Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-21 Thread Rob Crittenden
Martin Kosek wrote: Good job! I noticed just one last case when there is inconsistency with Kerberos auth. If you have Lockout duration set to 0, Failure reset interval does not work in postop. Also, following errors in 389-ds-base error log are printed: [21/Mar/2013:07:54:01 -0400] -

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-20 Thread Martin Kosek
On 03/19/2013 05:09 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/19/2013 10:57 AM, Martin Kosek wrote: On 03/18/2013 04:07 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/15/2013 04:42 PM, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On 03/11/2013 10:07 PM,

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-20 Thread Rob Crittenden
Martin Kosek wrote: On 03/19/2013 05:09 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/19/2013 10:57 AM, Martin Kosek wrote: On 03/18/2013 04:07 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/15/2013 04:42 PM, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-20 Thread Martin Kosek
On 03/20/2013 04:52 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/19/2013 05:09 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/19/2013 10:57 AM, Martin Kosek wrote: On 03/18/2013 04:07 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/15/2013 04:42 PM, Rob Crittenden wrote:

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-20 Thread Rob Crittenden
Martin Kosek wrote: On 03/20/2013 04:52 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/19/2013 05:09 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/19/2013 10:57 AM, Martin Kosek wrote: On 03/18/2013 04:07 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/15/2013 04:42 PM, Rob

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-19 Thread Martin Kosek
On 03/18/2013 04:07 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/15/2013 04:42 PM, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On 03/11/2013 10:07 PM, Rob Crittenden wrote: Fixed a number of issues applying password policy against LDAP binds. See patch for

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-19 Thread Martin Kosek
On 03/19/2013 10:57 AM, Martin Kosek wrote: On 03/18/2013 04:07 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/15/2013 04:42 PM, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On 03/11/2013 10:07 PM, Rob Crittenden wrote: Fixed a number of issues applying password

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-19 Thread Rob Crittenden
Martin Kosek wrote: On 03/18/2013 04:07 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/15/2013 04:42 PM, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On 03/11/2013 10:07 PM, Rob Crittenden wrote: Fixed a number of issues applying password policy against LDAP binds.

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-19 Thread Rob Crittenden
Martin Kosek wrote: On 03/19/2013 10:57 AM, Martin Kosek wrote: On 03/18/2013 04:07 PM, Rob Crittenden wrote: Martin Kosek wrote: On 03/15/2013 04:42 PM, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On 03/11/2013 10:07 PM, Rob Crittenden wrote: Fixed a number of issues

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-18 Thread Martin Kosek
On 03/15/2013 04:42 PM, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On 03/11/2013 10:07 PM, Rob Crittenden wrote: Fixed a number of issues applying password policy against LDAP binds. See patch for details. rob I see some issues with this fix: 1) Shouldn't group

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-18 Thread Rob Crittenden
Martin Kosek wrote: On 03/15/2013 04:42 PM, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On 03/11/2013 10:07 PM, Rob Crittenden wrote: Fixed a number of issues applying password policy against LDAP binds. See patch for details. rob I see some issues with this fix: 1)

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-15 Thread Martin Kosek
On 03/11/2013 10:07 PM, Rob Crittenden wrote: Fixed a number of issues applying password policy against LDAP binds. See patch for details. rob I see some issues with this fix: 1) Shouldn't group password policy serve only as an override to the main policy? I.e. if I have this policy: #

Re: [Freeipa-devel] [PATCH] 1092 Fix LDAP lockout plugin

2013-03-15 Thread Rob Crittenden
Rob Crittenden wrote: Martin Kosek wrote: On 03/11/2013 10:07 PM, Rob Crittenden wrote: Fixed a number of issues applying password policy against LDAP binds. See patch for details. rob I see some issues with this fix: 1) Shouldn't group password policy serve only as an override to the