diff options
| author | Simo Sorce <ssorce@redhat.com> | 2010-11-17 10:41:41 -0500 |
|---|---|---|
| committer | Adam Young <ayoung@redhat.com> | 2010-11-18 20:43:18 -0500 |
| commit | 42f9ee14b66785add7bc0513d4547aa356b753aa (patch) | |
| tree | 31b24893c119733c8b1fa7d4653ccd132b710dff | |
| parent | 747781fa45d389c3b578cfbdff39f7e5707efbe3 (diff) | |
| download | freeipa-42f9ee14b66785add7bc0513d4547aa356b753aa.tar.gz freeipa-42f9ee14b66785add7bc0513d4547aa356b753aa.tar.xz freeipa-42f9ee14b66785add7bc0513d4547aa356b753aa.zip | |
Exclude Krb lockout attributes from replication
Fixes: https://fedorahosted.org/freeipa/ticket/440
| -rw-r--r-- | ipaserver/install/replication.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index a09fb3058..7b4e903b4 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -340,6 +340,12 @@ class ReplicationManager: repl_man_passwd = kargs.get("bindpw", self.repl_man_passwd) port = kargs.get("port", PORT) + # List of attributes that need to be excluded from replication. + excludes = ('memberof', + 'krblastsuccessfulauth', + 'krblastfailedauth', + 'krbloginfailedcount') + entry = ipaldap.Entry(dn) entry.setValues('objectclass', "nsds5replicationagreement") entry.setValues('cn', cn) @@ -352,7 +358,8 @@ class ReplicationManager: entry.setValues('nsds5replicaroot', self.suffix) entry.setValues('nsds5replicaupdateschedule', '0000-2359 0123456') entry.setValues('nsds5replicatransportinfo', 'SSL') - entry.setValues('nsDS5ReplicatedAttributeList', '(objectclass=*) $ EXCLUDE memberOf') + entry.setValues('nsDS5ReplicatedAttributeList', + '(objectclass=*) $ EXCLUDE %s' % " ".join(excludes)) entry.setValues('description', "me to %s%d" % (b.host, port)) if iswinsync: self.setup_winsync_agmt(entry, **kargs) |