[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: deploying password policy module

> From: Michael Ströder
> Sent: Tuesday, April 29, 2014 12:50 PM
> AFAICS nothing prevents you from loading the schema first on all replicas.
> And after that load the overlay.

The attribute in question is not defined in the external schema, in fact, it
is commented out:

#5.3.4  pwdFailureTime
#   This attribute holds the timestamps of the consecutive authentication
#   failures.
#      (
#      NAME 'pwdFailureTime'
#      DESC 'The timestamps of the last consecutive authentication
#      failures'
#      EQUALITY generalizedTimeMatch
#      ORDERING generalizedTimeOrderingMatch
#      SYNTAX
#      USAGE directoryOperation )

The actual definition used by openldap is embedded in the schema_info within
the ppolicy module itself. So, having the external schema loaded on one
replica, and the module itself in use on another, still results in failed