Petr Spacek wrote:
On 12.3.2013 15:39, Rob Crittenden wrote:
Petr Spacek wrote:
On 12.3.2013 13:34, Simo Sorce wrote:
> >We might, but how do you check for the global value ?
> >An additional search for every KDC operation is simply not
going to
> >happen.
>
>Can we do that extra search only when the KDC is initialized and when
>configuration is refreshed? I don't think the default values would
>change too often, so this might be OK.
How do you know when the configuration changes ?
Persistent search?
Well, this is where we might do well with a 389-ds plugin that
monitors flag
changes so we can catch changes made directly by kadmin.local as well.
This
would be similar to the password plugin in keeping several attributes
in sync.
I didn't understand your note about DS plugin.
kadmin.local does all changes in LDAP, or not? All changes in LDAP DB
are sent via persistent search (if the persistent search was issued with
appropriate parameters).
Let me step back and say I know next to nothing about how the KDB
backend works.
What would be nice is one place to notice changes to these proposed
flags and the flag bitfield. Whether that is best done in the backend or
via a 389-ds plugin I don't know. So whatever we do, we need one place
to notice changes in either the flag(s) or bitfield and keep the values
in sync.
kadmin.local changes things in LDAP because we use our own backend
driver. It doesn't speak LDAP natively.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
