[Date Prev][Date Next]
Re: Password policy can't replicate in openldap 2.4.8
Paul Lee wrote:
I have created the lastlogintime attribute and lastfailurelogintime
attribute (user defined attribute).
For each time I input the wrong password, I will also update the
lastfailurelogintime attribute, then, after 3 failure attempt (I set 3
times login failure attempt in password policy), the attribute
pwdAccountLockedTime will then be replicated.
Most of the ppolicy attributes are operational, and since you never
specified a "attrs" in yoru syncrepl config, the default is used, which is:
The attrs list defaults to "*,+" to return all user and operational
I did notice in ppolicy.c in HEAD:
1120 | | /* FIXME: Need to handle replication of some (but not all)
1121 | | * of the operational attributes...
1122 | | */
So it may be the case that you can't replicate them all yet...