[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: attribute 'pwdPolicySubentry' cannot have multiple values
On Monday, 22 March 2010 12:40:47 Chris Jacobs wrote:
> Howard, Tyler, Michael,
>
> My apologies: I take that back. The entry is indeed on the account - and
> it is, in fact, a system attribute.
>
> I will endeavor to not reply to messages at 4am in the future - a bit too
> quick on the /assume/ thing.
>
> BTW:
> How do you identify whether an attribute will be a system attribute or not?
> I've plenty to learn on ldap, but even I knew to look at the schema file
> - and I'm not certain how one could know whether an attribute would be a
> system attribute.
The "USAGE directoryOperation" is the key:
[bgmilne@tiger ~]$ ldapsearch -x -s base -b cn=subschema attributetypes|perl
-p0e 's/\n //g'|grep pwdPolicySubentry
attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry' DESC
'The pwdPolicy subentry in effect for this object' EQUALITY
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE
directoryOperation )
On an existing entry, you can ask for only the operational attributes with the
'+' modifier, e.g.:
[bgmilne@tiger ~]$ ldapsearch -x -LLL uid=bgmilne '+'
dn: uid=bgmilne,ou=People,dc=ranger,dc=dnsalias,dc=com
structuralObjectClass: inetOrgPerson
entryUUID: 8b74bea0-f20d-101e-8cdf-6105b6f2f478
creatorsName: uid=account admin,ou=system accounts,dc=ranger,dc=dnsailas,dc=co
m
createTimestamp: 19960203002836Z
pwdPolicySubentry: cn=default,ou=Password Policies,dc=ranger,dc=dnsalias,dc=co
m
pwdChangedTime: 20100319092937Z
entryCSN: 20100323080111.520646Z#000000#003#000000
modifiersName: cn=manager,dc=ranger,dc=dnsalias,dc=com
modifyTimestamp: 20100323080111Z
entryDN: uid=bgmilne,ou=People,dc=ranger,dc=dnsalias,dc=com
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
Regards,
Buchan