Paul B. Henson wrote: > On Fri, May 23, 2014 at 08:51:02PM -0700, Howard Chu wrote: > >> The *failure* occurred at that instant, not at the instant the request was >> received. It is simply a matter of correctness. > > For my purposes, it doesn't really matter whether the bind is considered > to have failed as of when it was attempted vs when all the processing > was completed, so if you prefer the latter I'll rework my patch to keep > those semanics. > >> You need to actually use microseconds, since the time-increment is >> only unique on the local server and will not guarantee uniqueness in a >> replication scenario. > > Ah, good point. But even with exact microseconds uniqueness cannot be guaranteed in a replication scenario. I also wonder what people who want to see pwdFailureTime replicated expect when bind requests are load-balanced to different replicas - not unusual. I don't think that you can meet the expectations of your IT sec folks regarding exact failure count. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature