[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: strange issue with pwdAccountLockedTime

To: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Subject: Re: strange issue with pwdAccountLockedTime
From: Michael Ströder <michael@stroeder.com>
Date: Sun, 21 Oct 2007 12:53:49 +0200
Cc: openldap-software@openldap.org
In-reply-to: <470B451D.3070906@inria.fr>
References: <470B451D.3070906@inria.fr>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070802 SeaMonkey/1.1.4

Guillaume Rousse wrote:
> The following ldif fragment:
> dn: uid=melancon,ou=saclay,ou=futurs,ou=users,dc=futurs,dc=inria,dc=fr
> changetype: modify
> replace: userpassword
> userpassword: XXXXX
> -
> replace: gidnumber
> gidnumber: 5050
> -
> replace: homedirectory
> homedirectory: /home/gravite/melancon
> -
> delete: pwdAccountLockedTime
> 
> causes the server to choke with error:
> ldapmodify: No such attribute (16)
>         additional info: modify/delete: pwdAccountLockedTime: no such
> attribute
> 
> However, when removing other changes, and keeping only
> pwdAccountLockedTime deletion, everything works OK....

You likely
1. enabled slapo-ppolicy,
2. set the userPassword attribute and
3. disabled slapo-ppolicy afterwards.

Since schema declaration of attribute type pwdAccountLockedTime is
hard-coded in slapo-ppolicy and slapo-ppolicy also sets this operational
attribute you now have an entry which contains an attribute for which no
schema information is available anymore.

This also happened to me when having a master with slapo-ppolicy
enabledn and having a consumer replica with slapo-ppolicy disabled.

Ciao, Michael.

References:
- strange issue with pwdAccountLockedTime
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>

Prev by Date: Re: regarding custom schema
Next by Date: loglevel question
Index(es):
- Chronological
- Thread