Bug 190824 - RHDS 7.1 master-master replication not carrying over all attributes to consumer
RHDS 7.1 master-master replication not carrying over all attributes to consumer
Status: CLOSED CURRENTRELEASE
Product: Red Hat Directory Server
Classification: Red Hat
Component: Replication - General (Show other bugs)
7.1
All Linux
high Severity medium
: DSDocs
: ---
Assigned To: Deon Ballard
Chandrasekar Kannan
: Documentation
Depends On:
Blocks: 152373 240316
  Show dependency treegraph
 
Reported: 2006-05-05 11:38 EDT by Issue Tracker
Modified: 2015-01-04 18:20 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-01 18:23:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Issue Tracker 2006-05-05 11:38:56 EDT
Escalated to Bugzilla from IssueTracker
Comment 4 Rich Megginson 2006-05-05 11:58:21 EDT
I don't think it's related to bug 182638 which is probably a configuration
problem (either that or MMR doesn't work at all!).

The attributes passwordRetryCount, retryCountResetTime, and accountUnlockTime
are not replicated by default.  You must set the configuration attribute
passwordIsGlobalPolicy to the value 1 in cn=config e.g. with ldapmodify:
dn: cn=config
changetype: modify
replace: passwordIsGlobalPolicy
passwordIsGlobalPolicy: 1


Comment 5 Orla Hegarty 2006-05-05 12:27:37 EDT
Setting tracking.
Comment 9 David O'Brien 2007-04-25 03:36:49 EDT
Brian, can you review these and either:
- assign them to yourself or bcleary as appropriate, or
- resolve them as won't do if they fall inside books or sections that we're not
going to update

tks
David
Comment 10 Michael Hideo 2007-06-06 00:47:59 EDT
Adding 'cc ecs-dev-list@redhat.com for tracking
Comment 12 Michael Hideo 2007-10-22 22:48:35 EDT
Removing automation notification
Comment 13 Deon Ballard 2007-12-19 20:32:49 EST
I added this in a brief section to the jumble at the end of the replication 
chapter.

Docbot link:
http://engineering.redhat.com/docbot/en-US/Red_Hat_Directory_Server/8.0/html/
Administration_Guide/Managing_Replication-Replicating-Password-Attributes.html

Assigning to Rich for review.
Comment 14 Deon Ballard 2007-12-19 20:33:20 EST
Here's the text, if it helps:

8.12. Replicating Account Lockout Attributes

By default, three password policy attributes are not replicated, even if other 
password attributes are. These attributes are related to of login failures and 
lockout periods:

    *

      passwordRetryCount
    *

      retryCountResetTime
    *

      accountUnlockTime

To enable these attributes to be replicated, change the passwordIsGlobalPolicy 
configuration attribute:

ldapmodify -h consumer1.example.com -p 389 -D "cn=directory manager" -w password

dn: cn=config
changetype: modify
replace: passwordIsGlobalPolicy
passwordIsGlobalPolicy: 1

Changing that value to 1 allows the passwordRetryCount, retryCountResetTime, 
and accountUnlockTime to be replicated. No other configuration is necessary. 
Comment 16 Rich Megginson 2007-12-20 16:13:52 EST
We need to explain what this means to the admin - something like this:
"By default, account lockout is local to each replica, meaning you can attempt
to login to one replica N times, then try again N times on another replica, and
so on.  This section explains how to configure a replication master to replicate
the account lockout information so that the user is locked out of all masters
and replicas if the user fails to login to that replication master."
Comment 18 Rich Megginson 2008-03-31 15:28:08 EDT
I think this has been addressed in the 8.0 docs.  If so, please change status to
MODIFIED.
Comment 20 Deon Ballard 2009-05-01 18:23:15 EDT
These changes are live in the 8.1 docs at http://www.redhat.com/docs/manuals/dir-server/8.1. Closing.

Note You need to log in before you can comment on or make changes to this bug.