[Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin
Rob Crittenden
rcritten at redhat.com
Thu Mar 21 19:49:18 UTC 2013
Martin Kosek wrote:
>
> Good job! I noticed just one last case when there is inconsistency with
> Kerberos auth.
>
> If you have Lockout duration set to 0, "Failure reset interval" does not work
> in postop. Also, following errors in 389-ds-base error log are printed:
>
> [21/Mar/2013:07:54:01 -0400] - slapi_modify_internal_set_pb: NULL parameter
> [21/Mar/2013:07:54:01 -0400] - allow_operation: component identity is NULL
>
> I also saw that we sometimes set krbLoginFailedCount to 0 even though it was
> already zero. I think this could create unnecessary replication events or at
> least unnecessary mod call.
>
> Attaching a patch for both. If you found the patch OK, you can squash it and
> push the whole beast.
>
> Martin
>
This data isn't replicated anyway, but not doing an empty mod makes sense.
Thanks for the suggestions. I squashed this and pushed to master.
rob
More information about the Freeipa-devel
mailing list