[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
synchronizing ppolicy across different suffixes
- To: openldap-technical@openldap.org
- Subject: synchronizing ppolicy across different suffixes
- From: Tyler Gates <tgates81@gmail.com>
- Date: Thu, 18 Aug 2011 10:44:52 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=cKIbRQLY+eUbuP9nqz5UVSTUK4ha5En+B9oTSDl7qpM=; b=gJtl9yPTTxZsDYsHfxvq1+ZXJ+Q4TWagkU8ftUPFOSOLQuBXsriwW5le6mgYU81Xwt rdBWCue9UoABb2uQu6VgwXtHm2CPxYwrfOO76Pq68CvTFESnzqYN2vNkiDtMHbD9aZLx 6PDS9UFI4ajXn4F4SoDBzJoc1nBPhPoSigmSw=
Is it possible to synchronize the same ppolicy across different
suffixes on the same server? I would have thought referrals would take
care of this and they to an extent but when the suffix that doesn't
actually contain the policy entry gets a lockout request from failed
attempts, pwdAccountLockedTime gets recorded on the same suffix from
where it was originating -not the one being referenced.
In the manual it states that ppolicy_forward_updates should take care
of this but it requires updateref and the chain overlay (which must be
setup under back_ldap) in order to work. The problem is when I setup
back_ldap and point its database to the original policy entry, it
complains that a previous database declaration has already claimed it
-which is true because I have the database containing that policy
entry on the same machine.
Is there a way to do this or am I going about this wrong?
Thanks,
Tyler