Re: [Freeipa-users] Why is user status different on each master replica?
On 10.8.2016 17:19, Martin Basti wrote: > > > On 09.08.2016 23:04, Larry Rosen wrote: >> >> This user was locked out due to Max Failure policy = 5 >> >> If they’re supposed to be replicas, why the different status? >> >> [root@il10 ~]# ipa user-status lramey >> >> --- >> >> Account disabled: False >> >> --- >> >> Server: ipa-idm-01.ipajdr.local >> >> Failed logins: 0 >> >> Last successful authentication: 20160808191857Z >> >> Last failed authentication: 20160808191848Z >> >> Time now: 2016-08-09T19:57:20Z >> >> Server: ipa-idm-02.ipajdr.local >> >> Failed logins: 5 >> >> Last successful authentication: 20160809151406Z >> >> Last failed authentication: 20160809194741Z >> >> Time now: 2016-08-09T19:57:21Z >> >> >> >> Number of entries returned 2 >> >> >> > Hi, > > This is not replicated, because it may cause replication storms. So this > status is local on each replica Let me add that you can configure LDAP server to replicate this information: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication.html#Fractional_Replication Of course, you will have to accept the performance penalty and higher risk of replication conflicts. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Why is user status different on each master replica?
On 09.08.2016 23:04, Larry Rosen wrote: This user was locked out due to Max Failure policy = 5 If they’re supposed to be replicas, why the different status? [root@il10 ~]# ipa user-status lramey --- Account disabled: False --- Server: ipa-idm-01.ipajdr.local Failed logins: 0 Last successful authentication: 20160808191857Z Last failed authentication: 20160808191848Z Time now: 2016-08-09T19:57:20Z Server: ipa-idm-02.ipajdr.local Failed logins: 5 Last successful authentication: 20160809151406Z Last failed authentication: 20160809194741Z Time now: 2016-08-09T19:57:21Z Number of entries returned 2 Hi, This is not replicated, because it may cause replication storms. So this status is local on each replica Martin^2 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Why is user status different on each master replica?
This user was locked out due to Max Failure policy = 5 If they're supposed to be replicas, why the different status? [root@il10 ~]# ipa user-status lramey --- Account disabled: False --- Server: ipa-idm-01.ipajdr.local Failed logins: 0 Last successful authentication: 20160808191857Z Last failed authentication: 20160808191848Z Time now: 2016-08-09T19:57:20Z Server: ipa-idm-02.ipajdr.local Failed logins: 5 Last successful authentication: 20160809151406Z Last failed authentication: 20160809194741Z Time now: 2016-08-09T19:57:21Z Number of entries returned 2 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project