Paul Lee wrote:
I have created the lastlogintime attribute and lastfailurelogintime attribute (user defined attribute).
For each time I input the wrong password, I will also update the lastfailurelogintime attribute, then, after 3 failure attempt (I set 3 times login failure attempt in password policy), the attribute pwdAccountLockedTime will then be replicated.
It's strange.....
Most of the ppolicy attributes are operational, and since you never specified a "attrs" in yoru syncrepl config, the default is used, which is:
The attrs list defaults to "*,+" to return all user and operational attributes.
I did notice in ppolicy.c in HEAD:
1120 | | /* FIXME: Need to handle replication of some (but not all) 1121 | | * of the operational attributes... 1122 | | */
So it may be the case that you can't replicate them all yet...
Gavin.