summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
Diffstat (limited to 'install')
-rw-r--r--install/share/Makefile.am3
-rw-r--r--install/share/bootstrap-template.ldif22
-rw-r--r--install/share/dna-posix.ldif30
-rw-r--r--install/share/dna.ldif (renamed from install/share/dna-upg.ldif)11
-rw-r--r--install/share/master-entry.ldif2
-rwxr-xr-xinstall/tools/ipa-replica-install8
-rwxr-xr-xinstall/tools/ipa-server-install21
-rw-r--r--install/tools/man/ipa-server-install.17
8 files changed, 49 insertions, 55 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 3423ce287..8fa84f9a8 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -32,8 +32,7 @@ app_DATA = \
krbrealm.con.template \
preferences.html.template \
referint-conf.ldif \
- dna-posix.ldif \
- dna-upg.ldif \
+ dna.ldif \
master-entry.ldif \
memberof-task.ldif \
memberof-conf.ldif \
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index a767a3917..7946526b2 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -100,6 +100,18 @@ objectClass: nsContainer
objectClass: top
cn: masters
+dn: cn=dna,cn=ipa,cn=etc,$SUFFIX
+changetype: add
+objectClass: nsContainer
+objectClass: top
+cn: dna
+
+dn: cn=posix-ids,cn=dna,cn=ipa,cn=etc,$SUFFIX
+changetype: add
+objectClass: nsContainer
+objectClass: top
+cn: posix-ids
+
dn: uid=admin,cn=users,cn=accounts,$SUFFIX
changetype: add
objectClass: top
@@ -113,8 +125,8 @@ uid: admin
krbPrincipalName: admin@$REALM
cn: Administrator
sn: Administrator
-uidNumber: $UIDSTART
-gidNumber: $GIDSTART
+uidNumber: $IDSTART
+gidNumber: $IDSTART
homeDirectory: /home/admin
loginShell: /bin/bash
gecos: Administrator
@@ -153,7 +165,7 @@ objectClass: posixgroup
objectClass: ipausergroup
cn: admins
description: Account administrators group
-gidNumber: $GIDSTART
+gidNumber: $IDSTART
member: uid=admin,cn=users,cn=accounts,$SUFFIX
nsAccountLock: False
@@ -164,7 +176,7 @@ objectClass: groupofnames
objectClass: nestedgroup
objectClass: ipausergroup
objectClass: posixgroup
-gidNumber: eval($GIDSTART+1)
+gidNumber: eval($IDSTART+1)
description: Default group for all users
cn: ipausers
@@ -174,7 +186,7 @@ objectClass: top
objectClass: groupofnames
objectClass: posixgroup
objectClass: ipausergroup
-gidNumber: eval($GIDSTART+2)
+gidNumber: eval($IDSTART+2)
description: Limited admins who can edit other users
cn: editors
diff --git a/install/share/dna-posix.ldif b/install/share/dna-posix.ldif
deleted file mode 100644
index 2b77a0fd6..000000000
--- a/install/share/dna-posix.ldif
+++ /dev/null
@@ -1,30 +0,0 @@
-# add plugin configuration for posix users
-
-dn: cn=Posix Accounts,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
-changetype: add
-objectclass: top
-objectclass: extensibleObject
-cn: Posix Accounts
-dnaType: uidNumber
-dnaNextValue: eval($UIDSTART+1)
-dnaInterval: 1
-dnaMaxValue: eval($UIDSTART+100000)
-dnaMagicRegen: 999
-dnaFilter: (objectclass=posixAccount)
-dnaScope: $SUFFIX
-
-# add plugin configuration for posix groups
-
-dn: cn=Posix Groups,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
-changetype: add
-objectclass: top
-objectclass: extensibleObject
-cn: Posix Groups
-dnaType: gidNumber
-dnaNextValue: eval($GIDSTART+3)
-dnaInterval: 1
-dnaMaxValue: eval($GIDSTART+100000)
-dnaMagicRegen: 999
-dnaFilter: (objectclass=posixGroup)
-dnaScope: $SUFFIX
-
diff --git a/install/share/dna-upg.ldif b/install/share/dna.ldif
index c4edcfaa4..5707d3a6c 100644
--- a/install/share/dna-upg.ldif
+++ b/install/share/dna.ldif
@@ -1,16 +1,17 @@
# add plugin configuration for user private groups
-dn: cn=User Private Groups,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
+dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
-cn: Posix Accounts
+cn: Posix IDs
dnaType: uidNumber
dnaType: gidNumber
-dnaNextValue: eval($UIDSTART+1)
-dnaInterval: 1
-dnaMaxValue: eval($UIDSTART+100000)
+dnaNextValue: eval($IDSTART)
+dnaMaxValue: eval($IDMAX)
dnaMagicRegen: 999
dnaFilter: (|(objectclass=posixAccount)(objectClass=posixGroup))
