Hi, On Tue, Jan 22, 2013 at 05:43:59AM +0100, Mike Gabriel wrote: > Hi Andi, hi Wolfgang, > > On Di 22 Jan 2013 00:38:32 CET Wolfgang Schweer wrote: > > >>In addition, I had to rewrite gosa-sync. > > > >gosa-sync seems to work here without any change. > > In Debian Edu squeeze and GOsa² 2.6 the gosa-sync script does not > report back failures to GOsa², thus, passwords run out of sync. As > we have several OTRS tickets open about this with our customers, > this definitely would be an improvement for squeeze, at least. Are > you really sure that error handling is correct with wheezy and GOsa² > 2.7 (/me doubts it by what is written in this thread). > > Simple way to test gosa-sync failures: e.g. stop kadmind and try to > modify or add a user with GOsa². >
I just tried this test, however, even with kadmind stopped, the password can be modified as gosa-sync operates via kadmin.local directly on the database, I guess. The test I used is changing to a password with just a single class of characters, for example "12345". GOsa allows this password, but I use a Kerberos policy that demands 2 character classes: This error is reported in GOsa and the password modification canceled (also within LDAP). Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130122073509.GA17391@fuzi