[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication and user password change



hello,

no one have an idea on my issue ?

Regards,

On 31 May 2012 16:13, Hugo Deprez <hugo.deprez@gmail.com> wrote:
> Hello,
>
> I did configure slapo-chain, it seems working, except for password failures :
>
> - With chain and referal configured, If I add an attribute on the
> slave for the user, It will be replicated to the master - but that's
> not what I want here.
> - If I do some failure authentification on the slave, I don't see any
> pwdFailureTime, if I disable the ppolicy_forward_updates parameter I
> see pwdFailureTime on the slave.
>
> Any idea ?
>
> Here is my configuration :
>
> overlay chain
> chain-uri               "ldaps://ldap.mydomain.fr"
> chain-rebind-as-user    TRUE
> chain-idassert-bind     bindmethod="simple"
>                        binddn="cn=admin,dc=domain,dc=fr"
>                        credentials="my_password"
>                        mode="self"
> chain-tls            start
>                        tls_reqcert=demand
>                        tls_cacert=/etc/ssl/certs/ldap.pem
> chain-return-error         TRUE
>
> # Referal
> updateref ldaps://ldap.mydomain.fr
> ppolicy_forward_updates
>
>
> On 30 May 2012 18:37, Howard Chu <hyc@symas.com> wrote:
>> Hugo Deprez wrote:
>>>
>>> Hello,
>>>
>>> I am trying to do some quite the same thing :
>>> trying to send failed authentification made on the consumer to the master.
>>> I am using ppolicy overlay.
>>>
>>> I added the following to the consumer :
>>> # Referal
>>> updateref ldaps://master.domain.fr
>>> ppolicy_forward_updates
>>>
>>> When I add this on the consumer, accounts are not anymore locked on
>>> failed authentification.
>>> pwdFailureTime are not register or sent to the master..
>>> Should I use slapo-chain too ?
>>
>>
>> RTFM. slapo-ppolicy(5) ppolicy_forward_updates.
>>
>>>
>>> Regards,
>>>
>>> Hugo
>>>
>>>
>>> On 6 April 2012 18:12, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
>>>>
>>>> --On Friday, April 06, 2012 3:57 PM +0200 Jacques Foucry
>>>> <jacques.foucry@novasparks.com> wrote:
>>>>
>>>>> On 04/04/2012 05:59 PM, anax wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>>> updateref               ldap://ldapmaster.symas.com
>>>>>>
>>>>>>
>>>>>> http://www.openldap.org/doc/admin24/replication.html#Replication%20Techn
>>>>>> ology
>>>>>
>>>>>
>>>>>
>>>>> Well after reading the docs, I made some test on a VM.
>>>>>
>>>>> My goal is to allow users to change there password.
>>>>>
>>>>> I have a working replication VM. On this VM I can login with my LDAP
>>>>> password (PAM on this VM is client of the replica).
>>
>>
>>>
>>
>>
>> --
>>  -- Howard Chu
>>  CTO, Symas Corp.           http://www.symas.com
>>  Director, Highland Sun     http://highlandsun.com/hyc/
>>  Chief Architect, OpenLDAP  http://www.openldap.org/project/
>>
>>