id ranges: change DNA configuration

Change the way we specify the id ranges to force uid and gid ranges to always
be the same. Add option to specify a maximum id.

Change DNA configuration to use shared ranges so that masters and replicas can
actually share the same overall range in a safe way.

Configure replicas so that their default range is depleted. This will force
them to fetch a range portion from the master on the first install.

fixes: https://fedorahosted.org/freeipa/ticket/198

1 files changed, 7 insertions, 1 deletions

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index fb6dd46fb..e58a1f3f1 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -176,7 +176,13 @@ def install_ds(config):
                        config.dir + "/dirsrv_pin.txt")
 
     ds = dsinstance.DsInstance()
-    ds.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password, pkcs12_info)
+    # idstart and idmax are configured so that the range is seen as depleted
+    # by the DNA plugin and the replica will go and get a new range from the
+    # master.
+    # This way all servers use the initially defined range by default.
+    ds.create_instance(config.ds_user, config.realm_name, config.host_name,
+                       config.domain_name, config.dirman_password,
+                       pkcs12_info, idstart=1101, idmax=1100)
 
     return ds