summaryrefslogtreecommitdiffstats
path: root/install/share/replica-acis.ldif
Commit message (Collapse)AuthorAgeFilesLines
* Replace "replica admins read access" ACI with a permissionPetr Viktorin2014-05-211-5/+0
| | | | | | | | | Add a 'Read Replication Agreements' permission to replace the read ACI for cn=config. https://fedorahosted.org/freeipa/ticket/3829 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Extend ipa-replica-manage to be able to manage DNA ranges.Rob Crittenden2013-03-131-0/+5
| | | | | | | | | | | | | | | | | Attempt to automatically save DNA ranges when a master is removed. This is done by trying to find a master that does not yet define a DNA on-deck range. If one can be found then the range on the deleted master is added. If one cannot be found then it is reported as an error. Some validation of the ranges are done to ensure that they do overlap an IPA local range and do not overlap existing DNA ranges configured on other masters. http://freeipa.org/page/V3/Recover_DNA_Ranges https://fedorahosted.org/freeipa/ticket/3321
* Run the CLEANALLRUV task when deleting a replication agreement.Rob Crittenden2012-09-171-0/+5
| | | | | | | | | | | | This adds two new commands to ipa-replica-manage: list-ruv & clean-ruv list-ruv can be use to list the update vectors the master has configugured clean-ruv can be used to fire off the CLEANRUV task to remove a replication vector. It should be used with caution. https://fedorahosted.org/freeipa/ticket/2303
* Fix replica setup using replication admin kerberos credentialsSimo Sorce2011-03-011-0/+5
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/1022
* Rename permissions and privileges to be more readable.Rob Crittenden2011-01-311-4/+4
| | | | | | | This also drops description from permissions since it seems redundant and fixes up the help text a little. ticket 792
* ACI plugin supports prefixesMartin Kosek2011-01-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | When more than one plugin produce ACIs, they share common namespace of ACI name. This may lead to name collisions between the ACIs from different plugins. This patch introduces a mandatory "prefix" attribute for non-find ACI operations which allow plugins to use their own prefixes (i.e. namespaces) which is then used when a name of the ACI is generated. Permission, Delegation and Selfservice plugins has been updated to use their own prefixes thus avoiding name collisions by using their own namespaces. Default ACIs in LDIFs has been updated to follow this new policy. Permission plugin now uses its CN (=primary key) instead of description in ACI names as Description may not be unique. This change requires an IPA server reinstall since the default ACI set has been changed. https://fedorahosted.org/freeipa/ticket/764
* Allow using Kerberos credentials with the 'connect' commandSimo Sorce2011-01-141-1/+1
| | | | | | | | Now that we can setup GSSAPI authenticated replication we are not tied to use the Directory Manager password to set up replication agreements. Fixes: https://fedorahosted.org/freeipa/ticket/644
* Move permissions and privileges to their own container, cn=pbac,$SUFFIXRob Crittenden2010-12-221-4/+4
| | | | ticket 638
* Rework old init and synch commands and use better names.Simo Sorce2010-12-211-0/+4
| | | | | | | | These commands can now be run exclusively o the replica that needs to be resynced or reinitialized and the --from command must be used to tell from which other replica it can will pull data. Fixes: https://fedorahosted.org/freeipa/ticket/626
* Remove referrals when removing agreementsSimo Sorce2010-12-211-2/+8
| | | | | | | | | Part of this fix requires also giving proper permission to change the replication agreements root. While there also fix replica-related permissions to have the classic add/modify/remove triplet of permissions. Fixes: https://fedorahosted.org/freeipa/ticket/630
* Add replication related acis to all replicasSimo Sorce2010-12-211-0/+11
Fixes: https://fedorahosted.org/freeipa/ticket/617
generated by cgit (git 2.34.1) at 2024-09-24 12:08:55 +0000