[Fedora-directory-users] Account lockout
Jason Russler
jrussler at helix.nih.gov
Thu Oct 12 18:57:00 UTC 2006
Hi all, I have two FDS 1.0.2 systems in a master/slave set-up (for
redundancy purposes rather than load) that are for authenticating a
small number of high-capacity systems (many users). The client systems
are configured to access the slave system first and fail-over to the
master if the slave is unavailable. Add/modify/delete requests posted
to the slave (which are frequent) are referred along to the master and
then replicated back. It all works normally.
The problem is that when the slave server makes an update to itself,
such as when user login attempt fails, the appropriate attribute is
updated (in this case, passwordretrycount) rather than referred to the
master - which makes sense I guess. I'd like these updates referred to
the master because all of my user administration tools talk to the
master - things like failed login attempts and temporally locked
accounts never show up on the master. Is there a way I can do this
(short of writing plugins) or do I have to work around it? Thanks, Jason
More information about the 389-users
mailing list