dnaScope: $SUFFIX
+dnaThreshold: 500
+dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,$SUFFIX
diff --git a/install/share/master-entry.ldif b/install/share/master-entry.ldif
index 09c1d44fd..2c007ad55 100644
--- a/install/share/master-entry.ldif
+++ b/install/share/master-entry.ldif
@@ -3,5 +3,3 @@ changetype: add
objectclass: top
objectclass: extensibleObject
cn: $FQHN
-dnabase: 1100
-dnainterval: 4
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index fb6dd46fb..e58a1f3f1 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -176,7 +176,13 @@ def install_ds(config):
config.dir + "/dirsrv_pin.txt")
ds = dsinstance.DsInstance()
- ds.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password, pkcs12_info)
+ # idstart and idmax are configured so that the range is seen as depleted
+ # by the DNA plugin and the replica will go and get a new range from the
+ # master.
+ # This way all servers use the initially defined range by default.
+ ds.create_instance(config.ds_user, config.realm_name, config.host_name,
+ config.domain_name, config.dirman_password,
+ pkcs12_info, idstart=1101, idmax=1100)
return ds
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index b3e724e48..6a9d1bc5e 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -124,10 +124,10 @@ def parse_options():
default=False,
help="Do not use DNS for hostname lookup during installation")
- parser.add_option("--uidstart", dest="uidstart", default=namespace, type=int,
- help="The starting uid value (default random)")
- parser.add_option("--gidstart", dest="gidstart", default=namespace, type=int,
- help="The starting gid value (default random)")
+ parser.add_option("--idstart", dest="idstart", default=namespace, type=int,
+ help="The starting value for the IDs range (default random)")
+ parser.add_option("--idmax", dest="idmax", default=0, type=int,
+ help="The max value value for the IDs range (default random)")
parser.add_option("--subject", dest="subject",
help="The certificate subject base (default O=<realm-name>)")
parser.add_option("--no_hbac_allow", dest="hbac_allow", default=False,
@@ -176,6 +176,13 @@ def parse_options():
if (options.external_cert_file and not os.path.isabs(options.external_cert_file)):
parser.error("--external-cert-file must use an absolute path")
+ if options.idmax == 0:
+ options.idmax = int(options.idstart) + 1000000 - 1
+
+ if options.idmax < options.idstart:
+ parse.error("idmax (%u) cannot be smaller than idstart (%u)" %
+ (options.idmax, options.idstart))
+
#Automatically disable pkinit w/ dogtag until that is supported
if not options.pkinit_pkcs12 and not options.selfsign:
options.setup_pkinit = False
@@ -739,7 +746,11 @@ def main():
finally:
os.remove(pw_name)
else:
- ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=options.selfsign, uidstart=options.uidstart, gidstart=options.gidstart, subject_base=options.subject, hbac_allow=not options.hbac_allow)
+ ds.create_instance(ds_user, realm_name, host_name, domain_name,
+ dm_password, self_signed_ca=options.selfsign,
+ idstart=options.idstart, idmax=options.idmax,
+ subject_base=options.subject,
+ hbac_allow=not options.hbac_allow)
if options.pkinit_pin:
[pw_fd, pw_name] = tempfile.mkstemp()
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 0d4d8c523..8fb58a0e2 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -95,11 +95,8 @@ The password of the Directory Server PKCS#12 file
\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
The password of the Apache Server PKCS#12 file
.TP
-\fB\-\-uidstart\fR=\fIUIDSTART\fR
-The starting user id number (default random)
-.TP
-\fB\-\-gidstart\fR=\fIGIDSTART\fR
-The starting group id number (default random)
+\fB\-\-idstart\fR=\fIIDSTART\fR
+The starting user and group id number (default random)
.TP
\fB\-\-subject\fR=\fISUBJECT\fR
The certificate subject base (default O=REALM.NAME)
generated by cgit (git 2.34.1) at 2024-05-20 20:34:07 +0000