LDAP shadow attributes not deleted when ppolicy is used

  • 3286022
  • 17-Mar-2008
  • 27-Apr-2012


Novell SUSE Linux Enterprise Server 10 Support Pack 1
Novell SUSE Linux Real Time
Novell Open Enterprise Server 2 (OES 2)


This issue was discovered when updating a LDAP enabled SLES10 GA version to SLES10 SP1 where the users have shadow data inside LDAP. After the update to SP1 it is possible to use ppolicy in LDAP. When ppolicy is enabled via the YaST-LDAP Server Module, the shadow attributes are not deleted in the LDAP tree.
When the YaST User Management module is being used, in the plugin tab both plugins are enabled (ppolicy and shadow). When exiting the Usermangement the following error is being reported:

ERROR:"It is not possible to add this plugin when the plugin for Shadow Account attributes is in use."


Please update the package yast2-ldap to version 2.13.24 via online update.
Please note as SP1 is no longer maintained as patch level, please consider to upgrade to the most current service pack level.

Additional Information

When trying to disable the shadow account plugin the following error appears:

ERROR: "objectclass violation attribute "shadowInactive" not allowed

When trying to disable the ppolicy plugin this error was recognized

ERROR: "This plugin cannot be removed"