[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: deploying password policy module

To: "'Michael Ströder'" <michael@stroeder.com>, <openldap-technical@openldap.org>
Subject: RE: deploying password policy module
From: "Paul B. Henson" <henson@acm.org>
Date: Tue, 29 Apr 2014 13:45:39 -0700
Content-language: en-us
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:thread-index :content-language; bh=GLNu/NsT+W/6rDN3+I50pZrOI6vtg1nwTJ2kvyqWWCM=; b=RfwHbnC1/sIVLJ+b6KtKMpJkPJqK9U78tHzdCE8+gO6S9zofVF6vHi+8QpjnYKIb0t HaVE4Ti1jHSiGxuG6lyo8/cgiH2pjIE0Rdp4vRunIYEKchwddpU0F+nYbr3h4VbjhoU+ eNhX4tDw1vWpfuU+I/J6qRxbZOvVqxvaSXBaP+pZWvQXs1CHjggvXUnSRWj+gnFMSV8q 8dwa6kIRydu/v0Pw7sv1s9j+4loFltXvHU6xfc9BkYHRJOBri8ZkI/8MMvDqJnsemjrE t0b+AX2wzoAKivhetTVKzdWk5kPR4f1jvpX7WPqBcF8XccsTHcAF17tnItKoCRBhPHjv HGww==
In-reply-to: <5360027B.5000605@stroeder.com>
References: <054601cf5f53$6bea5f80$43bf1e80$@acm.org> <20140428015553.GA1541@bender.unx.csupomona.edu> <535DF497.9040606@stroeder.com> <0d8201cf634b$4e168730$ea439590$@acm.org> <535F4BA1.70806@stroeder.com> <0e3f01cf63e0$68bec2b0$3a3c4810$@acm.org> <5360027B.5000605@stroeder.com>
Thread-index: AQITbWbuK5/1i31wqUbPafa2JIqQhwKFLPRaAfplvlcBEjmWtQK3gevIAabi1BQDWc4u3Jo2rFRg

> From: Michael Ströder
> Sent: Tuesday, April 29, 2014 12:50 PM
>
> AFAICS nothing prevents you from loading the schema first on all replicas.
> And after that load the overlay.

The attribute in question is not defined in the external schema, in fact, it
is commented out:

#5.3.4  pwdFailureTime
#
#   This attribute holds the timestamps of the consecutive authentication
#   failures.
#
#      ( 1.3.6.1.4.1.42.2.27.8.1.19
#      NAME 'pwdFailureTime'
#      DESC 'The timestamps of the last consecutive authentication
#      failures'
#      EQUALITY generalizedTimeMatch
#      ORDERING generalizedTimeOrderingMatch
#      SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
#      USAGE directoryOperation )

The actual definition used by openldap is embedded in the schema_info within
the ppolicy module itself. So, having the external schema loaded on one
replica, and the module itself in use on another, still results in failed
replication.

Follow-Ups:
- Re: deploying password policy module
  - From: Michael Ströder <michael@stroeder.com>

References:
- deploying password policy module
  - From: "Paul B. Henson" <henson@acm.org>
- Re: deploying password policy module
  - From: "Paul B. Henson" <henson@acm.org>
- Re: deploying password policy module
  - From: Michael Ströder <michael@stroeder.com>
- RE: deploying password policy module
  - From: "Paul B. Henson" <henson@acm.org>
- Re: deploying password policy module
  - From: Michael Ströder <michael@stroeder.com>
- RE: deploying password policy module
  - From: "Paul B. Henson" <henson@acm.org>
- Re: deploying password policy module
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: deploying password policy module
Next by Date: Re: deploying password policy module
Index(es):
- Chronological
- Thread