[Fedora-directory-users] Problems with replication and granular password policies
Rich Megginson
rmeggins at redhat.com
Tue Jan 20 15:45:14 UTC 2009
John A. Sullivan III wrote:
> Hello, all. I've had major grief tonight trying to set up replication
> in our test environment. I'll submit this email to document our
> workarounds in case other hit the same problems and to solicit
> corrections in case them problem was not the product and documentation
> but rather our approach.
>
> First we have the issue of the Supplier Bind DN. We attempted to create
> the user by stopping dirsrv on the RO replica and add the following to
> dse.ldif:
>
> dn: cn=repliman,cn=config
>
> uid: repliman
>
> objectClass: inetorgperson
>
> objectClass: person
>
> objectClass: top
>
> cn: repliman
>
> givenname: Replication
>
> sn: Manager
>
> userPassword: <medium security password>
>
> passwordExpirationTime: 20380119031407Z
>
> We've never gotten it to work. The replication agreement wizard cannot
> find the dn.
I'm not sure what you mean by this.
> We've always had to create the user through the console in
> the config branch and then we can find the user.
>
> Once we did that, we hit a second problem. We had enabled fine grained
> password policies and required users to change their password when
> reset. This, of course, applied to the Supplier Bind DN user but we did
> not realize that at first. Perhaps a note in the documentation would
> have helped. Once we created the custom password policy for the user,
> all finally worked fine.
>
Please file a doc bug.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090120/9f5ec420/attachment.bin>
More information about the 389-users
mailing list