On 2/5/21 8:15 PM, Uwe Sauter wrote: > > > Am 05.02.21 um 20:03 schrieb Michael Ströder: >> On 2/5/21 7:55 PM, Uwe Sauter wrote: >>> Am 05.02.21 um 17:31 schrieb Michael Ströder: >>>> On 2/5/21 8:40 AM, Uwe Sauter wrote: >>>>> I'm trying to restrict access to the operational attributes that are >>>>> provided by the ppolicy overlay >>>>> (e.g. pwdChangedTime, pwdHistory). >>>>> >>>>> When I add the following to my ACL configuration file and try to >>>>> verify the configuration an error >>>>> occurs: >>>>> >>>>> #### ACL >>>>> access to attrs=pwdHistory >>>>> by * none >>>>> ######## >>>>> >>>>> #### slaptest output >>>>> 601cf554 /etc/openldap/acl.conf: line 96: unknown attr "pwdHistory" >>>>> in to clause >>>> >>>> The above error means you did not load ppolicy schema. >>>> >>>> Add to slapd.conf: >>>> >>>> include /etc/openldap/schema/ppolicy.schema >>>> >>>> Adjust the path to match the exact path of your local OpenLDAP build. >>> >>> I would totally agree with you if that wasn't already the case. >> >> Ah, forgot that this was changed to be hard-coded in slapo-ppolicy. So >> you have to load overlay ppolicy. > > This is also already loaded, sorry I forgot to mention that.
Then there's something else wrong with your setup which I can't tell. Ciao, Michael.
