Hello, I am trying to set up a global account lockout policy. In the Deployment Guide, it says "Account lockout is enforced on the replicas" and "The password policy information ... such as password age, the account lockout counter ... are all replicated." When I trigger the lockout on an account, I see the accountUnlockTime attribute get added to the account's directory entry. From what I make of the text in the Deployment Guide, accountUnlockTime should be replicated to my other master and corresponding consumers, thus locking out the account everywhere. This isn't what I'm seeing; I am only locked out of the master on which it was originally triggered, I can still bind using the account on the other master and consumers. I have applied the same password and lockout policy to all of my servers, so the configuration should be consistent. Do I have the wrong expectations on how this should work? Does "enforced on the replicas" simply mean the replicas as an independant server will perform lockouts? Anyone been able to solve this one? --bryan
