On 10.8.2016 17:19, Martin Basti wrote:
> 
> 
> On 09.08.2016 23:04, Larry Rosen wrote:
>>
>> This user was locked out due to Max Failure policy = 5
>>
>> If they’re supposed to be replicas, why the different status?
>>
>> [root@il10 ~]# ipa user-status  lramey
>>
>> -----------------------
>>
>> Account disabled: False
>>
>> -----------------------
>>
>>   Server: ipa-idm-01.ipajdr.local
>>
>>   Failed logins: 0
>>
>>   Last successful authentication: 20160808191857Z
>>
>>   Last failed authentication: 20160808191848Z
>>
>>   Time now: 2016-08-09T19:57:20Z
>>
>>   Server: ipa-idm-02.ipajdr.local
>>
>>   Failed logins: 5
>>
>>   Last successful authentication: 20160809151406Z
>>
>>   Last failed authentication: 20160809194741Z
>>
>>   Time now: 2016-08-09T19:57:21Z
>>
>> ----------------------------
>>
>> Number of entries returned 2
>>
>>
>>
> Hi,
> 
> This is not replicated, because it may cause replication storms. So this
> status is local on each replica

Let me add that you can configure LDAP server to replicate this information:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication.html#Fractional_Replication

Of course, you will have to accept the performance penalty and higher risk of
replication conflicts.

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to