I have entry in LDAP under dnTemplate ou=product01,ou=identities
as bellow:
dn: cn=Test Subentry Password Policy,ou=product01,ou=identities
ds-pwp-password-attribute: userPassword
uid: 0a91242a-60c4-41fa-9c13-fdc433fc4735
ds-pwp-password-history-count: 5
ds-pwp-max-password-age: 90d
ds-pwp-default-password-storage-scheme: PBKDF2-HMAC-SHA512
cn: Test Subentry Password Policy
ds-pwp-character-set-allow-unclassified-characters: true
ds-pwp-length-based-min-password-length: 8
objectClass: subentry
objectClass: top
objectClass: uidObject
objectClass: ds-pwp-password-policy
objectClass: ds-pwp-validator
objectClass: ds-pwp-length-based-validator
objectClass: ds-pwp-character-set-validator
ds-pwp-character-set-character-set: 1:ABCDEFGHIJKLMNOPQRSTUVWXYZ
ds-pwp-character-set-character-set: 1:0123456789
ds-pwp-character-set-character-set: 1:abcdefghijklmnopqrstuvwxyz
ds-pwp-character-set-character-set: 1:~!@#$%^&*()-_=+[]{}|;:,.<>/?
When using ldapsearch with filter by ldapsearch -H ldap://localhost:1389 -x -D "uid=admin" -W -b "ou=product01,ou=identities" -s sub -a always -z 1000 "(uid=0a91242a-60c4-41fa-9c13-fdc433fc4735)" "pwdPolicySubentry" "objectClass"
. LDAP return emty entry
#!SEARCH REQUEST (365) OK
#!CONNECTION ldap://localhost:1389
#!DATE 2022-05-31T08:06:25.951
# LDAP URL : ldap://localhost:1389/ou=product01,ou=identities?pwdPolicySubentry,objectClass?sub?(uid=0a91242a-60c4-41fa-9c13-fdc433fc4735)
# command line : ldapsearch -H ldap://localhost:1389 -x -D "uid=admin" -W -b "ou=product01,ou=identities" -s sub -a always -z 1000 "(uid=0a91242a-60c4-41fa-9c13-fdc433fc4735)" "pwdPolicySubentry" "objectClass"
# baseObject : ou=product01,ou=identities
# scope : wholeSubtree (2)
# derefAliases : derefAlways (3)
# sizeLimit : 1000
# timeLimit : 0
# typesOnly : False
# filter : (uid=0a91242a-60c4-41fa-9c13-fdc433fc4735)
# attributes : pwdPolicySubentry objectClass
#!SEARCH RESULT DONE (365) OK
#!CONNECTION ldap://localhost:1389
#!DATE 2022-05-31T08:06:26.166
# numEntries : 0
This issue happen only when entry has subentry objectClass or inheritance, I can’t remove this objectClass because this entry defined my subentry password policy.
Some one pls to help.