On Fri, 27 Aug 2010 14:35:34 -0400 Rob Crittenden <rcrit...@redhat.com> wrote:
> Simo Sorce wrote: > > On Fri, 27 Aug 2010 09:41:57 -0400 > > Rob Crittenden<rcrit...@redhat.com> wrote: > > > >> We had talked about this at one point, perhaps in irc, and there > >> was some reluctance to do this since every time a user logs in a > >> number of attributes can get updated. The concern was the > >> additional load added by replication. The suggested fix was to > >> simply not replicate these. > > > > Rob, we do not want to replicate counters or timestamps, but we > > certainly want to replicate an account lock. It should happen rarely > > enough to reach that stage that we can replicate nsAccountLock > > easily. > > > > Simo. > > > > I don't think that nsAccountLock gets set in this case. The KDC > evaluates the attributes on-the-fly as far as I can tell. That would be a problem I guess. Maybe we need some patching of the ldap database plugin ... Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel