> From: Michael Ströder > Sent: Tuesday, April 29, 2014 12:50 PM > > AFAICS nothing prevents you from loading the schema first on all replicas. > And after that load the overlay.
The attribute in question is not defined in the external schema, in fact, it is commented out: #5.3.4 pwdFailureTime # # This attribute holds the timestamps of the consecutive authentication # failures. # # ( 1.3.6.1.4.1.42.2.27.8.1.19 # NAME 'pwdFailureTime' # DESC 'The timestamps of the last consecutive authentication # failures' # EQUALITY generalizedTimeMatch # ORDERING generalizedTimeOrderingMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 # USAGE directoryOperation ) The actual definition used by openldap is embedded in the schema_info within the ppolicy module itself. So, having the external schema loaded on one replica, and the module itself in use on another, still results in failed replication.
