I did configure slapo-chain, it seems working, except for password failures :
- With chain and referal configured, If I add an attribute on the
slave for the user, It will be replicated to the master - but that's
not what I want here.
- If I do some failure authentification on the slave, I don't see any
pwdFailureTime, if I disable the ppolicy_forward_updates parameter I
see pwdFailureTime on the slave.
Any idea ?
Here is my configuration :
On 30 May 2012 18:37, Howard Chu <hyc(a)symas.com> wrote:
Hugo Deprez wrote:
> I am trying to do some quite the same thing :
> trying to send failed authentification made on the consumer to the master.
> I am using ppolicy overlay.
> I added the following to the consumer :
> # Referal
> updateref ldaps://master.domain.fr
> When I add this on the consumer, accounts are not anymore locked on
> failed authentification.
> pwdFailureTime are not register or sent to the master..
> Should I use slapo-chain too ?
RTFM. slapo-ppolicy(5) ppolicy_forward_updates.
> On 6 April 2012 18:12, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
>> --On Friday, April 06, 2012 3:57 PM +0200 Jacques Foucry
>> <jacques.foucry(a)novasparks.com> wrote:
>>> On 04/04/2012 05:59 PM, anax wrote:
>>>> updateref ldap://ldapmaster.symas.com
>>> Well after reading the docs, I made some test on a VM.
>>> My goal is to allow users to change there password.
>>> I have a working replication VM. On this VM I can login with my LDAP
>>> password (PAM on this VM is client of the replica).
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/