Bug 442560
Summary: | Account Lockout Attributes replication is attempted despite no configuration allowing it | ||
---|---|---|---|
Product: | [Retired] 389 | Reporter: | Aleksander Adamowski <bugs-redhat> |
Component: | Replication - General | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED DUPLICATE | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 1.1.0 | CC: | benl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-06-23 23:12:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 249650 |
Description
Aleksander Adamowski
2008-04-15 15:09:26 UTC
Additional details: If I set passwordIsGlobalPolicy to "on" (the documentation isn't correct WRT Fedora Directory Server 1.1 - it has to be set to "on", not "1") on the receiving replicas, then they accept the change and everything works fine (although not consistent with documentation). Here's the LDIF I use for this change: dn: cn=config changetype: modify replace: passwordIsGlobalPolicy passwordIsGlobalPolicy: on If I try to turn passwordIsGlobalPolicy off on the sending replica (the server to which the incorrect simple bind has been sent), it still tries to replicate the passwordRetryCount change to other replicas. So this behaviour cannot be turned off. Here's the LDIF I use for this change on the sending replica: dn: cn=config changetype: modify replace: passwordIsGlobalPolicy passwordIsGlobalPolicy: off The replicated change can also be seen on the receiving replicas, in their audit logs (if these logs get enabled): time: 20080415172816 dn: uid=USER_UID,l=SOME_LOCATION,ou=people,o=DIRECTORY_BASE_DN changetype: modify replace: passwordRetryCount passwordRetryCount: 3 - So diagnosing it doesn't require analyzing changlog's DB4 log dumps. You just: 1) launch "tail -f /var/log/dirsrv/slapd-INSTANCENAME/audit" on one of the receiving replicas 2) try to bind with a wrong password on the sending replica And you'll see the change propagated on the receiving side. |