Thanks Norkio, I think what I found is probably going to be rather telling.
[CrunkOps@dc01-server01 ~]$ sudo grep 'nsslapd-pwpolicy-local' /etc/dirsrv/slapd-dc01-server01/dse.ldif nsslapd-pwpolicy-local: on [CrunkOps@dc01-server01 ~]$ [CrunkOps@dc01-server02 ~]$ sudo grep 'nsslapd-pwpolicy-local' /etc/dirsrv/slapd-dc01-server02/dse.ldif nsslapd-pwpolicy-local: on [CrunkOps@dc01-server02 ~]$ [CrunkOps@dc02-server01 ~]$ sudo grep 'nsslapd-pwpolicy-local' /etc/dirsrv/slapd-dc02-server01/dse.ldif [CrunkOps@dc02-server01 ~]$ [CrunkOps@dc02-server01 ~]$ date Wed Sep 30 16:31:07 CDT 2015 :D I'm pretty sure what I need to try next... Thanks, Ryan On Wed, Sep 30, 2015 at 4:13 PM, Noriko Hosoi <[email protected]> wrote: > On 09/30/2015 12:08 PM, Ryan Langford wrote: > > Hello, > > I have a curious situation with our LDAP ecosystem at work. I have 2 LDAP > hosts in one data center (one is a replication supplier, one is a consumer) > and 1 consumer host in a separate data center(DC-B). > > > The issue is expired users can still successfully authenticate against the > consumer host DC-B, even though LDAP shows that the password is expired. > > I've compiled outputs from each host into the following paste: > https://paste.fedoraproject.org/273218/44362838/ > > We are using an old version of 389-ds (as you can see from the paste), > version 1.2.9.9, and as far as I can tell (i'm a relative LDAP neophyte) > our configuration and replication properties are as expected, but I'm not > sure if there might be a permissions issue, some other issue, or a bug in > the old version we're using. > > What else should I check next? > > [CrunkOps@dc01-server01 ~]$ ldapsearch -x -D "cn=directory manager" -W -b > "cn=config" -s base nsslapd-pwpolicy-local > [CrunkOps@dc02-server01 ~]$ ldapsearch -x -D "cn=directory manager" -W -b > "cn=config" -s base nsslapd-pwpolicy-local > > [CrunkOps@dc02-server01 ~]$ date > (sorry, this is just to laugh...) > > Thanks, > --noriko > > Thanks, > > Ryan > > > -- > 389 users mailing > [email protected]https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
