2014-05-03 13:22 GMT+02:00 Michael Ströder michael@stroeder.com:
Paul B. Henson wrote:
From: Michael Ströder Sent: Friday, May 02, 2014 4:21 AM
If just add "moduleload ppolicy" to your slapd.conf (or similar action
for
[...]
In a second step you have to add "overlay ppolicy" to the database
section
Sweet, I never considered loading the module but not using it. Thanks
much
for the follow-up and suggestion, I think that will allow me to stage the deployment as I wanted without any downtime.
all replicas, also one after the other. The replication will catch up
even
though some prior modifications might have failed in the past.
Will there be any failures? After step one, all of the replicas should
have
the schema loaded. As you start migrating servers to step two, they will start generating and trying to replicate the attribute. As the other
servers
already know about the attribute, wouldn't the replication succeed,
although
at that point there would be nothing on that particular server paying any attention to it?
In my test setup 1. provider has slapo-ppolicy fully configured in the database section but 2. provider does not have it. The attribute is replicated.
BTW: AFAIK write operations to 'pwdFailureTime' are normally not replicated. But with normal syncrepl mode attribute 'pwdFailureTime' will get replicated if there's a change to another attribute. Maybe one could mitigate this by setting parameter 'attrs' to not include all operational attributes. But I would not recommend doing so.
Hi,
I opened an ITS for a similar thing: http://www.openldap.org/its/index.cgi/Incoming?id=7766
Any feedback about it?
Clément.