From: Howard Chu <hyc@openldap.org>
Date: Wed, 23 Apr 2008 10:58:29 +0000 (+0000)
Subject: Disclaimer for behavior in a master/slave replication environment
X-Git-Tag: OPENLDAP_REL_ENG_2_4_9~20^2
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=deab29374648af3706bcb465cfb9e42aa55b3eff;p=openldap

Disclaimer for behavior in a master/slave replication environment
---

diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5
index 5a96aa7415..ce064e1c51 100644
--- a/doc/man/man5/slapo-ppolicy.5
+++ b/doc/man/man5/slapo-ppolicy.5
@@ -491,7 +491,7 @@ policy proposal.
 .SH OPERATIONAL ATTRIBUTES
 .P
 The operational attributes used by the
-.B passwd_policy
+.B ppolicy
 module are stored in the user's entry.  Most of these attributes
 are not intended to be changed directly by users; they are there
 to track user activity.  They have been detailed here so that
@@ -500,6 +500,19 @@ the
 .B ppolicy
 module.
 
+.P
+Note that the current IETF Password Policy proposal does not define
+how these operational attributes are expected to behave in a
+replication environment. In general, authentication attempts on
+a slave server only affect the copy of the operational attributes
+on that slave and will not affect any attributes for
+a user's entry on the master server. Operational attribute changes
+resulting from authentication attempts on a master server
+will usually replicate to the slaves (and also overwrite
+any changes that originated on the slave). 
+These behaviors are not guaranteed and are subject to change
+when a formal specification emerges.
+
 .B userPassword
 .P
 The