[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy and sync replication

To: Sadique Puthen <xenguy@gmail.com>
Subject: Re: ppolicy and sync replication
From: Pierangelo Masarati <ando@sys-net.it>
Date: Thu, 18 Jan 2007 10:31:31 +0100
Cc: openldap-software@openldap.org
In-reply-to: <45ACA52D.6070307@gmail.com>
References: <45ACA52D.6070307@gmail.com>
User-agent: Thunderbird 1.5.0.8 (X11/20061025)

Sadique Puthen wrote:

Hi,
Is it possible to replicate password policy related attributes using sync replication while using ppolicy overlay?

I am specifically asking about replicating pwdChangedTime, pwdAccountLockedTime, pwdHistory and etc... not about password configuration related attributes,

In general, ppolicy related state values are not replicated; each replica is on its own as far as state-related attributes in enforcing password policy. I recall discussion about if and how this type of info should be replicated or somehow shared on the IETF ldapext list, but the conclusion sounded like "replication and password policy are two separate things with some overlap; if we bundle them, consensus on the draft will be harder to achieve, so let's keep them separate (and leave them to implementors, I guess)". I hope my short and incomplete summary of the discussion is not too short and incomplete.

p.

Follow-Ups:
- Ppolicy - password history
  - From: <Andris.Eiduks@tietoenator.com>

References:
- ppolicy and sync replication
  - From: Sadique Puthen <xenguy@gmail.com>

Prev by Date: How to migrate iPlanet Directory into OpenLDAP?
Next by Date: Still need ftp://ftp.OpenLDAP.org/pub/tools/* ?
Index(es):
- Chronological
- Thread