Re: Openldap Master Slave configuration

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On November 7, 2014 at 10:25:59 AM +0100 "Elmopi, Stefano" 
<stefano.elmopi@sociale.it> wrote:

> > and all are configured with olc.
> All applications that use OpenLDAP for their login are configured to do
> queries on slave and this creates problems with some options of Ppolicy,
> Let me explain. I have configured the option that after a user wrong your
> password 5 times, it is locked.
> and here lies the problem, because the slave database is read-only and
> then the block is not reported to the Master and the user does not lock
> !!!
> I read that you could do something using the Chain Overlay but I found
> little documentation and everything I tried did not work.
> Anyone have any ideas to suggest ??
> Thanks

Several.

a) Get a current version of OpenLDAP, and stop using the broken builds 
shipped by RHEL
b) Read the current man page for slapo-ppolicy, particularly the 
olcPPolicyForwardUpdates parameter

--Quanah


--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration