Bug 190824 - RHDS 7.1 master-master replication not carrying over all attributes to consumer
Summary: RHDS 7.1 master-master replication not carrying over all attributes to consumer
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: Replication - General   
(Show other bugs)
Version: 7.1
Hardware: All Linux
Target Milestone: DSDocs
: ---
Assignee: Deon Ballard
QA Contact: Chandrasekar Kannan
Keywords: Documentation
Depends On:
Blocks: 152373 240316
TreeView+ depends on / blocked
Reported: 2006-05-05 15:38 UTC by Issue Tracker
Modified: 2018-10-19 20:41 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-05-01 22:23:15 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Issue Tracker 2006-05-05 15:38:56 UTC
Escalated to Bugzilla from IssueTracker

Comment 4 Rich Megginson 2006-05-05 15:58:21 UTC
I don't think it's related to bug 182638 which is probably a configuration
problem (either that or MMR doesn't work at all!).

The attributes passwordRetryCount, retryCountResetTime, and accountUnlockTime
are not replicated by default.  You must set the configuration attribute
passwordIsGlobalPolicy to the value 1 in cn=config e.g. with ldapmodify:
dn: cn=config
changetype: modify
replace: passwordIsGlobalPolicy
passwordIsGlobalPolicy: 1

Comment 5 Orla Hegarty 2006-05-05 16:27:37 UTC
Setting tracking.

Comment 9 David O'Brien 2007-04-25 07:36:49 UTC
Brian, can you review these and either:
- assign them to yourself or bcleary as appropriate, or
- resolve them as won't do if they fall inside books or sections that we're not
going to update


Comment 10 Michael Hideo 2007-06-06 04:47:59 UTC
Adding 'cc ecs-dev-list@redhat.com for tracking

Comment 12 Michael Hideo 2007-10-23 02:48:35 UTC
Removing automation notification

Comment 13 Deon Ballard 2007-12-20 01:32:49 UTC
I added this in a brief section to the jumble at the end of the replication 

Docbot link:

Assigning to Rich for review.

Comment 14 Deon Ballard 2007-12-20 01:33:20 UTC
Here's the text, if it helps:

8.12. Replicating Account Lockout Attributes

By default, three password policy attributes are not replicated, even if other 
password attributes are. These attributes are related to of login failures and 
lockout periods:





To enable these attributes to be replicated, change the passwordIsGlobalPolicy 
configuration attribute:

ldapmodify -h consumer1.example.com -p 389 -D "cn=directory manager" -w password

dn: cn=config
changetype: modify
replace: passwordIsGlobalPolicy
passwordIsGlobalPolicy: 1

Changing that value to 1 allows the passwordRetryCount, retryCountResetTime, 
and accountUnlockTime to be replicated. No other configuration is necessary. 

Comment 16 Rich Megginson 2007-12-20 21:13:52 UTC
We need to explain what this means to the admin - something like this:
"By default, account lockout is local to each replica, meaning you can attempt
to login to one replica N times, then try again N times on another replica, and
so on.  This section explains how to configure a replication master to replicate
the account lockout information so that the user is locked out of all masters
and replicas if the user fails to login to that replication master."

Comment 18 Rich Megginson 2008-03-31 19:28:08 UTC
I think this has been addressed in the 8.0 docs.  If so, please change status to

Comment 20 Deon Ballard 2009-05-01 22:23:15 UTC
These changes are live in the 8.1 docs at http://www.redhat.com/docs/manuals/dir-server/8.1. Closing.

Note You need to log in before you can comment on or make changes to this bug.