2013/12/13 Michael Ströder <michael@stroeder.com>
On Fri, 13 Dec 2013 18:40:02 +0100 (CET) Christian Kratzer <ck-lists@cksoft.de>
> - Allow writes to those edge sites for the purpososes of slapo_ppolicy,
>    slapo_lastbind and password changes.

Note that with OpenLDAP operational attributes set by slapo-ppolicy and
slapo-lastbind are not replicated anyway (with some exceptions like

Not exactly, but I think there are still some bugs in the current implementation (I just opened an ITS on the subject: http://www.openldap.org/its/index.cgi/Incoming?id=7766).

When the entry is created on the slave, all ppolicy attributes are replicated (seems logical to start with the same values as the master). You can then authenticate on slave and have differences between the slave entry and the master entry on failure time or unlock time. But some problems occurs when master entry is modified and replicated on the slave...