[Freeipa-users] Why is user status different on each master replica?
Petr Spacek
pspacek at redhat.com
Thu Aug 11 08:18:53 UTC 2016
On 10.8.2016 17:19, Martin Basti wrote:
>
>
> On 09.08.2016 23:04, Larry Rosen wrote:
>>
>> This user was locked out due to Max Failure policy = 5
>>
>> If they’re supposed to be replicas, why the different status?
>>
>> [root at il10 ~]# ipa user-status lramey
>>
>> -----------------------
>>
>> Account disabled: False
>>
>> -----------------------
>>
>> Server: ipa-idm-01.ipajdr.local
>>
>> Failed logins: 0
>>
>> Last successful authentication: 20160808191857Z
>>
>> Last failed authentication: 20160808191848Z
>>
>> Time now: 2016-08-09T19:57:20Z
>>
>> Server: ipa-idm-02.ipajdr.local
>>
>> Failed logins: 5
>>
>> Last successful authentication: 20160809151406Z
>>
>> Last failed authentication: 20160809194741Z
>>
>> Time now: 2016-08-09T19:57:21Z
>>
>> ----------------------------
>>
>> Number of entries returned 2
>>
>>
>>
> Hi,
>
> This is not replicated, because it may cause replication storms. So this
> status is local on each replica
Let me add that you can configure LDAP server to replicate this information:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication.html#Fractional_Replication
Of course, you will have to accept the performance penalty and higher risk of
replication conflicts.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list