[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy and sync replication

To: openldap-software@openldap.org
Subject: Re: ppolicy and sync replication
From: Sadique Puthen <xenguy@gmail.com>
Date: Tue, 16 Jan 2007 19:48:35 +0530
In-reply-to: <45ACA52D.6070307@gmail.com>
References: <45ACA52D.6070307@gmail.com>
User-agent: Thunderbird 1.5.0.7 (X11/20060911)

I did a bit more testing about this.

I set up password policy as below. Only relevant part given.

pwdLockout: TRUE
pwdMaxFailure: 3
pwdLockoutDuration: 90

1 - I did bind to the master server 3 times using wrong password. I failed to bind using the right password after that and failed. Expected 2- I did bind to the consumer server using the right password. Failed. Expected.

After 90 seconds everything works fine.

3- I did bind to the consumer server using the wrong password three times. I failed to bind to the consumer using the right password after that. Failed. Expected 4 - I did bind to the master server using the right password. Success. Not expected before elapsing 90 seconds.

I know the consumer server is not supposed to update the master server database, but is there any work around? Does openldap support multi master replication? Is this a limitation. Does this mean a client locked on consumer server - as set by the policy - would be able to bind to the master server overriding the policy.

One more doubt: where the failure counts are stored?

Regards,
Sadique

Sadique Puthen wrote:

Hi,
Is it possible to replicate password policy related attributes using sync replication while using ppolicy overlay?

I am specifically asking about replicating pwdChangedTime, pwdAccountLockedTime, pwdHistory and etc... not about password configuration related attributes,
Regards,
Sadique

References:
- ppolicy and sync replication
  - From: Sadique Puthen <xenguy@gmail.com>

Prev by Date: ppolicy and sync replication
Next by Date: Re: object classes that can contain other objects
Index(es):
- Chronological
- Thread