Hi,
On Tue, Jan 22, 2013 at 05:43:59AM +0100, Mike Gabriel wrote:
> Hi Andi, hi Wolfgang,
>
> On Di 22 Jan 2013 00:38:32 CET Wolfgang Schweer wrote:
>
> >>In addition, I had to rewrite gosa-sync.
> >
> >gosa-sync seems to work here without any change.
>
> In Debian Edu squeeze and GOsa² 2.6 the gosa-sync script does not
> report back failures to GOsa², thus, passwords run out of sync. As
> we have several OTRS tickets open about this with our customers,
> this definitely would be an improvement for squeeze, at least. Are
> you really sure that error handling is correct with wheezy and GOsa²
> 2.7 (/me doubts it by what is written in this thread).
>
> Simple way to test gosa-sync failures: e.g. stop kadmind and try to
> modify or add a user with GOsa².
>
I just tried this test, however, even with kadmind stopped, the
password can be modified as gosa-sync operates via kadmin.local
directly on the database, I guess.
The test I used is changing to a password with just a single class of
characters, for example "12345". GOsa allows this password, but I use
a Kerberos policy that demands 2 character classes: This error is
reported in GOsa and the password modification canceled (also within
LDAP).
Best regards,
Andi
--
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130122073509.GA17391@fuzi
