[Date Prev][Date Next] [Chronological] [Thread] [Top]

synchronizing ppolicy across different suffixes

To: openldap-technical@openldap.org
Subject: synchronizing ppolicy across different suffixes
From: Tyler Gates <tgates81@gmail.com>
Date: Thu, 18 Aug 2011 10:44:52 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=cKIbRQLY+eUbuP9nqz5UVSTUK4ha5En+B9oTSDl7qpM=; b=gJtl9yPTTxZsDYsHfxvq1+ZXJ+Q4TWagkU8ftUPFOSOLQuBXsriwW5le6mgYU81Xwt rdBWCue9UoABb2uQu6VgwXtHm2CPxYwrfOO76Pq68CvTFESnzqYN2vNkiDtMHbD9aZLx 6PDS9UFI4ajXn4F4SoDBzJoc1nBPhPoSigmSw=

Is it possible to synchronize the same ppolicy across different
suffixes on the same server? I would have thought referrals would take
care of this and they to an extent but when the suffix that doesn't
actually contain the policy entry gets a lockout request from failed
attempts, pwdAccountLockedTime gets recorded on the same suffix from
where it was originating -not the one being referenced.

In the manual it states that ppolicy_forward_updates should take care
of this but it requires updateref and the chain overlay (which must be
setup under back_ldap) in order to work. The problem is when I setup
back_ldap and point its database to the original policy entry, it
complains that a previous database declaration has already claimed it
-which is true because I have the database containing that policy
entry on the same machine.

Is there a way to do this or am I going about this wrong?

Thanks,
   Tyler

Prev by Date: Re: DIT structure advice
Next by Date: Re: Replication with cn=config
Index(es):
- Chronological
- Thread