Re: Password policy can't replicate in openldap 2.4.8

[Paul Lee <paul@hk.fujitsu.com>]

I have created the lastlogintime attribute and lastfailurelogintime 
attribute (user defined attribute).

For each time I input the wrong password, I will also update the 
lastfailurelogintime attribute, then, after 3 failure attempt (I set 3 
times login failure attempt in password policy), the attribute 
pwdAccountLockedTime will then be replicated.

It's strange.....



Gavin Henry wrote:

> Paul Lee wrote:
>
> > Dear sir,
> >
> > I found that the account policy can't be replicated in openldap 2.4.8
> >
> > I setup 2 servers, with Mirror mode.  Then, I added the password 
> > policy and some user accounts in server 1, I then startup server 2, 
> > the user accounts are replicated to server 2.
>
>
> [snip]
>
> > mirrormode on
> > serverID   1
> >
> > slapd.conf in server 2 :
> >
> > # Password policy
> > overlay ppolicy
> > ppolicy_default "cn=default,ou=Policies,o=HKSARG"
> >
> > overlay syncprov
> > #access to * by dn="cn=Manager" write by * read
> > access to * by * write
> > access to * by * read
>
> Are these your only ACLs?
>
> What do your logs indicate?



Confidential Communication - This e-mail (including any attachments) is confidential and may be 
legally privileged. If this e-mail has been sent to you by mistake please inform us by reply 
e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the 
information in it.