Re: using search filter for operational attributes (pwdAccountLockedTime)

[Tyler Gates <tjgates@castlebranch.com>]

I could of swore I tried that already. Works fine now... thanks.

  Tyler

On Tue, 9 Jun 2009 05:34:18 +0200 (CEST)
masarati@aero.polimi.it wrote:

> > Hey guys,
> >
> >
> >     From my understanding pwdAccountLockedTime is an operational
> > attribute and by ldap v3 definition it must be 'requested' to obtain the
> > value. However, when I include this attribute as part of a search filter
> > against one of my master servers I get results back but when I run it
> > against my proxy (back_ldap) ldap server, I get nothing. Only when I
> > request the attribute do I get something off the proxy. If operational
> > attributes should not be seen unless requesting them then how come on
> > my master servers it returns fine but not on the proxy? Is there a way
> > to make the proxy behave the same as the master's in this regard? Or do
> > I possible have some ACL issues?
> 
> Likely, pwdAccountLockedTime is defined by slapo-ppolicy and you compiled
> that overlay as a module and did not load it in the proxy's configuration.
>  Filters require attributes to be defined in order to work.  This is slapd
> and not proxy specific.
> 
> p.
> 
>