--On Tuesday, February 15, 2022 3:56 AM +0530 Chandeshwar Mishra <kumarchandeshwa...@gmail.com> wrote:
Hi Quanah, Thanks for your response. Our setup is a very old one and we are planning to migrate it to the latest stable version but Since this openldap is deployed in Production it is not possible for us to upgrade it suddenly. As you mentioned that ppolicy schema is missing in configuration, so is it possible that without having ppolicy schema, Openldap will remember the pwdHistory of the user ? In my case pwdHistory is visible to users, for which I want to apply ACL so that a user can only see his/her pwdHistory , not other users pwdHistory.
If the user entries have pwdHistory attribute value pairs, and you've removed the ppolicy schema file from your configuration, then your server configuration is invalid. There must be a corresponding schema definition for all data stored in your server.
If you're trying to remove the ppolicy functionality, then you will need to clean the data from your system.
You will not be able to set ACLs on attributes that slapd is unaware of. You either need to (a) fix your slapd configuration so the ppolicy schema is loaded or (b) remove the ppolicy specific attributes from your dataset and reload the DB.
--Quanah
