[Freeipa-devel] [PATCH] 717 Add replace to ipa-ldap-updater
Rob Crittenden
rcritten at redhat.com
Fri Feb 11 18:34:39 UTC 2011
Add a replace verb to ipa-ldap-updater so an existing value can be
replaced, but only if the value matches the old value in the update.
This would be used for us to replace default values that the end-user
hasn't already updated. The first one of these would be for the kerberos
password policy where our default values are on the low side. We don't
want to interfere with anything already set.
The update file would look like:
dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
replace:krbPwdLockoutDuration: 10: 600
dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX
replace:krbPwdMaxFailure: 3: 6
This patch would obsolete Jan's patch titled 'Updated default Kerberos
password policy". Simo and I had discussed doing something like this in
IRC and hadn't communicated our intentions to the rest of the team,
sorry about that.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-717-update.patch
Type: application/mbox
Size: 2057 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110211/fd733e39/attachment.mbox>
More information about the Freeipa-devel
mailing list