On Fri, 13 Dec 2013, Michael Ströder wrote:
On Fri, 13 Dec 2013 18:40:02 +0100 (CET) Christian Kratzer
> - Allow writes to those edge sites for the purpososes of slapo_ppolicy,
> slapo_lastbind and password changes.
Note that with OpenLDAP operational attributes set by slapo-ppolicy and
slapo-lastbind are not replicated anyway (with some exceptions like
For slapo-ppoolicy I do see pwdFailureTime, pwdAccountLockedTime,
pwdChangedTime being replicated which is enough for my use case.
For slapo-lastbind pwdAuthTimestamp is not replicated by default.
I have local patches from (ITS#7721) to also replicate authTimestamp.
I am planning on setting olcLastBindPrecision to a large value of 8 hours
or more which is also more than enough for the customers requirement of
finding users who have not logged in for 6 months.
I am thinking about having MMR write access upto the edges where I would
usually have read only slaves in order to have above attributes propagete.
Christian Kratzer CK Software GmbH
Email: ck(a)cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Geschaeftsfuehrer: Christian Kratzer