Dear sir,
I found that the account policy can't be replicated in openldap 2.4.8
I setup 2 servers, with Mirror mode. Then, I added the password policy and some user accounts in server 1, I then startup server 2, the user accounts are replicated to server 2.
Content of policy.ldif : dn: ou=Policies ou: Policies description: All people in organisation objectClass: organizationalUnit
dn: ou=Policies,o=HKSARG ou: Policies description: All people in organisation objectClass: organizationalUnit
dn: cn=default,ou=Policies,o=HKSARG objectClass: top objectClass: device objectClass: pwdPolicy cn: default pwdAttribute: userPassword pwdMaxFailure: 3 pwdInHistory: 12 pwdMinLength: 6 pwdExpireWarning: 259200 pwdAllowUserChange: TRUE pwdFailureCountInterval: 300 pwdGraceAuthNLimit: 1 pwdLockoutDuration: 300 pwdMustChange: FALSE pwdCheckQuality: 1 pwdMaxAge: 60000000
slapd.conf in server 1 :
#overlay syncprov overlay ppolicy ppolicy_default "cn=default,ou=Policies,o=HKSARG" overlay syncprov
#access to * by dn="cn=Manager" write by * read access to * by * write access to * by * read #database monitor syncprov-checkpoint 100 10 syncprov-sessionlog 100
# syncrepl directives syncrepl rid=1 provider=ldap://202.245.193.128:389/ bindmethod=simple binddn="cn=Manager" credentials=secret searchbase="o=HKSARG" schemachecking=off type=refreshAndPersist retry="60 +"
syncrepl rid=2 provider=ldap://10.166.23.218:389/ bindmethod=simple binddn="cn=Manager" credentials=secret searchbase="o=HKSARG" schemachecking=off type=refreshAndPersist retry="60 +"
mirrormode on serverID 1
slapd.conf in server 2 :
# Password policy overlay ppolicy ppolicy_default "cn=default,ou=Policies,o=HKSARG"
overlay syncprov #access to * by dn="cn=Manager" write by * read access to * by * write access to * by * read
#database monitor syncprov-checkpoint 100 10 syncprov-sessionlog 100
# syncrepl directives syncrepl rid=1 provider=ldap://202.245.193.128:389/ bindmethod=simple binddn="cn=Manager" credentials=secret searchbase="o=HKSARG" schemachecking=off type=refreshAndPersist retry="60 +"
syncrepl rid=2 provider=ldap://10.166.23.218:389/ bindmethod=simple binddn="cn=Manager" credentials=secret searchbase="o=HKSARG" schemachecking=off type=refreshAndPersist retry="60 +"
mirrormode on serverID 2
I input the incorrect password 3 times in server 1 for a user, then, I find that the attribute pwdAccountLockedTime is updated in server 1, but I find that in server 2, this attribute is not replicated. As I result, when I input correct password in server 2, I still get authentication successful, but in server 1, authentication is failed.
Thanks
Confidential Communication - This e-mail (including any attachments) is confidential and may be legally privileged. If this e-mail has been sent to you by mistake please inform us by reply e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the information in it.