Problems with replication and granular password policies
Hello, all. I've had major grief tonight trying to set up replication
in our test environment. I'll submit this email to document our
workarounds in case other hit the same problems and to solicit
corrections in case them problem was not the product and documentation
but rather our approach.
First we have the issue of the Supplier Bind DN. We attempted to create
the user by stopping dirsrv on the RO replica and add the following to
dse.ldif:
dn: cn=repliman,cn=config
uid: repliman
objectClass: inetorgperson
objectClass: person
objectClass: top
cn: repliman
givenname: Replication
sn: Manager
userPassword: <medium security password>
passwordExpirationTime: 20380119031407Z
We've never gotten it to work. The replication agreement wizard cannot
find the dn. We've always had to create the user through the console in
the config branch and then we can find the user.
Once we did that, we hit a second problem. We had enabled fine grained
password policies and required users to change their password when
reset. This, of course, applied to the Supplier Bind DN user but we did
not realize that at first. Perhaps a note in the documentation would
have helped. Once we created the custom password policy for the user,
all finally worked fine.
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
01-20-2009, 02:45 PM
Rich Megginson
Problems with replication and granular password policies
John A. Sullivan III wrote:
Hello, all. I've had major grief tonight trying to set up replication
in our test environment. I'll submit this email to document our
workarounds in case other hit the same problems and to solicit
corrections in case them problem was not the product and documentation
but rather our approach.
First we have the issue of the Supplier Bind DN. We attempted to create
the user by stopping dirsrv on the RO replica and add the following to
dse.ldif:
dn: cn=repliman,cn=config
uid: repliman
objectClass: inetorgperson
objectClass: person
objectClass: top
cn: repliman
givenname: Replication
sn: Manager
userPassword: <medium security password>
passwordExpirationTime: 20380119031407Z
We've never gotten it to work. The replication agreement wizard cannot
find the dn.
I'm not sure what you mean by this.
We've always had to create the user through the console in
the config branch and then we can find the user.
Once we did that, we hit a second problem. We had enabled fine grained
password policies and required users to change their password when
reset. This, of course, applied to the Supplier Bind DN user but we did
not realize that at first. Perhaps a note in the documentation would
have helped. Once we created the custom password policy for the user,
all finally worked fine.
Please file a doc bug.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
Problems with replication and granular password policies
