On Wednesday 24 June 2009 07:00:06 Dieter Kluenter wrote:
"Clowser, Jeff" jeff_clowser@fanniemae.com writes:
I want to set up a cluster of ldap servers. In that cluster, I want:
- One primary supplier server
- One hot standby supplier server
- N read only consumer replicas.
... However, I want operational attributes like password policy attributes to be replicated across the cluster.
...
Well, my idea doesn't work anyway - when the ppolicy overlay updates the pwdFailureTime operational attributes, it doesn't change the entrycsn, so doesn't change the contextcsn, so never gets factored into replication - even with all servers set as multimaster, these operational attributes don't propogate.
I'm guessing for similar reasons, chaining won't work either.
So... Looks like operational attributes like password policy will never be replicated, so things like password lockout occur only on a per server basis, not across a replication cluster of ldap servers.
Is this even possible with openldap?
Thanks, - Jeff