Full_Name: maria saez Version: 2.4.8 OS: debian etch URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.145.230.2)
An account locked in a consumer needs two password changes in the provider to be unlocked.
The first time that we change the password in the provider the password change is replicated in the consumer but the account remains locked.
Can you help us? We have openldap-2.4.7 and openldap-2.4.8
Is this situation normal?
We have the following configuration:
Provider ------------------------------------------- database bdb suffix "dc=xx,dc=es" rootdn "cn=config" directory /xx/data index entryCSN eq index entryUUID eq index objectClass eq index mail eq # define the replica provider for this database # (last directives in database section) overlay ppolicy ppolicy_default "cn=Standard Policy,ou=Policies,dc=xx,dc=es" ppolicy_use_lockout
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
Consumer ---------------------------------------------------------------- database bdb suffix "dc=xx,dc=es" rootdn "cn=config" directory /xx/data index entryCSN eq index entryUUID eq index objectClass eq index mail eq
overlay ppolicy ppolicy_default "cn=Standard Policy,ou=Policies,dc=ua,dc=es" ppolicy_use_lockout
syncrepl rid=123 provider=ldaps://xx.xx.es:xx/ binddn="cn=config" bindmethod=simple credentials=xx searchbase="dc=xx,dc=es" schemachecking=on type=refreshAndPersist retry="60 +"
overlay syncprov ------------------------------------------------------------------- The policy we have defined:
dn: cn=Standard Policy,ou=Policies,dc=xx,dc=es cn: Standard Policy objectClass: top objectClass: device objectClass: pwdPolicy pwdAttribute: 2.5.4.35 pwdLockout: TRUE pwdLockoutDuration: 0 pwdInHistory: 6 pwdCheckQuality: 2 pwdExpireWarning: 10 pwdMaxAge: 120 pwdMinLength: 5 pwdGraceAuthnLimit: 3 pwdAllowUserChange: TRUE pwdMustChange: TRUE pwdMaxFailure: 3 pwdFailureCountInterval: 120 pwdSafeModify: TRUE pwdMinAge: 120 -------------------------------------------------------------