done by refint were reflected in the accesslog (and be replicated that way). Maybe it's my fault to use the accesslog to see all changes applied to the local database... Kind regards, Ulrich Windl > -----Original Message----- > From: Ondřej Kuzník <on...@mistotebe.net> > Sent: Friday, May 9, 2025 12:34 PM > To: Windl, Ulrich <u.wi...@ukr.de> > Cc: openldap-technical@openldap.org > Subject: [EXT] Re: Re: Re: Re: Re: using refint overlay for pwdPolicySubentry > > On Fri, May 09, 2025 at 10:00:08AM +0000, Windl, Ulrich wrote: > > I fail to see where slapd.conf comes into play with handling of > pwdPolicySubentry: > > Both the policies and the users are defined in a different (MDB) database. > > Only the default policy may be stored in the config database directly, and I > did not talk about that. > > Yes, and as I indicated before, in my testing, everything but a default > policy was being adjusted by refint just fine. The reason default policy > was not is because it is set in the configuration and what we've moved > onto. > > If you can reproduce a set up where a pwdPolicySubentry is stored on the > account's entry, refint is properly configured and a rename of the > corresponding policy entry does not trigger an update of the account > contrary to refint documentation, please post it here or better, file an > issue. > > Thanks, > > -- > Ondřej Kuzník > Senior Software Engineer > Symas Corporation http://www.symas.com > Packaged, certified, and supported LDAP solutions powered by OpenLDAP
