27 Apr
2014
27 Apr
'14
11:26 p.m.
Paul B. Henson wrote:
Even without any active policies defined, the ppolicy overlay starts generating and replicating pwdFailureTime entries, and any replication consumer without the module also loaded breaks and stops replicating. I'm not sure what use it is to maintain pwdFailureTime entries for objects with no actual password policy in place, other than I suppose to retroactively apply a policy that might be added in the future based on historical authentication failures.
Sometimes it's handy to see when people had failed logins even if you don't apply lockout policy.
You simply should not load slapo-ppolicy without also loading its schema.
Ciao, Michael.