List, I upgraded to 3.0.10 the other day, and completely missed the fact that the samba.schema for openldap had to be upgraded as well. I learnt that this was the case when passwords could no longer be changed... Searching the web revealed that the only thing to do was to "copy over samba.schema" and everything would be fine. So I backed up the previous copy of samba.schema, copied the new version over (and I see it contains the definition for sambaPasswordHistory, which is what I need) and then restarted openldap. When I browse the directory, however, I don't see the that the changes appear to have taken hold. Nor can I edit a user entry directly to add the attribute. Do I need to perform some sort of compilation on the schemas before restarting openldap? Thanks for the pointers, David
> When I browse the directory, however, I don't see the that the changes > appear to have taken hold. Nor can I edit a user entry directly to add > the attribute. Do I need to perform some sort of compilation on the > schemas before restarting openldap?I believe you have to set the password history policy using pdbedit first. pdbedit -P "password history" -C 3 Also the attribute doesn't show up until the user changes their password for the first time. Have a user change their password and it should add the attribute. Chris
On Fri, 21 Jan 2005 12:01:00 +0100, David Landgren <landgren@gmail.com> wrote:> List, > > I upgraded to 3.0.10 the other day, and completely missed the fact > that the samba.schema for openldap had to be upgraded as well. I > learnt that this was the case when passwords could no longer be > changed... > > Searching the web revealed that the only thing to do was to "copy over > samba.schema" and everything would be fine. So I backed up the > previous copy of samba.schema, copied the new version over (and I see > it contains the definition for sambaPasswordHistory, which is what I > need) and then restarted openldap.Answering myself: it turns out that there was nothing else to do. Copy the files over and restart openldap. What helps is to restart your openldap browser apps, so that they load a new version of the schema!