I can not speak to OpenLDAP, but if it is like others, you can not add
operational attributes through a conventional ldapadd / ldapmodify
operation. Some LDAP products have a bulk load process that is done
with the directory service module stopped, that allows you to add
certain operational attributes. But be aware that if you a moving from
one vendors product to another, you may have to use some form of
scripting to reformat the time based attributes.
On 10/26/16 5:35 PM, Ezsra McDonald wrote:
What is the trick to export the LDAP to a OpenLDAP server used for other
purposes? OpenLDAP does not want to allow the add of operational
attributes. We need the password history and aging to come over.
Has anyone done this?
--Ezsra
