Hi, you have to add in your configuration of ppolicy overlay the directive
about the forwarding of operational attirbutes related to ppolicy to the
master server. So you have this attributes syncronized in all your servers.
ppolicy_forward_updates available since version 2.4.18.
Regards
Marco
On Fri, Jul 2, 2010 at 1:46 PM, Christian Bösch <[email protected]> wrote:
> hi,
>
> i just added password policy overlay to our openldap servers (2.4.21)
> it works fine in general. i can change password as user and it gets well
> replicated
> between provider and consumer.
>
> but since i added password policy i have a strange behaviour:
> _i do a ldapsearch on the provider and type in a wrong password for the
> binding user,
> then i get: ldap_bind: Invalid credentials (49) - as expected
> _if i do the same on the consumer (type in wrong password for binding)
> ldapsearch
> get me search results without to complain about wrong password. it just
> adds a pwdFailureTime
> attribute on the provider and consumer. but i also expect to get a
> ldap_bind: Invalid credentials (49) error?
>
> thx for any ideas!
>
> /chris
>
>
>
--
_________________________________________
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison
