hello, no one have an idea on my issue ?
Regards, On 31 May 2012 16:13, Hugo Deprez <[email protected]> wrote: > Hello, > > I did configure slapo-chain, it seems working, except for password failures : > > - With chain and referal configured, If I add an attribute on the > slave for the user, It will be replicated to the master - but that's > not what I want here. > - If I do some failure authentification on the slave, I don't see any > pwdFailureTime, if I disable the ppolicy_forward_updates parameter I > see pwdFailureTime on the slave. > > Any idea ? > > Here is my configuration : > > overlay chain > chain-uri "ldaps://ldap.mydomain.fr" > chain-rebind-as-user TRUE > chain-idassert-bind bindmethod="simple" > binddn="cn=admin,dc=domain,dc=fr" > credentials="my_password" > mode="self" > chain-tls start > tls_reqcert=demand > tls_cacert=/etc/ssl/certs/ldap.pem > chain-return-error TRUE > > # Referal > updateref ldaps://ldap.mydomain.fr > ppolicy_forward_updates > > > On 30 May 2012 18:37, Howard Chu <[email protected]> wrote: >> Hugo Deprez wrote: >>> >>> Hello, >>> >>> I am trying to do some quite the same thing : >>> trying to send failed authentification made on the consumer to the master. >>> I am using ppolicy overlay. >>> >>> I added the following to the consumer : >>> # Referal >>> updateref ldaps://master.domain.fr >>> ppolicy_forward_updates >>> >>> When I add this on the consumer, accounts are not anymore locked on >>> failed authentification. >>> pwdFailureTime are not register or sent to the master.. >>> Should I use slapo-chain too ? >> >> >> RTFM. slapo-ppolicy(5) ppolicy_forward_updates. >> >>> >>> Regards, >>> >>> Hugo >>> >>> >>> On 6 April 2012 18:12, Quanah Gibson-Mount <[email protected]> wrote: >>>> >>>> --On Friday, April 06, 2012 3:57 PM +0200 Jacques Foucry >>>> <[email protected]> wrote: >>>> >>>>> On 04/04/2012 05:59 PM, anax wrote: >>>>> >>>>> Hello, >>>>> >>>>>> updateref ldap://ldapmaster.symas.com >>>>>> >>>>>> >>>>>> http://www.openldap.org/doc/admin24/replication.html#Replication%20Techn >>>>>> ology >>>>> >>>>> >>>>> >>>>> Well after reading the docs, I made some test on a VM. >>>>> >>>>> My goal is to allow users to change there password. >>>>> >>>>> I have a working replication VM. On this VM I can login with my LDAP >>>>> password (PAM on this VM is client of the replica). >> >> >>> >> >> >> -- >> -- Howard Chu >> CTO, Symas Corp. http://www.symas.com >> Director, Highland Sun http://highlandsun.com/hyc/ >> Chief Architect, OpenLDAP http://www.openldap.org/project/ >> >>
