Hi,
we have set up a multi master replication (two peers, SIMPLE authentication)
and added a global password policy to cn=config. We included the
passwordMustChange attribute to cn=config, which led to the fact that the
server process could not authenticate to the replication manager of the peer
host. We solved it by removing the generated attribute passwordExpirationTime.
How is it usually handled to include something like passwordExp in the global
policy at cn=config without preventing something like replication from working:
1. Apply a user based policy (w/o passwordExp) to the user-like object
"replication manager", or
2. Place the user-like objects like "replication manager" to the DIT (not
cn=config) and apply a subtree based policy (w/o passwordExp) to the subtree
containing the object, or
3. avoid setting pwdExp and pwdMustChange to a global policy at cn=config, or
4. something else?
Thanx,
Eugen
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
