[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy and sync replication



I did a bit more testing about this.

I set up password policy as below. Only relevant part given.

pwdLockout: TRUE
pwdMaxFailure: 3
pwdLockoutDuration: 90

1 - I did bind to the master server 3 times using wrong password. I failed to bind using the right password after that and failed. Expected
2- I did bind to the consumer server using the right password. Failed. Expected.


After 90 seconds everything works fine.

3- I did bind to the consumer server using the wrong password three times. I failed to bind to the consumer using the right password after that. Failed. Expected
4 - I did bind to the master server using the right password. Success. Not expected before elapsing 90 seconds.


I know the consumer server is not supposed to update the master server database, but is there any work around? Does openldap support multi master replication? Is this a limitation. Does this mean a client locked on consumer server - as set by the policy - would be able to bind to the master server overriding the policy.

One more doubt: where the failure counts are stored?

Regards,
Sadique

Sadique Puthen wrote:
Hi,

Is it possible to replicate password policy related attributes using sync replication while using ppolicy overlay?

I am specifically asking about replicating pwdChangedTime, pwdAccountLockedTime, pwdHistory and etc... not about password configuration related attributes,

Regards,
Sadique