On Monday, 5 July 2010 08:35:02 Christian Bösch wrote: > now i have tested this and got the following conclusion: > > ppolicy_forward TRUE on the consumer: > everything is well synced > ldapsearch on the consumer with wrong binding password gets search results. > not so on the provider. here i get ldap_bind: Invalid credentials (49)
So, the new feature does not seem to work correctly. Has someone filed an ITS? > ppolicy_forward FALSE on the consumer: > ldapsearch with wrong password results on both machines in invalid > credentials. i'm wondering that pwdHistory is synced well however... pwdHistory can only be updated on the provider, so this is not a concern. > pwdFailureTime is only synced from provider to consumer. if failed > authentication takes place on the consumer, then pwdFailureTime is added > only on the consumer locally which is a problem if i want to use lockout. This is the same as the behaviour prior to this feature. There are workarounds. Regards, Buchan
