[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncrepl not working for pwdFailureTime attribute
On 02/03/2010 11:51, Alex Samad wrote:
Hi
I have setup a multi master as per the online doco.
When I was checking recently, the 2 DB were out of sync, some record
hadn't been transferred over, I force this by setting -c rid=,csn=
But whilst checking this, I noticed that some attributes haven't been
moved across pwdFailureTime was on a record on the primary ldap server and
not on the secondary master, try what I could I couldn't force it over
is this a feature or a bug ?
The password policy overlay writes updates to the local database only,
by default.
As of recent-ish versions of OpenLDAP 2.4.*, an option is available to
forward these updates via the frontend. The man page describes it:
ppolicy_forward_updates
Specify that policy state changes that result from Bind operations (such as recording
failures, lockout, etc.) on a consumer should be forwarded to a master instead of
being written directly into the consumer’s local database. This setting is only use‐
ful on a replication consumer, and also requires the updateref setting and chain
overlay to be appropriately configured.
This option was clearly designed for read-only slaves.
I'm not sure what the behaviour would be in a multi-master setup. You
could try this anyway. Any ideas from someone else?
Regards,
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------