[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password policy can't replicate in openldap 2.4.8

Paul Lee wrote:
I have created the lastlogintime attribute and lastfailurelogintime attribute (user defined attribute).

For each time I input the wrong password, I will also update the lastfailurelogintime attribute, then, after 3 failure attempt (I set 3 times login failure attempt in password policy), the attribute pwdAccountLockedTime will then be replicated.

It's strange.....

Most of the ppolicy attributes are operational, and since you never specified a "attrs" in yoru syncrepl config, the default is used, which is:

The attrs list defaults to "*,+" to return all user and operational attributes.

I did notice in ppolicy.c in HEAD:

1120 |   |   /* FIXME: Need to handle replication of some (but not all)
1121 |   |    * of the operational attributes...
1122 |   |    */

So it may be the case that you can't replicate them all yet...