That makes me wonder what his script is doing... Sounds like the script is handling some part of the replication.
Also: Cent6.2 has been out for quite a while, with OpenLDAP 2.4.23 binaries. Considered old and 'unsupported' by the OpenLDAP crew, but still working flawlessly in our simple setup (used for just system auth for ssh, sudo, svn, etc.). We are using ppolicy, but found the syncing password failures AND having a user's actual password be checked (making the password failure sync useless) turned out to not be doable (I won't say possible as I'm open to our configs being off, but haven't heard any suggestions). In short, I understand not wanting to compile and support your own binaries, but Cent6.2 is a pretty easy upgrade (opt for sssd vs pam_ldap).
- chris
Chris Jacobs Systems Administrator, Technology Services Group
Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Sat Jun 16 10:02:10 2012 Subject: Re: Monitoring 2.3.43?
On Sat, 16 Jun 2012 17:49:07 +0200, Turbo Fredriksson wrote:
After monitoring a colleagues batch modifications, I now see that the contextCSN now match:
paragon: 20120616153755.474331 kelvin: 20120616153755.474331
This, BESPITE that the actual ppolicy does NOT exist on kelvin!
And even worse: Some modifications does not propagate to the slaves! Sometimes. Running his script again, the changes seems to be there.. -- ... but you know as soon as Oracle starts waving its wallet at a Company it's time to run - fast. /illumos mailing list
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.