Justin Crawford wrote:
Yes. You have to enable global password policy. By default, password policy is local to each host. You have to enable global password policy to replicate the password policy op attrs. In the entry cn=config, set the attribute passwordisglobalpolicy to the value "on".Justin Crawford wrote:Is "passwordRetryCount" replicated in a multimaster setup?Or, whenreplicatedreplication copies a "userPassword" change, is "passwordRetryCount" reset to 0 in the consumer, by the consumer?I just helped a user whose retry count was 0 on one of ourLDAPs, but stuck at maximum on the other, *after* multiple password changes. I didn't think that would be possible!Are these read-only replicas or masters?These are both masters in a multimaster setup. Changing the password on ldap1 changes the password and passwordExpirationTime on ldap2. But passwordRetryCount on ldap2 remains unchanged. I've usually seen passwordRetryCount reset to 0 when userPassword changes, no matter how the password change occurs. Is it different with multimaster replication?
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
