[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication and user password change

To: Howard Chu <hyc@symas.com>
Subject: Re: Replication and user password change
From: Hugo Deprez <hugo.deprez@gmail.com>
Date: Thu, 31 May 2012 16:13:48 +0200
Cc: Jacques Foucry <jacques.foucry@novasparks.com>, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=6lpfoqmEYhrDEDDGf9bmOLjS3wB1Sg5m1Ut5EY8d4+c=; b=nJj5G+djzJhZrRAGMkjBwaqI3eqoLQDs88xNh2pm/FeZpN8uF0ZNO4mK4Gb6PcHMUH MBYaDzlNOCHPdlIj1/0RYRIqgLCY4QdlSa739ILe/WrH3WmoinudVLTFP1qtXFt3fDKj UiUKqItH2ea3kQ17NGuc0HVhQMZfhwmvopCUnef19iz5zWsXYoWYbq5OCNJ94QhrZIeb LOXhz17d43t3IeO6mMebXsNG2iJ56Y7FKDe4Qv9PZwQLp7qfZr1dPVemIwMhy5k5V5Dn OUnWNkkT3f59U4toWpqZKxu+MGnGRIuhgi5HTgV+Hib3NKs5iGKEJW5nzGbmicJi3Lre y5GA==
In-reply-to: <4FC64CD7.2080104@symas.com>
References: <4F7C5713.3010205@novasparks.com> <4F7C6FE1.90609@ayni.com> <4F7EF62F.8010202@novasparks.com> <C2358B5B586C60966B3C96D9@192.168.1.44> <CAAoQnKhxVwofOVt+tsSKdWWenMNUhZjpcb4nww+RBgpj+Uj72A@mail.gmail.com> <4FC64CD7.2080104@symas.com>

Hello,

I did configure slapo-chain, it seems working, except for password failures :

- With chain and referal configured, If I add an attribute on the
slave for the user, It will be replicated to the master - but that's
not what I want here.
- If I do some failure authentification on the slave, I don't see any
pwdFailureTime, if I disable the ppolicy_forward_updates parameter I
see pwdFailureTime on the slave.

Any idea ?

Here is my configuration :

overlay chain
chain-uri               "ldaps://ldap.mydomain.fr"
chain-rebind-as-user    TRUE
chain-idassert-bind     bindmethod="simple"
                        binddn="cn=admin,dc=domain,dc=fr"
                        credentials="my_password"
                        mode="self"
chain-tls            start
                        tls_reqcert=demand
                        tls_cacert=/etc/ssl/certs/ldap.pem
chain-return-error         TRUE

# Referal
updateref ldaps://ldap.mydomain.fr
ppolicy_forward_updates


On 30 May 2012 18:37, Howard Chu <hyc@symas.com> wrote:
> Hugo Deprez wrote:
>>
>> Hello,
>>
>> I am trying to do some quite the same thing :
>> trying to send failed authentification made on the consumer to the master.
>> I am using ppolicy overlay.
>>
>> I added the following to the consumer :
>> # Referal
>> updateref ldaps://master.domain.fr
>> ppolicy_forward_updates
>>
>> When I add this on the consumer, accounts are not anymore locked on
>> failed authentification.
>> pwdFailureTime are not register or sent to the master..
>> Should I use slapo-chain too ?
>
>
> RTFM. slapo-ppolicy(5) ppolicy_forward_updates.
>
>>
>> Regards,
>>
>> Hugo
>>
>>
>> On 6 April 2012 18:12, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
>>>
>>> --On Friday, April 06, 2012 3:57 PM +0200 Jacques Foucry
>>> <jacques.foucry@novasparks.com> wrote:
>>>
>>>> On 04/04/2012 05:59 PM, anax wrote:
>>>>
>>>> Hello,
>>>>
>>>>> updateref               ldap://ldapmaster.symas.com
>>>>>
>>>>>
>>>>> http://www.openldap.org/doc/admin24/replication.html#Replication%20Techn
>>>>> ology
>>>>
>>>>
>>>>
>>>> Well after reading the docs, I made some test on a VM.
>>>>
>>>> My goal is to allow users to change there password.
>>>>
>>>> I have a working replication VM. On this VM I can login with my LDAP
>>>> password (PAM on this VM is client of the replica).
>
>
>>
>
>
> --
>  -- Howard Chu
>  CTO, Symas Corp.           http://www.symas.com
>  Director, Highland Sun     http://highlandsun.com/hyc/
>  Chief Architect, OpenLDAP  http://www.openldap.org/project/
>
>

References:
- Re: Replication and user password change
  - From: Hugo Deprez <hugo.deprez@gmail.com>
- Re: Replication and user password change
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: shadowMax
Next by Date: About not enoguh space - unable to allocate memory for transaction detail
Index(es):
- Chronological
- Thread