On 10.8.2016 17:19, Martin Basti wrote: > > > On 09.08.2016 23:04, Larry Rosen wrote: >> >> This user was locked out due to Max Failure policy = 5 >> >> If they’re supposed to be replicas, why the different status? >> >> [root@il10 ~]# ipa user-status lramey >> >> ----------------------- >> >> Account disabled: False >> >> ----------------------- >> >> Server: ipa-idm-01.ipajdr.local >> >> Failed logins: 0 >> >> Last successful authentication: 20160808191857Z >> >> Last failed authentication: 20160808191848Z >> >> Time now: 2016-08-09T19:57:20Z >> >> Server: ipa-idm-02.ipajdr.local >> >> Failed logins: 5 >> >> Last successful authentication: 20160809151406Z >> >> Last failed authentication: 20160809194741Z >> >> Time now: 2016-08-09T19:57:21Z >> >> ---------------------------- >> >> Number of entries returned 2 >> >> >> > Hi, > > This is not replicated, because it may cause replication storms. So this > status is local on each replica
Let me add that you can configure LDAP server to replicate this information: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication.html#Fractional_Replication Of course, you will have to accept the performance penalty and higher risk of replication conflicts. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
