[Fedora-directory-users] Account lockout
Jason Russler
jrussler at helix.nih.gov
Fri Oct 13 13:33:06 UTC 2006
That's what I want! Thanks.
Richard Megginson wrote:
> Jason Russler wrote:
>> Hi all, I have two FDS 1.0.2 systems in a master/slave set-up (for
>> redundancy purposes rather than load) that are for authenticating a
>> small number of high-capacity systems (many users). The client
>> systems are configured to access the slave system first and fail-over
>> to the master if the slave is unavailable. Add/modify/delete
>> requests posted to the slave (which are frequent) are referred along
>> to the master and then replicated back. It all works normally.
>>
>> The problem is that when the slave server makes an update to itself,
>> such as when user login attempt fails, the appropriate attribute is
>> updated (in this case, passwordretrycount) rather than referred to
>> the master - which makes sense I guess. I'd like these updates
>> referred to the master because all of my user administration tools
>> talk to the master - things like failed login attempts and temporally
>> locked accounts never show up on the master. Is there a way I can do
>> this (short of writing plugins) or do I have to work around it?
>> Thanks, Jason
> I think you'd have to use something like Chain on Update, which allows
> the replica to follow the referral to the master itself.
> http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate
>
More information about the 389-users
mailing list