[Freeipa-devel] [PATCH] 717 Add replace to ipa-ldap-updater
Rob Crittenden
rcritten at redhat.com
Mon Feb 14 18:59:10 UTC 2011
Jakub Hrozek wrote:
> On Fri, Feb 11, 2011 at 01:34:39PM -0500, Rob Crittenden wrote:
>> Add a replace verb to ipa-ldap-updater so an existing value can be
>> replaced, but only if the value matches the old value in the update.
>>
>> This would be used for us to replace default values that the
>> end-user hasn't already updated. The first one of these would be for
>> the kerberos password policy where our default values are on the low
>> side. We don't want to interfere with anything already set.
>>
>> The update file would look like:
>>
>> dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
>> replace:krbPwdLockoutDuration: 10: 600
>>
>> dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
>> replace:krbPwdMaxFailure: 3: 6
>>
>> This patch would obsolete Jan's patch titled 'Updated default
>> Kerberos password policy". Simo and I had discussed doing something
>> like this in IRC and hadn't communicated our intentions to the rest
>> of the team, sorry about that.
>>
>> rob
>
> Ack
pushe to master
More information about the Freeipa-devel
mailing list