On 09.03.2016 13:40, Alexander Bokovoy wrote:
On Wed, 09 Mar 2016, Martin Basti wrote:
On 09.03.2016 13:19, Alexander Bokovoy wrote:
On Wed, 09 Dec 2015, Simo Sorce wrote:
From f21c88b9f74453c6d6e16fb17d94efa469eed564 Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Tue, 24 Nov 2015 18:01:52 -0500
Subject: [PATCH] Allow to specify Kerberos authz data type per user
Like for services setting the ipaKrbAuthzData attribute on a user
object will
allow us to control exactly what authz data is allowed for that user.
Setting NONE would allow no authz data, while setting MS-PAC would
allow only
Active Directory compatible data.
Signed-off-by: Simo Sorce <s...@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/2579
ACK for the code as that is obvious but I have question about
objectclass replication -- we extend objectclass definition to allow
more attributes in MAY. How 389-ds handles replication of such case,
will a new definition override the old one without any problem?
if it will be updated by ipa-server-upgrade, it should be done
without any problem.
I'm interested in the replication part.
ipa-server-upgrade will cause that schema definition will be replicated.
If you put ldif file just to directory and restart DS, then it will not
be replicated. Replication requires that schema definitions must be
added via ldapadd/mod. Thierry can provide more details.
Martin^2
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
