diff options
author | Martin Basti <mbasti@redhat.com> | 2015-02-23 17:46:46 +0100 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-03-05 12:43:35 +0100 |
commit | 52b7101c1148618d5c8e2ec25576cc7ad3e9b7bb (patch) | |
tree | 1a69f4c13728c9ca7141ed1e32552b4d65f37474 /install/updates/10-uniqueness.update | |
parent | 4b2ec5468fd8b76d118f919f8d02ca4fccee9aab (diff) | |
download | freeipa-52b7101c1148618d5c8e2ec25576cc7ad3e9b7bb.tar.gz freeipa-52b7101c1148618d5c8e2ec25576cc7ad3e9b7bb.tar.xz freeipa-52b7101c1148618d5c8e2ec25576cc7ad3e9b7bb.zip |
Fix uniqueness plugins
* add uniqueness-subtree-entries-oc:posixAccount to ensure idviews users
will not be forced to have unique uid
* remove unneded update plugins -> update was moved to .update file
* add uniqueness-across-all-subtrees required by user lifecycle
management
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'install/updates/10-uniqueness.update')
-rw-r--r-- | install/updates/10-uniqueness.update | 54 |
1 files changed, 39 insertions, 15 deletions
diff --git a/install/updates/10-uniqueness.update b/install/updates/10-uniqueness.update index b6e2fff6d..7bb0f4c39 100644 --- a/install/updates/10-uniqueness.update +++ b/install/updates/10-uniqueness.update @@ -49,28 +49,52 @@ default:nsslapd-pluginId: NSUniqueAttr default:nsslapd-pluginVersion: 1.1.0 default:nsslapd-pluginVendor: Fedora Project +dn: cn=uid uniqueness,cn=plugins,cn=config +default:objectClass: top +default:objectClass: nsSlapdPlugin +default:objectClass: extensibleObject +default:cn: uid uniqueness +default:nsslapd-pluginPath: libattr-unique-plugin +default:nsslapd-pluginInitfunc: NSUniqueAttr_Init +default:nsslapd-pluginType: preoperation +default:nsslapd-pluginEnabled: on +default:uniqueness-attribute-name: uid +default:uniqueness-subtrees: 'cn=accounts,$SUFFIX' +default:uniqueness-subtrees: 'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +default:uniqueness-across-all-subtrees: on +default:uniqueness-subtree-entries-oc: posixAccount +default:nsslapd-plugin-depends-on-type: database +default:nsslapd-pluginId: NSUniqueAttr +default:nsslapd-pluginVersion: 1.1.0 +default:nsslapd-pluginVendor: Fedora Project +default:nsslapd-pluginDescription: Enforce unique attribute values + # uid uniqueness scopes Active/Delete containers -dn: cn=attribute uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees:'$SUFFIX' -add:uniqueness-subtrees:'cn=accounts,$SUFFIX' -add:uniqueness-subtrees:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' -remove:nsslapd-pluginenabled:off -add:nsslapd-pluginenabled:on +dn: cn=uid uniqueness,cn=plugins,cn=config +remove:uniqueness-subtrees: '$SUFFIX' +add:uniqueness-subtrees: 'cn=accounts,$SUFFIX' +add:uniqueness-subtrees: 'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +remove:uniqueness-across-all-subtrees: off +add:uniqueness-across-all-subtrees: on +add:uniqueness-subtree-entries-oc: posixAccount # krbPrincipalName uniqueness scopes Active/Delete containers dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees:'$SUFFIX' -add:uniqueness-subtrees:'cn=accounts,$SUFFIX' -add:uniqueness-subtrees:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +remove:uniqueness-subtrees: '$SUFFIX' +add:uniqueness-subtrees: 'cn=accounts,$SUFFIX' +add:uniqueness-subtrees: 'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +add:uniqueness-across-all-subtrees: on # krbCanonicalName uniqueness scopes Active/Delete containers dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees:'$SUFFIX' -add:uniqueness-subtrees:'cn=accounts,$SUFFIX' -add:uniqueness-subtrees:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +remove:uniqueness-subtrees: '$SUFFIX' +add:uniqueness-subtrees: 'cn=accounts,$SUFFIX' +add:uniqueness-subtrees: 'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +add:uniqueness-across-all-subtrees: on # ipaUniqueID uniqueness scopes Active/Delete containers dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees:'$SUFFIX' -add:uniqueness-subtrees:'cn=accounts,$SUFFIX' -add:uniqueness-subtrees:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +remove:uniqueness-subtrees: '$SUFFIX' +add:uniqueness-subtrees: 'cn=accounts,$SUFFIX' +add:uniqueness-subtrees: 'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +add:uniqueness-across-all-subtrees: on |