Consider the following password policy entry to disable password expiration.
dn: cn=noexpire,ou=policies,dc=umlott,dc=lott cn: noexpire objectClass: pwdPolicy objectClass: person objectClass: top sn: Password Policy pwdAttribute: UserPassword pwdMaxAge: 0 pwdLockout: FALSE description: Non-Expiring password policy for service accounts. ===============================================
The following LDIF attaches this policy to the 3 users below:
dn: cn=ldapmgr,ou=Service,dc=umlott,dc=lott changetype: modify add: pwdPolicySubentry pwdPolicySubentry: cn=noexpire,ou=policies,dc=umlott,dc=lott
dn: cn=bind,ou=Service,dc=umlott,dc=lott changetype: modify add: pwdPolicySubentry pwdPolicySubentry: cn=noexpire,ou=policies,dc=umlott,dc=lott
dn: cn=replicator,ou=Service,dc=umlott,dc=lott changetype: modify add: pwdPolicySubentry pwdPolicySubentry: cn=noexpire,ou=policies,dc=umlott,dc=lott
This all works well and good when setting up my first LDAP server, however when I setup another LDAP server in mirror mode to the first server the pwdPolicySubentry attribute doesn't carry over to the the second node and I start to see this in the slapd logs:
ppolicy_bind: Setting warning for password expiry for cn=replicator,ou=service,dc=umlott,dc=lott = 0 seconds
What's interesting is that the other two accounts that have the noexpire policy attached carry over the pwdPolicySubentry attribute just fine to the second node.
Any insight would be greatly appreciated.
Mike