On Fri, 2003-03-28 at 23:55, Jianliang Lu wrote: > Now the users of "admin users" will not be locked.
"admin users" not the appropriate choice here. Better would be the members of the 'domain admins' group. The interesting bit is finding this out at the right point in time... > In attach is the new patch > file. > About lockout duration, I will implement next time. I think that we should > extend another attribute to record the lockout time. We also need to check that the account policy has been set, and that it's not 0 (which I assume is the 'don't lock out' value). Also, I'm worried about the writes this will cause on the backend. An LDAP write can be quite expensive, and for the LDAP case this means that the master ldap server will be hit for every logon attempt. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
