Hello,
I did configure slapo-chain, it seems working, except for password failures :
- With chain and referal configured, If I add an attribute on the slave for the user, It will be replicated to the master - but that's not what I want here. - If I do some failure authentification on the slave, I don't see any pwdFailureTime, if I disable the ppolicy_forward_updates parameter I see pwdFailureTime on the slave.
Any idea ?
Here is my configuration :
overlay chain chain-uri "ldaps://ldap.mydomain.fr" chain-rebind-as-user TRUE chain-idassert-bind bindmethod="simple" binddn="cn=admin,dc=domain,dc=fr" credentials="my_password" mode="self" chain-tls start tls_reqcert=demand tls_cacert=/etc/ssl/certs/ldap.pem chain-return-error TRUE
# Referal updateref ldaps://ldap.mydomain.fr ppolicy_forward_updates
On 30 May 2012 18:37, Howard Chu hyc@symas.com wrote:
Hugo Deprez wrote:
Hello,
I am trying to do some quite the same thing : trying to send failed authentification made on the consumer to the master. I am using ppolicy overlay.
I added the following to the consumer : # Referal updateref ldaps://master.domain.fr ppolicy_forward_updates
When I add this on the consumer, accounts are not anymore locked on failed authentification. pwdFailureTime are not register or sent to the master.. Should I use slapo-chain too ?
RTFM. slapo-ppolicy(5) ppolicy_forward_updates.
Regards,
Hugo
On 6 April 2012 18:12, Quanah Gibson-Mount quanah@zimbra.com wrote:
--On Friday, April 06, 2012 3:57 PM +0200 Jacques Foucry jacques.foucry@novasparks.com wrote:
On 04/04/2012 05:59 PM, anax wrote:
Hello,
updateref ldap://ldapmaster.symas.com
http://www.openldap.org/doc/admin24/replication.html#Replication%20Techn ology
Well after reading the docs, I made some test on a VM.
My goal is to allow users to change there password.
I have a working replication VM. On this VM I can login with my LDAP password (PAM on this VM is client of the replica).
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/