[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Setting userPassword and pwdChangedTime together with Relax Rules Control
- To: openldap-technical@openldap.org
- Subject: Setting userPassword and pwdChangedTime together with Relax Rules Control
- From: Michael Ströder <michael@stroeder.com>
- Date: Fri, 11 Nov 2011 12:19:11 +0100
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1321010352; l=904; s=domk; d=stroeder.de; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From: Date:X-RZG-CLASS-ID:X-RZG-AUTH; bh=GRMfBcgENiTr/T6tncyydvDnnqI=; b=C6mk8/Z5NPk7rxGHVBqFnWKjZ1fp0i9iQUTpXTMp27Mno1XBdev567yA+w06E53ro/x UEynH2X2TSNJW93k29KQHm2cFWL2bwFTAhM3r5eRShzBlqPK/jbQWxlxaTPy61Y00xyWG AB+w6aj22JkKEd6Ag7SqTy81sN8FrpfHINU=
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110928 Firefox/7.0.1 SeaMonkey/2.4.1
HI!
I've implemented a sync job which has to also sync passwords with a password
modification timestamp from an Oracle DB to OpenLDAP. There's a latency in
this password sync so the exact password modification timestamp has to be
copied from the source DB to attribute pwdChangedTime in OpenLDAP.
Setting the pwdChangedTime alone with the Relax Rules control is no problem.
But when the add or modify request also contains the userPassword attribute
slapo-ppolicy also wants to add a (later) value for pwdChangedTime and this
results in:
Constraint violation: attribute 'pwdChangedTime' cannot have multiple values
Any chance to achieve this in a single add/modify request? I think this
scenario is not so unusual in the real world. So slapo-ppolicy should not
generate 'pwdChangedTime' if it's already in the write request in case of
Relax Rules control enabled.
Ciao, Michael.