I'm trying to implement account lockouts for <n> failed login attempts in a multi-master environment.
I used something like the following ldif to enable to lockouts: dn: cn="cn=nsPwPolicyEntry,ou=people,dc=example,dc=com",cn=nsPwPolicyContainer,ou=people,dc=example,dc=com changetype: modify add: passwordLockout passwordLockout: on - add: passwordMaxFailure passwordMaxFailure: 5 - add: passwordResetFailureCount passwordResetFailureCount: 1800 - add: passwordLockoutDuration passwordLockoutDuration: 1800 It works (kind of), but there are 2 problems: 1) Even though the passwordLockoutDuration is only 30 minutes, it locks the user out indefinitely (i.e. accountUnlockTime: 19700101000000Z) 2) The accountUnlockTime attribute doesn't get replicated, so the user is only locked out of 1 of the 4 master servers. Any idea what I am doing wrong? Thanks, -- Mitch Patenaude mpatena...@shutterfly.com Systems engineer _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
