Update S4U2proxy delegation list when creating replicas

3 files changed, 11 insertions, 1 deletions

diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 682a57c7d..eefa35343 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -54,6 +54,7 @@ app_DATA =				\
 	sudobind.ldif			\
 	automember.ldif			\
 	replica-automember.ldif		\
+	replica-s4u2proxy.ldif		\
 	$(NULL)
 
 EXTRA_DIST =				\
diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif
new file mode 100644
index 000000000..3cafa46c2
--- /dev/null
+++ b/install/share/replica-s4u2proxy.ldif
@@ -0,0 +1,9 @@
+dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX
+changetype: modify
+add: memberPrincipal
+memberPrincipal: HTTP/$FQDN@$REALM
+
+dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
+changetype: modify
+add: memberPrincipal
+memberPrincipal: ldap/$FQDN@$REALM
diff --git a/install/updates/30-s4u2proxy.update b/install/updates/30-s4u2proxy.update
index 0775a69ee..99b7a9cfc 100644
--- a/install/updates/30-s4u2proxy.update
+++ b/install/updates/30-s4u2proxy.update
@@ -9,7 +9,7 @@ default: objectClass: groupOfPrincipals
 default: objectClass: top
 default: cn: ipa-http-delegation
 default: memberPrincipal: HTTP/$FQDN@$REALM
-default: ipaAllowedTarget: 'cn=ipa-ldap-delegation-targets,cn=etc,$SUFFIX'
+default: ipaAllowedTarget: 'cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX'
 
 dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
 default: objectClass: groupOfPrincipals