[389-users] Account Lockout Policies
Dustin Rice
dustin at pdx.edu
Tue May 20 17:43:23 UTC 2014
Hello there, so I've been looking into setting up some account lockout
policies in my enviroment. I have 2 multimaster 389ds servers with some
389ds consumer replicas. I've enable passwordIsGlobalPolicy in cn=config
on all servers.
So if an account gets locked out when binding to a master, it is indeed
locked out from the replicas. This functionality doesn't seem to flow in
the opposite direction. If I get locked out on replica1, I can happily
bind to replica2.
Since replication flows "down" from master to consumer, I don't think
there is a way to get the lockout information passed "up" to the
masters then back "down" to peer consumers, but figured I'd ask the list.
So, is there a way to pass account lockout information from consumer
replicas back to masters? The end goal here is that if an account is
locked out for too many failed attempts it is globally locked out.
Thanks!
--
=====================================
Dustin Rice
UNIX System Administrator - CIS
Portland State University
=====================================
More information about the 389-users
mailing list