[Freeipa-devel] [PATCH] 492 Add options to reduce writes from KDC
Rob Crittenden
rcritten at redhat.com
Thu Jun 7 19:31:25 UTC 2012
Petr Vobornik wrote:
> On 05/26/2012 12:36 AM, Simo Sorce wrote:
>> The original ldap driver we used up to 2.2 had 2 options admins could
>> set to limit the amount of writes to the database on certain auditing
>> related operations.
>> In particular disable_last_success is really important to reduce the
>> load on database servers.
>>
>> I have implemented ticket #2734 with a little twist. Instead of adding
>> local options in krb5.conf I create global options in the LDAP tree, so
>> that all KDCs in the domain have the same configuration.
>>
>> The 2 new options can be set in ipaConfigString attribute of the
>> cn=ipaConfig object under cn=etc,$SUFFIX
>>
>> These are:
>> KDC:Disable Last Success
>> KDC:Disable Lockout
>>
>
> 8><------------------------------
>
>>
>> Simo.
>>
>
> Attaching patch which adds these two new configuration values to Web UI.
ACK, pushed to master.
rob
More information about the Freeipa-devel
mailing list