Hi Everyone:
We have started the process to implement account logout - i.e. on 10 times with incorrect password, over 10 mins, account locked for 30 mins.
Services bind to our MMR cluster on the consumers - is it possible to replicate the account 'PasswordLockout' via fractional replication to other suppliers/consumers (or are the 'PasswordLockout' always local to the consumer instance?).
v 1.2.11.29
Thanks,
Josh
Hi Josh,
passwordLockout is an attribute under "cn=config" which, unfortunately, cannot be replicated.
It's local to the instance. So, you need to configure identically all your nodes the first time.
However, the lockout attributes corresponding to user entry could be replicated. Please, refer to:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/h...
Thanks and regards,
German.
----- Original Message -----
From: "Joshua Brodie" josbrodie@gmail.com To: 389-users@lists.fedoraproject.org Sent: Friday, 20 February, 2015 11:02:05 PM Subject: [389-users] Fractional Replication - Account Lockout Attributes
Hi Everyone:
We have started the process to implement account logout - i.e. on 10 times with incorrect password, over 10 mins, account locked for 30 mins.
Services bind to our MMR cluster on the consumers - is it possible to replicate the account 'PasswordLockout' via fractional replication to other suppliers/consumers (or are the 'PasswordLockout' always local to the consumer instance?).
v 1.2.11.29
Thanks,
Josh
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi German:
Thank you for your email!
However, the lockout attributes corresponding to user entry could be
replicated.
Can this be replicated from a Consumer to other Consumers and Suppliers as well? i.e. user reaches max authentication attempts with incorrect password on Consumer A - the information is replicated to Consumer B (and other in the MMR)?
Thanks.
Hi Joshua,
no values updated in read only replica (consumers) will be replicated to no master. So, if a bind takes place in a consumer, there's no way why this information could be propagated to a master or other consumers.
I would suggest a MMR topology (only masters) or, if not, to force binds into supplier nodes only.
Regards,
German.
----- Original Message -----
From: "Joshua Brodie" josbrodie@gmail.com To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Sent: Sunday, 22 February, 2015 7:26:08 AM Subject: Re: [389-users] Fractional Replication - Account Lockout Attributes
Hi German:
Thank you for your email!
However, the lockout attributes corresponding to user entry could be replicated.
Can this be replicated from a Consumer to other Consumers and Suppliers as well? i.e. user reaches max authentication attempts with incorrect password on Consumer A - the information is replicated to Consumer B (and other in the MMR)?
Thanks.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 02/22/2015 07:40 AM, German Parente wrote:
Hi Joshua,
no values updated in read only replica (consumers) will be replicated to no master. So, if a bind takes place in a consumer, there's no way why this information could be propagated to a master or other consumers.
I would suggest a MMR topology (only masters) or, if not, to force binds into supplier nodes only.
Or, use chain on update to chain the BIND requests to a master. http://www.port389.org/docs/389ds/howto/howto-chainonupdate.html
Regards,
German.
----- Original Message -----
From: "Joshua Brodie" josbrodie@gmail.com To: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org Sent: Sunday, 22 February, 2015 7:26:08 AM Subject: Re: [389-users] Fractional Replication - Account Lockout Attributes
Hi German:
Thank you for your email!
However, the lockout attributes corresponding to user entry could be replicated.
Can this be replicated from a Consumer to other Consumers and Suppliers as well? i.e. user reaches max authentication attempts with incorrect password on Consumer A - the information is replicated to Consumer B (and other in the MMR)?
Thanks.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org