Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 431784 - RFE: Support for Directory Server specify account lock attribute
RFE: Support for Directory Server specify account lock attribute
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: krb5 (Show other bugs)
All Linux
high Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2008-02-06 17:27 EST by Simo Sorce
Modified: 2008-05-21 11:28 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2008-0381
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-21 11:28:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
ldap backend patch (2.66 KB, text/x-patch)
2008-02-06 17:28 EST, Simo Sorce
no flags Details
spec file patch (1.97 KB, patch)
2008-02-06 17:29 EST, Simo Sorce
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0381 normal SHIPPED_LIVE krb5 bug fix update 2008-05-20 08:36:36 EDT

  None (edit)
Description Simo Sorce 2008-02-06 17:27:41 EST
The kerberos packages have (compile time) support for attributes specific to
eDirectory to check for account locking.
A patch that implement support for RH Directory Server nsAccountLock attribute
would be useful.
Comment 1 Simo Sorce 2008-02-06 17:28:57 EST
Created attachment 294169 [details]
ldap backend patch

Reference patch to provide support for nsAccountLock initially built for Fedora
Comment 2 Simo Sorce 2008-02-06 17:29:34 EST
Created attachment 294170 [details]
spec file patch

Reference patch bvuilt against an Fedora 8 package
Comment 4 Nalin Dahyabhai 2008-02-06 19:12:04 EST
Does it make sense for kadmin clients which toggle the DISALLOW_ALL_TIX flag to
attempt to change the nsAccountLock setting as well, then?
Comment 5 Simo Sorce 2008-02-06 19:43:39 EST
Not sure, when you use a directory server as storage kadmin is not really the
best tool to manage accounts anyway.
Comment 6 Ken Reilly 2008-02-08 12:40:32 EST
Nalin, As we just discussed please continue to work on the technical resolution
and test plan for this exception. Both actions need to be completed on/before
3-March-2008, or this exception will not be considered for RHEL5.2. 
Comment 7 Nalin Dahyabhai 2008-02-08 18:07:51 EST
> Not sure, when you use a directory server as storage kadmin is not really the
> best tool to manage accounts anyway.

I'm not generally keen on that rationale, but as the support for similar account
locking facilities with eDirectory is likewise read-only, this is at least
consistent with what's already there.
Comment 14 errata-xmlrpc 2008-05-21 11:28:36 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.