OK. Further research-- it appears I have an issue with "passwordretrycount" not replicating-- which apparently (did some searches..) is a problem others have had, when the directory services is set up in a replicating fashion (multi-master in my case). Has to do with global password policy settings, and what is allowed to replicate-- or not. I found the offending entry (passwordretrycount existed for the user on one node, not the other) and deleted it. My question now is: What's the correct solution to this? Forum postings I've found thus far are unclear. Any ideas appreciated! --Kent PS: Thanks for the tons of help, I learned a lot today on debugging this stuff for future issues... -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
