Hi,
we have set up a multi master replication (two peers, SIMPLE authentication) and added a
global password policy to cn=config. We included the passwordMustChange attribute to
cn=config, which led to the fact that the server process could not authenticate to the
replication manager of the peer host. We solved it by removing the generated attribute
passwordExpirationTime.
How is it usually handled to include something like passwordExp in the global policy at
cn=config without preventing something like replication from working:
1. Apply a user based policy (w/o passwordExp) to the user-like object "replication
manager", or
2. Place the user-like objects like "replication manager" to the DIT (not
cn=config) and apply a subtree based policy (w/o passwordExp) to the subtree containing
the object, or
3. avoid setting pwdExp and pwdMustChange to a global policy at cn=config, or
4. something else?
Thanx,
Eugen
Show replies by date