[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy overlay and MMR experiencing frequent delta-sync lost issue

To: Beth Halsema <bhalsema@purdue.edu>
Subject: Re: ppolicy overlay and MMR experiencing frequent delta-sync lost issue
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Thu, 12 Jan 2017 08:06:57 -0800
Cc: OpenLDAP Technical List <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <WM!dc054e1e8e45728cb2ede4491a1793a8f7dfc6fd18ffaf66f49ae7f6c282a0eb4fb8dfba3064bae75cbd2dc3dabf0873!@mailstronghold-1.zmailcloud.com>
References: <alpine.LRH.2.20.1701090949350.18853@yrffn.vgfc.cheqhr.rqh> <WM!c368ec67d2f9aeb4199d3a29f7bba7feecba9c575c4ae18fcc66e6e3fcc859a413dd001aeda94c542ae650379824113f!@mailstronghold-3.zmailcloud.com> <1954B6136249F7D9C5465158@[192.168.1.30]> <alpine.LRH.2.20.1701120933330.31420@yrffn.vgfc.cheqhr.rqh> <WM!dc054e1e8e45728cb2ede4491a1793a8f7dfc6fd18ffaf66f49ae7f6c282a0eb4fb8dfba3064bae75cbd2dc3dabf0873!@mailstronghold-1.zmailcloud.com>

--On Thursday, January 12, 2017 10:20 AM -0500 Beth Halsema<bhalsema@purdue.edu> wrote:


Quanah, are you suggesting that the ppolicy attributes (i.e.
pwdGraceUseTime,  pwdFailureTime, etc.) not be replicated?


Hi Beth,

This is clearly noted in the slapo-ppolicy(5) man page:

Note that the current IETF Password Policy proposal does not definehowthese operational attributes are expected to behave in areplicationenvironment. In general, authentication attempts on a slave serveronlyaffect the copy of the operational attributes on that slave andwillnot affect any attributes for a user's entry on the masterserver.Operational attribute changes resulting from authentication attemptsona master server will usually replicate to the slaves (andalsooverwrite any changes that originated on the slave). Thesebehaviorsare not guaranteed and are subject to change when aformal

      specification emerges.

The correct fix is to modify your syncrepl configuration so that thoseattributes are ignored by the syncrepl client. There is no patch to thecode necessary.


Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- Re: ppolicy overlay and MMR experiencing frequent delta-sync lost issue
  - From: Mark Cairney <Mark.Cairney@ed.ac.uk>

References:
- ppolicy overlay and MMR experiencing frequent delta-sync lost issue
  - From: Beth Halsema <bhalsema@purdue.edu>
- Re: ppolicy overlay and MMR experiencing frequent delta-sync lost issue
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: ppolicy overlay and MMR experiencing frequent delta-sync lost issue
  - From: Beth Halsema <bhalsema@purdue.edu>

Prev by Date: Re: slapd-meta with olc
Next by Date: Re: slapd-meta with olc
Index(es):
- Chronological
- Thread