Dear sir,

I found that the account policy can't be replicated in openldap 2.4.8

I setup 2 servers, with Mirror mode.  Then, I added the password policy and some user accounts in server 1, I then startup server 2, the user accounts are replicated to server 2.

Content of policy.ldif :
dn: ou=Policies
ou: Policies
description: All people in organisation
objectClass: organizationalUnit

dn: ou=Policies,o=HKSARG
ou: Policies
description: All people in organisation
objectClass: organizationalUnit

dn: cn=default,ou=Policies,o=HKSARG
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: default
pwdAttribute: userPassword
pwdMaxFailure: 3
pwdInHistory: 12
pwdMinLength: 6
pwdExpireWarning: 259200
pwdAllowUserChange: TRUE
pwdFailureCountInterval: 300
pwdGraceAuthNLimit: 1
pwdLockoutDuration: 300
pwdMustChange: FALSE
pwdCheckQuality: 1
pwdMaxAge: 60000000

slapd.conf in server 1 :

#overlay syncprov
overlay ppolicy
ppolicy_default "cn=default,ou=Policies,o=HKSARG"
overlay syncprov

#access to * by dn="cn=Manager" write by * read
access to * by * write
access to * by * read
#database monitor
syncprov-checkpoint 100 10
syncprov-sessionlog 100

# syncrepl directives
syncrepl      rid=1
              provider=ldap://202.245.193.128:389/
              bindmethod=simple
              binddn="cn=Manager"
              credentials=secret
              searchbase="o=HKSARG"
              schemachecking=off
              type=refreshAndPersist
              retry="60 +"

syncrepl      rid=2
              provider=ldap://10.166.23.218:389/
              bindmethod=simple
              binddn="cn=Manager"
              credentials=secret
              searchbase="o=HKSARG"
              schemachecking=off
              type=refreshAndPersist
              retry="60 +"

mirrormode on
serverID   1

slapd.conf in server 2 :

# Password policy
overlay ppolicy
ppolicy_default "cn=default,ou=Policies,o=HKSARG"

overlay syncprov
#access to * by dn="cn=Manager" write by * read
access to * by * write
access to * by * read


#database monitor
syncprov-checkpoint 100 10
syncprov-sessionlog 100

# syncrepl directives
syncrepl      rid=1
              provider=ldap://202.245.193.128:389/
              bindmethod=simple
              binddn="cn=Manager"
              credentials=secret
              searchbase="o=HKSARG"
              schemachecking=off
              type=refreshAndPersist
              retry="60 +"

syncrepl      rid=2
              provider=ldap://10.166.23.218:389/
              bindmethod=simple
              binddn="cn=Manager"
              credentials=secret
              searchbase="o=HKSARG"
              schemachecking=off
              type=refreshAndPersist
              retry="60 +"

mirrormode on
serverID    2

I input the incorrect password 3 times in server 1 for a user, then, I find that the attribute pwdAccountLockedTime is updated in server 1, but I find that in server 2, this attribute is not replicated.  As I result, when I input correct password in server 2, I still get authentication successful, but in server 1, authentication is failed.

Thanks
Confidential Communication - This e-mail (including any attachments) is confidential and may be 
legally privileged. If this e-mail has been sent to you by mistake please inform us by reply 
e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the 
information in it.