On 2/5/21 7:55 PM, Uwe Sauter wrote: > Am 05.02.21 um 17:31 schrieb Michael Ströder: >> On 2/5/21 8:40 AM, Uwe Sauter wrote: >>> I'm trying to restrict access to the operational attributes that are >>> provided by the ppolicy overlay >>> (e.g. pwdChangedTime, pwdHistory). >>> >>> When I add the following to my ACL configuration file and try to >>> verify the configuration an error >>> occurs: >>> >>> #### ACL >>> access to attrs=pwdHistory >>> by * none >>> ######## >>> >>> #### slaptest output >>> 601cf554 /etc/openldap/acl.conf: line 96: unknown attr "pwdHistory" >>> in to clause >> >> The above error means you did not load ppolicy schema. >> >> Add to slapd.conf: >> >> include /etc/openldap/schema/ppolicy.schema >> >> Adjust the path to match the exact path of your local OpenLDAP build. > > I would totally agree with you if that wasn't already the case.
Ah, forgot that this was changed to be hard-coded in slapo-ppolicy. So you have to load overlay ppolicy. Ciao, Michael.
