summaryrefslogtreecommitdiffstats
path: root/install/updates/10-config.update
blob: fe7a4bd06d0390bc3ce7aceaa7ada42b67caf96a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Enforce matching SSL certificate host names when 389-ds acts as an SSL
# client. A restart is necessary for this to take effect, we do one when
# upgrading.
dn: cn=config
only:nsslapd-ssl-check-hostname: on

# Remove incorrect placement
dn: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config
remove: nsslapd-pluginPrecedence: 60

# Set the precedence of the ipa-modrdn plugin so it runs after other
# plugins (the default is 50).
dn: cn=IPA MODRDN,cn=plugins,cn=config
only: nsslapd-pluginPrecedence: 60

# Set limits to suite better IPA deployment sizes, defaults are too
# conservative
dn: cn=config
default: nsslapd-sizelimit:100000

dn: cn=config,cn=ldbm database,cn=plugins,cn=config
replace: nsslapd-lookthroughlimit:5000::100000
replace: nsslapd-idlistscanlimit:4000::100000

#Set much lower limits for anonymous searhes
dn: cn=anonymous-limits,cn=etc,$SUFFIX
default:objectclass:nsContainer
default:objectclass:top
default:cn: anonymous-limits
default:nsSizeLimit: 5000
default:nsLookThroughLimit: 5000

dn: cn=config
add:nsslapd-anonlimitsdn:cn=anonymous-limits,cn=etc,$SUFFIX