Re: Expired Passwords still work on replica some replica consumers, not on others

Noriko Hosoi <nhosoi@xxxxxxxxxx> · Wed, 30 Sep 2015 14:13:49 -0700



    On 09/30/2015 12:08 PM, Ryan Langford
      wrote:

    
          Hello,

            
          I have a curious situation with our LDAP ecosystem at work.  I
          have 2 LDAP hosts in one data center (one is a replication
          supplier, one is a consumer) and 1 consumer host in a separate
          data center(DC-B).

          
        The issue is expired users can still successfully
          authenticate against the consumer host DC-B, even though LDAP
          shows that the password is expired.  

          
        I've compiled outputs from each host into the following
          paste:

          https://paste.fedoraproject.org/273218/44362838/

          
        We are using an old version of 389-ds (as you can see from
          the paste), version 1.2.9.9, and as far as I can tell (i'm a
          relative LDAP neophyte) our configuration and replication
          properties are as expected, but I'm not sure if there might be
          a permissions issue, some other issue, or a bug in the old
          version we're using.

          
        What else should I check next?

        
    [CrunkOps@dc01-server01 ~]$ ldapsearch -x -D "cn=directory
        manager" -W -b "cn=config" -s base nsslapd-pwpolicy-local

    [CrunkOps@dc02-server01 ~]$ ldapsearch -x -D "cn=directory
        manager" -W -b "cn=config" -s base nsslapd-pwpolicy-local

        
      [CrunkOps@dc02-server01 ~]$ date

    (sorry, this is just to laugh...)

    
    Thanks,

    --noriko

    
        Thanks,

          
        Ryan

        
      --
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
    
    
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users