[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
replica consumers and ppolicy overlay values like PwdFailureTime
- To: openldap-technical@openldap.org
- Subject: replica consumers and ppolicy overlay values like PwdFailureTime
- From: John Jasen <jjasen@gmail.com>
- Date: Mon, 12 Dec 2016 16:20:57 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=gJsKwRg23yudGJ58N1NEnc+G8SWRjsSssY01dyyM7Xs=; b=WJh+NyPqaNxtITzI1JaQHSWp8aBYBhV+rnoN7EuSUYdApVG3NDPxS22B+AO9S35aLz /vf7dONsQRTbGZe58Cu43ci5FGGg8JxJmEqAHAjaEYLlc7mVrZmiVduAy4pmkzveqk4P JZr/GdxWYD7AIIe4oCNvsLSzGKaNzk+lYf/WzD0LU/VIanqDLZCB/0Phj0Gw1KUv/YEl tfPIvSD+03GbsCSYhSl2Up1WtUGjMTh9FdEbhJRsD55Gl22pykHh0nGOP30AOLYA1vb4 ahcUk18bEbrvfEZT2GTqOiRkAfbFYE9LxcxAMRhxeHKMXdyfErCfdF99plcOKty83Ism O7uA==
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
I'm trying to setup OpenLDAP on CentOS7, in a provider/consumer
relationship. In general, provider/consumer is working quite well,
except when it comes to password policy.
Specifically, I want PwdFailureTime to be written to the provider from
one of the front end consumers when appropriate.
I'm lead to believe this requires:
a) ppolicy_foward_updates TRUE (done)
b) an appropriate syncrepl configuration for the consumer (I believe done)
c) updateref $LDAP-provider-URI (done)
d) an appropriate chain overlay on the provider (I think done)
e) appropriate ACLs on the provider to allow the consumer bind-user
access to manage PwdFailureTime (I believe done)
I've attempted all of the above, but the consumer (when run in debugging
mode), does not seem to be trying any updates upon authentication
failure. It gives no indication of modifying locally, or of trying to
contact the provider at all over this.
Any idea whats going wrong?