[Date Prev][Date Next] [Chronological] [Thread] [Top]

synchronizing ppolicy across different suffixes

Is it possible to synchronize the same ppolicy across different
suffixes on the same server? I would have thought referrals would take
care of this and they to an extent but when the suffix that doesn't
actually contain the policy entry gets a lockout request from failed
attempts, pwdAccountLockedTime gets recorded on the same suffix from
where it was originating -not the one being referenced.

In the manual it states that ppolicy_forward_updates should take care
of this but it requires updateref and the chain overlay (which must be
setup under back_ldap) in order to work. The problem is when I setup
back_ldap and point its database to the original policy entry, it
complains that a previous database declaration has already claimed it
-which is true because I have the database containing that policy
entry on the same machine.

Is there a way to do this or am I going about this wrong?