[Freeipa-devel] [PATCH] 492 Add options to reduce writes from KDC
Petr Vobornik
pvoborni at redhat.com
Wed Jun 6 11:07:25 UTC 2012
On 05/26/2012 12:36 AM, Simo Sorce wrote:
> The original ldap driver we used up to 2.2 had 2 options admins could
> set to limit the amount of writes to the database on certain auditing
> related operations.
> In particular disable_last_success is really important to reduce the
> load on database servers.
>
> I have implemented ticket #2734 with a little twist. Instead of adding
> local options in krb5.conf I create global options in the LDAP tree, so
> that all KDCs in the domain have the same configuration.
>
> The 2 new options can be set in ipaConfigString attribute of the
> cn=ipaConfig object under cn=etc,$SUFFIX
>
> These are:
> KDC:Disable Last Success
> KDC:Disable Lockout
>
8><------------------------------
>
> Simo.
>
Attaching patch which adds these two new configuration values to Web UI.
--
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0154-Update-of-serverconfig-ipaconfigstring-options.patch
Type: text/x-patch
Size: 1442 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120606/393815f6/attachment.bin>
More information about the Freeipa-devel
mailing list