Petr Vobornik wrote:
On 05/26/2012 12:36 AM, Simo Sorce wrote:
The original ldap driver we used up to 2.2 had 2 options admins could
set to limit the amount of writes to the database on certain auditing
related operations.
In particular disable_last_success is really important to reduce the
load on database servers.
I have implemented ticket #2734 with a little twist. Instead of adding
local options in krb5.conf I create global options in the LDAP tree, so
that all KDCs in the domain have the same configuration.
The 2 new options can be set in ipaConfigString attribute of the
cn=ipaConfig object under cn=etc,$SUFFIX
These are:
KDC:Disable Last Success
KDC:Disable Lockout
8><------------------------------
Simo.
Attaching patch which adds these two new configuration values to Web UI.
ACK, pushed to master.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
