diff options
author | Petr Spacek <pspacek@redhat.com> | 2014-01-23 12:22:38 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-01-27 14:40:36 +0100 |
commit | 04627b72d6d6cbf3a9dadc614a532505e31957f5 (patch) | |
tree | f059add0e8bd58f0a4b5a8204af7e479ce83766d | |
parent | c2bd6f365d2b65082f72bd9eb104e79e8c507fe3 (diff) | |
download | freeipa-04627b72d6d6cbf3a9dadc614a532505e31957f5.tar.gz freeipa-04627b72d6d6cbf3a9dadc614a532505e31957f5.tar.xz freeipa-04627b72d6d6cbf3a9dadc614a532505e31957f5.zip |
Limit memberOf and refInt DS plugins to main IPA suffix.
This drastically improves performance of retro changelog trimming.
https://fedorahosted.org/freeipa/ticket/3967
-rw-r--r-- | freeipa.spec.in | 6 | ||||
-rw-r--r-- | install/updates/20-syncrepl.update | 13 |
2 files changed, 15 insertions, 4 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 3b0ecefd6..f4e22831d 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -21,7 +21,7 @@ Source0: freeipa-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %if ! %{ONLY_CLIENT} -BuildRequires: 389-ds-base-devel >= 1.3.1.3 +BuildRequires: 389-ds-base-devel >= 1.3.2.10 BuildRequires: svrcore-devel BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER} BuildRequires: systemd-units @@ -97,7 +97,7 @@ Group: System Environment/Base Requires: %{name}-python = %{version}-%{release} Requires: %{name}-client = %{version}-%{release} Requires: %{name}-admintools = %{version}-%{release} -Requires: 389-ds-base >= 1.3.1.3 +Requires: 389-ds-base >= 1.3.2.10 Requires: openldap-clients > 2.4.35-4 %if 0%{?fedora} == 18 Requires: nss >= 3.14.3-2 @@ -153,7 +153,7 @@ Requires: zip Requires: policycoreutils >= %{POLICYCOREUTILSVER} Requires: tar Requires(pre): certmonger >= 0.65 -Requires(pre): 389-ds-base >= 1.3.1.3 +Requires(pre): 389-ds-base >= 1.3.2.10 Requires: fontawesome-fonts Requires: open-sans-fonts diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update index c4158a163..e1184bf48 100644 --- a/install/updates/20-syncrepl.update +++ b/install/updates/20-syncrepl.update @@ -1,9 +1,20 @@ -# Enable Retro changelog +# Enable Retro changelog - it is necessary for SyncRepl dn: cn=Retro Changelog Plugin,cn=plugins,cn=config only:nsslapd-pluginEnabled: on +# Remember original nsuniqueid for objects referenced from cn=changelog add:nsslapd-attribute: nsuniqueid:targetUniqueId add:nsslapd-changelogmaxage: 2d +# Keep memberOf and referential integrity plugins away from cn=changelog. +# It is necessary for performance reasons because we don't have appropriate +# indices for cn=changelog. +dn: cn=MemberOf Plugin,cn=plugins,cn=config +add:memberofentryscope: '$SUFFIX' + +dn: cn=referential integrity postoperation,cn=plugins,cn=config +add:nsslapd-plugincontainerscope: '$SUFFIX' +add:nsslapd-pluginentryscope: '$SUFFIX' + # Enable SyncRepl dn: cn=Content Synchronization,cn=plugins,cn=config only:nsslapd-pluginEnabled: on |