--On November 7, 2014 at 10:25:59 AM +0100 "Elmopi, Stefano" stefano.elmopi@sociale.it wrote:
and all are configured with olc.
All applications that use OpenLDAP for their login are configured to do queries on slave and this creates problems with some options of Ppolicy, Let me explain. I have configured the option that after a user wrong your password 5 times, it is locked. and here lies the problem, because the slave database is read-only and then the block is not reported to the Master and the user does not lock !!! I read that you could do something using the Chain Overlay but I found little documentation and everything I tried did not work. Anyone have any ideas to suggest ?? Thanks
Several.
a) Get a current version of OpenLDAP, and stop using the broken builds shipped by RHEL b) Read the current man page for slapo-ppolicy, particularly the olcPPolicyForwardUpdates parameter
--Quanah