On 12.3.2013 15:39, Rob Crittenden wrote:
Petr Spacek wrote:
On 12.3.2013 13:34, Simo Sorce wrote:
> >We might, but how do you check for the global value ?
> >An additional search for every KDC operation is simply not going to
> >happen.
>Can we do that extra search only when the KDC is initialized and when
>configuration is refreshed? I don't think the default values would
>change too often, so this might be OK.
How do you know when the configuration changes ?
Persistent search?

Well, this is where we might do well with a 389-ds plugin that monitors flag
changes so we can catch changes made directly by kadmin.local as well. This
would be similar to the password plugin in keeping several attributes in sync.

I didn't understand your note about DS plugin.

kadmin.local does all changes in LDAP, or not? All changes in LDAP DB are sent via persistent search (if the persistent search was issued with appropriate parameters).

Petr^2 Spacek

