[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password policy can't replicate in openldap 2.4.8

To: Paul Lee <paul@hk.fujitsu.com>
Subject: Re: Password policy can't replicate in openldap 2.4.8
From: Gavin Henry <ghenry@suretecsystems.com>
Date: Wed, 09 Apr 2008 09:37:40 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <47FC165B.2040805@hk.fujitsu.com>
Organization: Suretec Systems Ltd.
References: <47F243C2.3080002@hk.fujitsu.com> <47F9E204.4090908@suretecsystems.com> <47FC165B.2040805@hk.fujitsu.com>
User-agent: Thunderbird 2.0.0.12 (X11/20080213)

Paul Lee wrote:

I have created the lastlogintime attribute and lastfailurelogintime attribute (user defined attribute).

For each time I input the wrong password, I will also update the lastfailurelogintime attribute, then, after 3 failure attempt (I set 3 times login failure attempt in password policy), the attribute pwdAccountLockedTime will then be replicated.

It's strange.....

Most of the ppolicy attributes are operational, and since you never specified a "attrs" in yoru syncrepl config, the default is used, which is:

The attrs list defaults to "*,+" to return all user and operational attributes.

I did notice in ppolicy.c in HEAD:

1120 |   |   /* FIXME: Need to handle replication of some (but not all)
1121 |   |    * of the operational attributes...
1122 |   |    */

So it may be the case that you can't replicate them all yet...

Gavin.

References:
- Password policy can't replicate in openldap 2.4.8
  - From: Paul Lee <paul@hk.fujitsu.com>
- Re: Password policy can't replicate in openldap 2.4.8
  - From: Gavin Henry <ghenry@suretecsystems.com>
- Re: Password policy can't replicate in openldap 2.4.8
  - From: Paul Lee <paul@hk.fujitsu.com>

Prev by Date: Re: Slapd Won't Start After TLS Was Configured
Next by Date: Re: ProxyAuth via slapd-ldap woes
Index(es):
- Chronological
- Thread