id ranges: change DNA configuration

Change the way we specify the id ranges to force uid and gid ranges to always
be the same. Add option to specify a maximum id.

Change DNA configuration to use shared ranges so that masters and replicas can
actually share the same overall range in a safe way.

Configure replicas so that their default range is depleted. This will force
them to fetch a range portion from the master on the first install.

fixes: https://fedorahosted.org/freeipa/ticket/198

1 files changed, 17 insertions, 0 deletions

diff --git a/install/share/dna.ldif b/install/share/dna.ldif
new file mode 100644
index 000000000..5707d3a6c
--- /dev/null
+++ b/install/share/dna.ldif
@@ -0,0 +1,17 @@
+# add plugin configuration for user private groups
+
+dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
+changetype: add
+objectclass: top
+objectclass: extensibleObject
+cn: Posix IDs
+dnaType: uidNumber
+dnaType: gidNumber
+dnaNextValue: eval($IDSTART)
+dnaMaxValue: eval($IDMAX)
+dnaMagicRegen: 999
+dnaFilter: (|(objectclass=posixAccount)(objectClass=posixGroup))
+dnaScope: $SUFFIX
+dnaThreshold: 500
+dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,$SUFFIX
+