I want the account lockout policy of all 3 servers to be the same, and the account lockout status of a given bind-dn to be the same across all 3. I made the config shown below, but when I locked an account via purposely failed bind attempts to one of the consumers, neither the supplier nor the other consumer got informed that the account was locked. Any ideas? Thanks The config: ==================== I ran this on the supplier and both consumers: ldapmodify -h localhost -cax -D "cn=directory manager" -y ~/pword <<BYE dn: cn=config changetype: modify add: passwordLockout passwordLockout: on - add: passwordUnlock passwordUnlock: on - add: passwordMaxFailure passwordMaxFailure: 20 - add: passwordLockoutDuration passwordLockoutDuration: 3600 - add: passwordResetFailureCount passwordResetFailureCount: 600 BYE And this on each of the 2 consumers: ldapmodify -h localhost -D cn="Directory Manager" -y ~/pword <<BYE dn: cn=config changetype: modify replace: passwordIsGlobalPolicy passwordIsGlobalPolicy: on BYE -- Jon Detert Sr. Systems Administrator Infinity Healthcare Milwaukee, Wisconsin -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
