Is there a way to transfer the Gracelogin counters from pure consumers to the supplier servers so that they can be replicated ?
Environment
- Red Hat Directory Server 11
- Red Hat Directory Server 12
Issue
-
In the replication network we have several supplier servers and a large number of pure consumer servers, which themselves should only be accessible for reading purposes.Gracelogins are configured in the password policy. When users log in to the read-only servers, the Grace logins are only counted on this server. With 10 Readonly servers and a GraceLimit of 3, 30 logins could still take place on the Readonly servers instead of the 3 from the Gracelimit, since the Gracelimit counter is not replicated.
-
Is there a way to transfer the Gracelogin counters to the supplier servers so that they can be replicated and there are only 3 Gracelogins regardless of which server you log in to?
Resolution
-
It is expected that values remain local to consumer as the consumer has no replication agreement to the rest of the topology.
-
There is no way to replicate the counters from consumers.
Root Cause
- This is the expected behaviour as the consumer has no replication agreement to the rest of the topology and it is read only consumer.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments