Description: Used to propagate bind failure time stamp values for user entry password
policy attributes between a master server and read-only replica server consistently.
Assigned object identifier: 1.3.18.0.2.10.34
Target of control: Server
Control criticality: Never critical
Values: Time stamp of the bind operation in string format.
The value is absent on the request control. The value is a time stamp in string format for the
response control. This is the time stamp of the bind operation that is used in updating password
policy operational attributes on the master server.
Detailed description: This control is valid on a bind request that uses simple
authentication. The control is used in an advanced replication environment to manage
pwdFailureTime, pwdGraceUseTime, and pwdExpirationWarned consistently between a
read-only replica server and a master server. Any authentication request to a read-only replica that
updates password policy operational attributes in the user entry includes this control on a chained
bind request to the master server. This triggers a similar update on the master during the chained
bind. The bind response includes this control, and when appropriate, a time stamp value is returned
representing the time stamp used on the master server in any of the appropriate operational
attributes. The read-only replica server then uses the returned time stamp to ensure that the
attributes are managed consistently during the operation and subsequent replication of attributes
from the master server to the replica server. Use of this control requires that the 'replication of
bind failure on read-only replica' feature is enabled on all servers in the advanced replication
topology.