summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetr Spacek <pspacek@redhat.com>2014-01-23 12:22:38 +0100
committerPetr Viktorin <pviktori@redhat.com>2014-01-27 14:40:36 +0100
commit04627b72d6d6cbf3a9dadc614a532505e31957f5 (patch)
treef059add0e8bd58f0a4b5a8204af7e479ce83766d
parentc2bd6f365d2b65082f72bd9eb104e79e8c507fe3 (diff)
downloadfreeipa-04627b72d6d6cbf3a9dadc614a532505e31957f5.zip
freeipa-04627b72d6d6cbf3a9dadc614a532505e31957f5.tar.gz
freeipa-04627b72d6d6cbf3a9dadc614a532505e31957f5.tar.xz
Limit memberOf and refInt DS plugins to main IPA suffix.
This drastically improves performance of retro changelog trimming. https://fedorahosted.org/freeipa/ticket/3967
-rw-r--r--freeipa.spec.in6
-rw-r--r--install/updates/20-syncrepl.update13
2 files changed, 15 insertions, 4 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 3b0ecef..f4e2283 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -21,7 +21,7 @@ Source0: freeipa-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if ! %{ONLY_CLIENT}
-BuildRequires: 389-ds-base-devel >= 1.3.1.3
+BuildRequires: 389-ds-base-devel >= 1.3.2.10
BuildRequires: svrcore-devel
BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
BuildRequires: systemd-units
@@ -97,7 +97,7 @@ Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
-Requires: 389-ds-base >= 1.3.1.3
+Requires: 389-ds-base >= 1.3.2.10
Requires: openldap-clients > 2.4.35-4
%if 0%{?fedora} == 18
Requires: nss >= 3.14.3-2
@@ -153,7 +153,7 @@ Requires: zip
Requires: policycoreutils >= %{POLICYCOREUTILSVER}
Requires: tar
Requires(pre): certmonger >= 0.65
-Requires(pre): 389-ds-base >= 1.3.1.3
+Requires(pre): 389-ds-base >= 1.3.2.10
Requires: fontawesome-fonts
Requires: open-sans-fonts
diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update
index c4158a1..e1184bf 100644
--- a/install/updates/20-syncrepl.update
+++ b/install/updates/20-syncrepl.update
@@ -1,9 +1,20 @@
-# Enable Retro changelog
+# Enable Retro changelog - it is necessary for SyncRepl
dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
only:nsslapd-pluginEnabled: on
+# Remember original nsuniqueid for objects referenced from cn=changelog
add:nsslapd-attribute: nsuniqueid:targetUniqueId
add:nsslapd-changelogmaxage: 2d
+# Keep memberOf and referential integrity plugins away from cn=changelog.
+# It is necessary for performance reasons because we don't have appropriate
+# indices for cn=changelog.
+dn: cn=MemberOf Plugin,cn=plugins,cn=config
+add:memberofentryscope: '$SUFFIX'
+
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+add:nsslapd-plugincontainerscope: '$SUFFIX'
+add:nsslapd-pluginentryscope: '$SUFFIX'
+
# Enable SyncRepl
dn: cn=Content Synchronization,cn=plugins,cn=config
only:nsslapd-pluginEnabled: on