I posted a bug report about the issue: http://tools.lsc-project.org/issues/827
http://ltb-project.org/wiki/documentation/self-service-password/0.9/config_questions Using the Self Service Password package, it appears we can't use the "Reset by questions" feature because neither of the info or extensibleObject attributes are available in a standard OpenLDAP installation. Perhaps I am missing some key bit of info since I am still learning about LDAP, but I think this issue is at least a documentation bug because we can't use the feature without customizing the upstream schema or adding another custom schema. As noted in the bug report Clément OUDOT said "The 'info' attribute is defined in cosine schema". I just checked the upsteam OpenLDAP source openldap-2.4.44... Snippets of the cosine schema: # 9.3.4. Information # # The Information attribute type specifies any general information # pertinent to an object. It is recommended that specific usage of # this attribute type is avoided, and that specific requirements are # met by other (possibly additional) attribute types. # # info ATTRIBUTE # WITH ATTRIBUTE-SYNTAX # caseIgnoreStringSyntax # (SIZE (1 .. ub-information)) # ::= {pilotAttributeType 4} # attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: general information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) ... #objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' # DESC 'RFC1274: pilot object' # SUP top AUXILIARY # MAY ( info $ photo $ manager $ uniqueIdentifier $ # lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio ) # ) So it appears info attribute won't work without changing the schema as distributed by Debian's Jessie package package 2.4.40+dfsg-1+deb8u2 or OpenLDAP 2.4.44. And it appears extensibleObject is not available as an attribute either: cp@io:/tmp/openldap-2.4.44$ grep -ri extensibleObject servers/slapd/schema/ I should also note, I wasn't asking a question in the bug report. However since I am sending a message to the LTB users list. What attributes are people using for the $mail_attribute attribute when using the "Reset by mail tokens" feature? The mail attribute doesn't seem like a good choice because we would want to send the message to another email provider. Thanks, Chuck _______________________________________________ ltb-users mailing list ltb-users@lists.ltb-project.org http://lists.ltb-project.org/listinfo/ltb-users
