From deab29374648af3706bcb465cfb9e42aa55b3eff Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 23 Apr 2008 10:58:29 +0000
Subject: [PATCH] Disclaimer for behavior in a master/slave replication
 environment

---
 doc/man/man5/slapo-ppolicy.5 | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5
index 5a96aa7415..ce064e1c51 100644
--- a/doc/man/man5/slapo-ppolicy.5
+++ b/doc/man/man5/slapo-ppolicy.5
@@ -491,7 +491,7 @@ policy proposal.
 .SH OPERATIONAL ATTRIBUTES
 .P
 The operational attributes used by the
-.B passwd_policy
+.B ppolicy
 module are stored in the user's entry.  Most of these attributes
 are not intended to be changed directly by users; they are there
 to track user activity.  They have been detailed here so that
@@ -500,6 +500,19 @@ the
 .B ppolicy
 module.
 
+.P
+Note that the current IETF Password Policy proposal does not define
+how these operational attributes are expected to behave in a
+replication environment. In general, authentication attempts on
+a slave server only affect the copy of the operational attributes
+on that slave and will not affect any attributes for
+a user's entry on the master server. Operational attribute changes
+resulting from authentication attempts on a master server
+will usually replicate to the slaves (and also overwrite
+any changes that originated on the slave). 
+These behaviors are not guaranteed and are subject to change
+when a formal specification emerges.
+
 .B userPassword
 .P
 The
-- 
2.39.5