Hello,
I am trying to set up a global account lockout policy. In the
Deployment Guide, it says "Account lockout is enforced on the replicas"
and "The password policy information ... such as password age, the
account lockout counter ... are all replicated." When I trigger the
lockout on an account, I see the accountUnlockTime attribute get added
to the account's directory entry.
From what I make of the text in the Deployment Guide, accountUnlockTime
should be replicated to my other master and corresponding consumers,
thus locking out the account everywhere. This isn't what I'm seeing; I
am only locked out of the master on which it was originally triggered, I
can still bind using the account on the other master and consumers.
I have applied the same password and lockout policy to all of my
servers, so the configuration should be consistent. Do I have the wrong
expectations on how this should work? Does "enforced on the replicas"
simply mean the replicas as an independant server will perform lockouts?
Anyone been able to solve this one?
--bryan