On 09/30/2015 12:08 PM, Ryan Langford wrote:
Hello,
I have a curious situation with our LDAP ecosystem at work. I have 2
LDAP hosts in one data center (one is a replication supplier, one is a
consumer) and 1 consumer host in a separate data center(DC-B).
The issue is expired users can still successfully authenticate against
the consumer host DC-B, even though LDAP shows that the password is
expired.
I've compiled outputs from each host into the following paste:
https://paste.fedoraproject.org/273218/44362838/
We are using an old version of 389-ds (as you can see from the paste),
version 1.2.9.9, and as far as I can tell (i'm a relative LDAP
neophyte) our configuration and replication properties are as
expected, but I'm not sure if there might be a permissions issue, some
other issue, or a bug in the old version we're using.
What else should I check next?
[CrunkOps@dc01-server01 ~]$ ldapsearch -x
-D"cn=directory manager" -W -b
"cn=config" -s base nsslapd-pwpolicy-local
[CrunkOps@dc02-server01 ~]$ ldapsearch -x -D"cn=directory manager" -W -b
"cn=config" -s base nsslapd-pwpolicy-local
[CrunkOps@dc02-server01 ~]$ date
(sorry, this is just to laugh...)
Thanks,
--noriko
Thanks,
Ryan
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users