Consider the following password policy entry to disable password expiration.
dn: cn=noexpire,ou=policies,dc=umlott,dc=lott
cn: noexpire
objectClass: pwdPolicy
objectClass: person
objectClass: top
sn: Password Policy
pwdAttribute: UserPassword
pwdMaxAge: 0
pwdLockout: FALSE
description: Non-Expiring password policy for service accounts.
===============================================
The following LDIF attaches this policy to the 3 users below:
dn: cn=ldapmgr,ou=Service,dc=umlott,dc=lott
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=noexpire,ou=policies,dc=umlott,dc=lott
dn: cn=bind,ou=Service,dc=umlott,dc=lott
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=noexpire,ou=policies,dc=umlott,dc=lott
dn: cn=replicator,ou=Service,dc=umlott,dc=lott
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=noexpire,ou=policies,dc=umlott,dc=lott
This all works well and good when setting up my first LDAP server, however when I setup another LDAP server in mirror mode to the first server the pwdPolicySubentry attribute doesn't carry over to the the second node and I start to see this in the slapd logs:
ppolicy_bind: Setting warning for password expiry for cn=replicator,ou=service,dc=umlott,dc=lott = 0 seconds
What's interesting is that the other two accounts that have the noexpire policy attached carry over the pwdPolicySubentry attribute just fine to the second node.
Any insight would be greatly appreciated.
Mike