On Wednesday 24 June 2009 07:00:06 Dieter Kluenter wrote:
> "Clowser, Jeff" <jeff_clowser(a)fanniemae.com> writes:
> > I want to set up a cluster of ldap servers. In that
> > cluster, I want:
> > - One primary supplier server
> > - One hot standby supplier server
> > - N read only consumer replicas.
> > However, I want operational attributes like password
> > policy attributes
> > to be replicated across the cluster.
Well, my idea doesn't work anyway - when the ppolicy overlay updates
the pwdFailureTime operational attributes, it doesn't change the
entrycsn, so doesn't change the contextcsn, so never gets factored
into replication - even with all servers set as multimaster, these
operational attributes don't propogate.
I'm guessing for similar reasons, chaining won't work either.
So... Looks like operational attributes like password policy will
never be replicated, so things like password lockout occur only on
a per server basis, not across a replication cluster of ldap servers.
Is this even possible with openldap?