[Freeipa-devel] [PATCH] 717 Add replace to ipa-ldap-updater
Jakub Hrozek
jhrozek at redhat.com
Mon Feb 14 18:49:40 UTC 2011
On Fri, Feb 11, 2011 at 01:34:39PM -0500, Rob Crittenden wrote:
> Add a replace verb to ipa-ldap-updater so an existing value can be
> replaced, but only if the value matches the old value in the update.
>
> This would be used for us to replace default values that the
> end-user hasn't already updated. The first one of these would be for
> the kerberos password policy where our default values are on the low
> side. We don't want to interfere with anything already set.
>
> The update file would look like:
>
> dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
> replace:krbPwdLockoutDuration: 10: 600
>
> dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
> replace:krbPwdMaxFailure: 3: 6
>
> This patch would obsolete Jan's patch titled 'Updated default
> Kerberos password policy". Simo and I had discussed doing something
> like this in IRC and hadn't communicated our intentions to the rest
> of the team, sorry about that.
>
> rob
Ack
More information about the Freeipa-devel
mailing list