Manualshelf

HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
371372373374375376377378379380
Example 19 Replicate_Now script example
#!/bin/sh
SUP_HOST=supplier_hostname
SUP_PORT=supplier_portnumber
SUP_MGRDN=supplier_directoryManager
SUP_MGRPW=supplier_directoryManager_password
MY_HOST=consumer_hostname
MY_PORT=consumer_portnumber
ldapsearch -1 -T -h ${SUP_HOST} -p ${SUP_PORT} -D "${SUP_MGRDN}" \
-w ${SUP_MGRPW} -b "cn=mapping tree, cn=config"
\"(&(objectclass=nsds5replicationagreement)(nsDS5ReplicaHost=${MY_HOST})
\(nsDS5ReplicaPort=${MY_PORT}))" dn nsds5ReplicaUpdateSchedule > /tmp/$$
cat /tmp/$$ |awk 'BEGIN { s = 0 }/^dn: / { print $0;print "changetype: modify";print
"replace: nsds5ReplicaUpdateSchedule";print "nsds5ReplicaUpdateSchedule: 0000-2359
0123456";print "-";print "";print $0;print "changetype: modify";
print "replace:nsds5ReplicaUpdateSchedule";}
/^nsds5ReplicaUpdateSchedule: / { s = 1; print $0; }/^$/{if ( $s == 1 ){ print "-" ;
print ""; }else{ print "nsds5ReplicaUpdateSchedule: 0000-2359 0123456";print "-" ;
print ""; };s = 0; }
' > /tmp/ldif.$$; echo "Ldif is in /tmp/ldif.$$"; echo
ldapmodify -c -h ${SUP_HOST} -p ${SUP_PORT} -D "${SUP_MGRDN}" -w ${SUP_MGRPW}
-f /tmp/ldif.$$
Table 39 Replicate_Now variables
DefinitionVariable
Host name of the supplier to contact for information on replication agreements
with the current consumer.
supplier_hostname
LDAP port in use on the supplier.supplier_portnumber
DN of the privileged Directory Manager user on the supplier.supplier_directoryManager
Password of the privileged Directory Manager user on the supplier.supplier_directoryManager_password
Host name of the current consumer.consumer_hostname
LDAP port in use on the consumer.consumer_portnumber
For the update operation to occur over an SSL connection, modify the ldapmodify command in
the script with the appropriate parameters and values. For more information on the ldapmodify
command, see “Managing Entries from the Command line” (page 111) and the HP-UX Directory
Server configuration, command, and file reference.
8.12 Replicating account lockout attributes
Account lockout policies will block a user ID from being able to access the Directory Server if the
login attempt fails a set number of times. This prevents hackers or other malicious people from
illegitimately accessing the Directory Server by guessing a password. Password policies are set
locally, and generally account lockout attributes are local to each replica. This means that a person
can attempt to log in to one replica until the account lockout count is reached, then try again
immediately on another replica. The way to prevent that is to replicate the attributes related to the
account lockout counts for an entry, so that the malicious user is locked out of every supplier and
consumer replica in the configuration if a login attempt fails on a single master.
By default, three password policy attributes are not replicated, even if other password attributes
are. These attributes are related to account lockout policy of login failures and lockout periods:
passwordRetryCount
retryCountResetTime
accountUnlockTime
8.12 Replicating account lockout attributes 377