Sadique Puthen wrote:
Hi,
Is it possible to replicate password policy related attributes using sync replication while using ppolicy overlay?
I am specifically asking about replicating pwdChangedTime, pwdAccountLockedTime, pwdHistory and etc... not about password configuration related attributes,
In general, ppolicy related state values are not replicated; each replica is on its own as far as state-related attributes in enforcing password policy. I recall discussion about if and how this type of info should be replicated or somehow shared on the IETF ldapext list, but the conclusion sounded like "replication and password policy are two separate things with some overlap; if we bundle them, consensus on the draft will be harder to achieve, so let's keep them separate (and leave them to implementors, I guess)". I hope my short and incomplete summary of the discussion is not too short and incomplete.
p.