Hi, we have set up a multi master replication (two peers, SIMPLE authentication) and added a global password policy to cn=config. We included the passwordMustChange attribute to cn=config, which led to the fact that the server process could not authenticate to the replication manager of the peer host. We solved it by removing the generated attribute passwordExpirationTime. How is it usually handled to include something like passwordExp in the global policy at cn=config without preventing something like replication from working: 1. Apply a user based policy (w/o passwordExp) to the user-like object "replication manager", or 2. Place the user-like objects like "replication manager" to the DIT (not cn=config) and apply a subtree based policy (w/o passwordExp) to the subtree containing the object, or 3. avoid setting pwdExp and pwdMustChange to a global policy at cn=config, or 4. something else? Thanx, Eugen _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
