Rick Stevens wrote:I've got a question regarding the ppolicy overlay. I've read the docs I can find for it on the web, but there's a couple of holes in them and in my knowledge.
I've got the config set up (schema, module load, external check library) and such. I've got the default policy DN in the database and such.
From slapd.conf: overlay ppolicy ppolicy_default \ "cn=DefaultPassword,ou=Policies,dc=billing,dc=com" ppolicy_use_lockout ppolicy_hash_cleartext
Are you searching for operational attributes by adding '+' onto you ldapsearch? Most of the ppolicy attributes are operational.
Whoops! Meant to send this to the list, but Thunderbird defaults to the original sender. Grrr!
Ah! No, I hadn't added the '+' bit. D'oh! Yes, I see at least the "pwdChanged" attribute on the new entry, but I don't see the "pwdHistory" stuff that I'd expect. ---------------------------------------------------------------------- - Rick Stevens, Unix Geek rps2@socal.rr.com - - - - If you can't beat your computer at chess...try kickboxing! - ----------------------------------------------------------------------