summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
Diffstat (limited to 'install')
-rw-r--r--install/updates/10-uniqueness.update26
-rw-r--r--install/updates/20-dna.update4
-rw-r--r--install/updates/20-syncrepl.update6
-rw-r--r--install/updates/30-provisioning.update21
-rw-r--r--install/updates/Makefile.am1
5 files changed, 57 insertions, 1 deletions
diff --git a/install/updates/10-uniqueness.update b/install/updates/10-uniqueness.update
index a336d3480..c9641c47f 100644
--- a/install/updates/10-uniqueness.update
+++ b/install/updates/10-uniqueness.update
@@ -48,3 +48,29 @@ default:nsslapd-plugin-depends-on-type: database
default:nsslapd-pluginId: NSUniqueAttr
default:nsslapd-pluginVersion: 1.1.0
default:nsslapd-pluginVendor: Fedora Project
+
+# uid uniqueness scopes Active/Delete containers
+dn: cn=attribute uniqueness,cn=plugins,cn=config
+remove:nsslapd-pluginarg1:'$SUFFIX'
+add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
+add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
+remove:nsslapd-pluginenabled:off
+add:nsslapd-pluginenabled:on
+
+# krbPrincipalName uniqueness scopes Active/Delete containers
+dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config
+remove:nsslapd-pluginarg1:'$SUFFIX'
+add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
+add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
+
+# krbCanonicalName uniqueness scopes Active/Delete containers
+dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config
+remove:nsslapd-pluginarg1:'$SUFFIX'
+add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
+add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
+
+# ipaUniqueID uniqueness scopes Active/Delete containers
+dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config
+remove:nsslapd-pluginarg1:'$SUFFIX'
+add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
+add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
diff --git a/install/updates/20-dna.update b/install/updates/20-dna.update
index 04047dd12..719195e92 100644
--- a/install/updates/20-dna.update
+++ b/install/updates/20-dna.update
@@ -2,9 +2,11 @@
dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
only:nsslapd-pluginEnabled: on
-# Change the magic value to -1
+# Change the magic value to -1 and restrict DNA to active accounts
dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
only:dnaMagicRegen: -1
+remove:dnaScope: '$SUFFIX'
+add:dnaScope: 'cn=accounts,$SUFFIX'
dn: cn=ipa-winsync,cn=plugins,cn=config
remove:ipaWinSyncUserAttr: uidNumber 999
diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update
index e1184bf48..7a26f7b68 100644
--- a/install/updates/20-syncrepl.update
+++ b/install/updates/20-syncrepl.update
@@ -10,11 +10,17 @@ add:nsslapd-changelogmaxage: 2d
# indices for cn=changelog.
dn: cn=MemberOf Plugin,cn=plugins,cn=config
add:memberofentryscope: '$SUFFIX'
+add:memberofentryscopeexcludesubtree: 'cn=provisioning,$SUFFIX'
dn: cn=referential integrity postoperation,cn=plugins,cn=config
add:nsslapd-plugincontainerscope: '$SUFFIX'
add:nsslapd-pluginentryscope: '$SUFFIX'
+add:nsslapd-pluginExcludeEntryScope: 'cn=provisioning,$SUFFIX'
# Enable SyncRepl
dn: cn=Content Synchronization,cn=plugins,cn=config
only:nsslapd-pluginEnabled: on
+
+# Make sure IPA UUID does not generate ipaUniqueID for Stage/Delete entries
+dn: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config
+add:ipaUuidExcludeSubtree: 'cn=provisioning,$SUFFIX'
diff --git a/install/updates/30-provisioning.update b/install/updates/30-provisioning.update
new file mode 100644
index 000000000..ef6d01a44
--- /dev/null
+++ b/install/updates/30-provisioning.update
@@ -0,0 +1,21 @@
+# bootstrap the user life cycle DIT structure.
+
+dn: cn=provisioning,$SUFFIX
+add: objectclass: top
+add: objectclass: nsContainer
+add: cn: provisioning
+
+dn: cn=accounts,cn=provisioning,$SUFFIX
+add: objectclass: top
+add: objectclass: nsContainer
+add: cn: accounts
+
+dn: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
+add: objectclass: top
+add: objectclass: nsContainer
+add: cn: staged users
+
+dn: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
+add: objectclass: top
+add: objectclass: nsContainer
+add: cn: staged users
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index f26eaeee0..1d912a7d2 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -21,6 +21,7 @@ app_DATA = \
21-ca_renewal_container.update \
21-certstore_container.update \
25-referint.update \
+ 30-provisioning.update \
30-s4u2proxy.update \
40-delegation.update \
40-realm_domains.update \
generated by cgit (git 2.34.1) at 2024-11-16 05:58:50 +0000