28 Apr
2014
28 Apr
'14
6:35 p.m.
From: Michael Ströder Sent: Sunday, April 27, 2014 11:27 PM
Sometimes it's handy to see when people had failed logins even if you
don't
apply lockout policy.
It would be even more handy to be able to roll out password policy support without having to shut down your entire LDAP infrastructure ;).
You simply should not load slapo-ppolicy without also loading its schema.
On a given server, obviously. However, ideally, you should be able to load the module on a given server but not have it actually do anything until password policies are actually applied, allowing you to stage the rollout across your servers until the module is loaded everywhere (with no instance where every single server was unavailable).