diff options
| author | Thierry bordaz (tbordaz) <tbordaz@redhat.com> | 2014-08-07 16:29:02 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-08-19 09:48:20 +0200 |
| commit | 04ea75a7a5109907ede2a0216bd39fac46a992c0 (patch) | |
| tree | 4578f63b2a8f1dd11fa3d89727841e0b698cf9e1 /install/updates/10-uniqueness.update | |
| parent | 359dfe58b94079e1e16f4fb8960eb29b251f2cbc (diff) | |
| download | freeipa-04ea75a7a5109907ede2a0216bd39fac46a992c0.tar.gz freeipa-04ea75a7a5109907ede2a0216bd39fac46a992c0.tar.xz freeipa-04ea75a7a5109907ede2a0216bd39fac46a992c0.zip | |
User Life Cycle: create containers and scoping DS plugins
User Life Cycle is designed http://www.freeipa.org/page/V4/User_Life-Cycle_Management
It manages 3 containers (Staging, Active, Delete). At install/upgrade Delete and Staging
containers needs to be created.
Active: cn=users,cn=accounts,$SUFFIX
Delete: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
Stage: cn=staged users ,cn=accounts,cn=provisioning,$SUFFIX
Plugins scopes:
krbPrincipalName, krbCanonicalName, ipaUniqueID, uid:
cn=accounts,SUFFIX
cn=deleted users,cn=accounts,cn=provisioning,SUFFIX
DNA:
cn=accounts,SUFFIX
Plugins exclude subtree:
IPA UUID, Referential Integrity, memberOf:
cn=provisioning,SUFFIX
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/updates/10-uniqueness.update')
| -rw-r--r-- | install/updates/10-uniqueness.update | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/install/updates/10-uniqueness.update b/install/updates/10-uniqueness.update index a336d3480..c9641c47f 100644 --- a/install/updates/10-uniqueness.update +++ b/install/updates/10-uniqueness.update @@ -48,3 +48,29 @@ default:nsslapd-plugin-depends-on-type: database default:nsslapd-pluginId: NSUniqueAttr default:nsslapd-pluginVersion: 1.1.0 default:nsslapd-pluginVendor: Fedora Project + +# uid uniqueness scopes Active/Delete containers +dn: cn=attribute uniqueness,cn=plugins,cn=config +remove:nsslapd-pluginarg1:'$SUFFIX' +add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX' +add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +remove:nsslapd-pluginenabled:off +add:nsslapd-pluginenabled:on + +# krbPrincipalName uniqueness scopes Active/Delete containers +dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config +remove:nsslapd-pluginarg1:'$SUFFIX' +add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX' +add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' + +# krbCanonicalName uniqueness scopes Active/Delete containers +dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config +remove:nsslapd-pluginarg1:'$SUFFIX' +add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX' +add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' + +# ipaUniqueID uniqueness scopes Active/Delete containers +dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config +remove:nsslapd-pluginarg1:'$SUFFIX' +add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX' +add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' |