[Fedora-directory-users] Account lockout replication
Rich Megginson
rmeggins at redhat.com
Thu Aug 18 18:47:03 UTC 2005
Bryan Wann wrote:
> Rich Megginson wrote:
>
>> You need to enable global password policy. You need to set the
>> attribute "passwordIsGlobalPolicy" in cn=config to the value "1".
>
>
> Awesome, that works beautifully for what I need. Thanks for the reply.
>
> Of course, now comes the problem if a user fails their auth on a
> replica it isn't reflected in the master servers. I assume this is
> due to the inherent one-way master-to-replica replication. Having
> referrers doesn't seem to help. Is there a way around this, or is it
> a fact of life?
You can set up "chain on update". This will allow bind and write
operations to "pass through" the replica to a master. Normally when you
attempt a write operation to a read-only replica, your application will
receive a referral to one of the masters. With chain on update, the
replica follows the referral for you. Same with BINDs. Then, all of
the password policy history will be stored on the masters and propagated
to all of your other masters and replicas.
However, this involves quite a bit more set up work. Let me know if
you're interested.
>
> --bryan
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20050818/e943d487/attachment.bin>
More information about the Fedora-directory-users
mailing list