Bryan Wann wrote: > Rich Megginson wrote: > >> You need to enable global password policy. You need to set the >> attribute "passwordIsGlobalPolicy" in cn=config to the value "1". > > > Awesome, that works beautifully for what I need. Thanks for the reply. > > Of course, now comes the problem if a user fails their auth on a > replica it isn't reflected in the master servers. I assume this is > due to the inherent one-way master-to-replica replication. Having > referrers doesn't seem to help. Is there a way around this, or is it > a fact of life? You can set up "chain on update". This will allow bind and write operations to "pass through" the replica to a master. Normally when you attempt a write operation to a read-only replica, your application will receive a referral to one of the masters. With chain on update, the replica follows the referral for you. Same with BINDs. Then, all of the password policy history will be stored on the masters and propagated to all of your other masters and replicas. However, this involves quite a bit more set up work. Let me know if you're interested. > > --bryan > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20050818/e943d487/attachment.bin
