'passwordLockoutDuration': 1800, 'passwordResetFailureCount': 1800, 'passwordMaxFailure': nattempts, 'passwordLockout': 'on' } m1.setPwdPolicy(pwdpolicy) m2.setPwdPolicy(pwdpolicy) #m1.setPwdPolicy(passwordLockout="on", passwordisglobalpolicy="on") #m2.setPwdPolicy(passwordLockout="on", passwordisglobalpolicy="on") opattrs = [ 'passwordRetryCount', 'retryCountResetTime', 'accountUnlockTime', 'passwordExpirationTime', 'modifyTimestamp', 'modifiersName' ] print "Do %d attempts to bind with incorrect password . . ." % nattempts userconn = DSAdmin(host1, port1) for xx in range(0, nattempts+1): try: userconn.simple_bind_s(userdn, "boguspassword") except ldap.INVALID_CREDENTIALS: print "password was not correct" except ldap.CONSTRAINT_VIOLATION: print "too many password attempts" print "m1 pwd attrs" print "%s" % m1.getEntry(userdn, ldap.SCOPE_BASE, "(objectclass=*)", opattrs) print "m2 pwd attrs" print "%s" % m2.getEntry(userdn, ldap.SCOPE_BASE, "(objectclass=*)", opattrs) mymod = [(ldap.MOD_REPLACE, "description", "changed %d" % xx)] m1.modify_s(userdn, mymod) userconn.unbind() print "sleep to let repl propagate . . ." time.sleep(5) print "do a mod to see if replication is still working . . ." mymod = [(ldap.MOD_REPLACE, "description", "changed back")]