From 6a5c4763afad6fec2b49ffadbca9628a7ed162d5 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Nov 2010 18:15:28 -0500 Subject: id ranges: change DNA configuration Change the way we specify the id ranges to force uid and gid ranges to always be the same. Add option to specify a maximum id. Change DNA configuration to use shared ranges so that masters and replicas can actually share the same overall range in a safe way. Configure replicas so that their default range is depleted. This will force them to fetch a range portion from the master on the first install. fixes: https://fedorahosted.org/freeipa/ticket/198 --- install/share/Makefile.am | 3 +-- install/share/bootstrap-template.ldif | 22 +++++++++++++++++----- install/share/dna-posix.ldif | 30 ------------------------------ install/share/dna-upg.ldif | 16 ---------------- install/share/dna.ldif | 17 +++++++++++++++++ install/share/master-entry.ldif | 2 -- 6 files changed, 35 insertions(+), 55 deletions(-) delete mode 100644 install/share/dna-posix.ldif delete mode 100644 install/share/dna-upg.ldif create mode 100644 install/share/dna.ldif (limited to 'install/share') diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 3423ce28..8fa84f9a 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -32,8 +32,7 @@ app_DATA = \ krbrealm.con.template \ preferences.html.template \ referint-conf.ldif \ - dna-posix.ldif \ - dna-upg.ldif \ + dna.ldif \ master-entry.ldif \ memberof-task.ldif \ memberof-conf.ldif \ diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index a767a391..7946526b 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -100,6 +100,18 @@ objectClass: nsContainer objectClass: top cn: masters +dn: cn=dna,cn=ipa,cn=etc,$SUFFIX +changetype: add +objectClass: nsContainer +objectClass: top +cn: dna + +dn: cn=posix-ids,cn=dna,cn=ipa,cn=etc,$SUFFIX +changetype: add +objectClass: nsContainer +objectClass: top +cn: posix-ids + dn: uid=admin,cn=users,cn=accounts,$SUFFIX changetype: add objectClass: top @@ -113,8 +125,8 @@ uid: admin krbPrincipalName: admin@$REALM cn: Administrator sn: Administrator -uidNumber: $UIDSTART -gidNumber: $GIDSTART +uidNumber: $IDSTART +gidNumber: $IDSTART homeDirectory: /home/admin loginShell: /bin/bash gecos: Administrator @@ -153,7 +165,7 @@ objectClass: posixgroup objectClass: ipausergroup cn: admins description: Account administrators group -gidNumber: $GIDSTART +gidNumber: $IDSTART member: uid=admin,cn=users,cn=accounts,$SUFFIX nsAccountLock: False @@ -164,7 +176,7 @@ objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: posixgroup -gidNumber: eval($GIDSTART+1) +gidNumber: eval($IDSTART+1) description: Default group for all users cn: ipausers @@ -174,7 +186,7 @@ objectClass: top objectClass: groupofnames objectClass: posixgroup objectClass: ipausergroup -gidNumber: eval($GIDSTART+2) +gidNumber: eval($IDSTART+2) description: Limited admins who can edit other users cn: editors diff --git a/install/share/dna-posix.ldif b/install/share/dna-posix.ldif deleted file mode 100644 index 2b77a0fd..00000000 --- a/install/share/dna-posix.ldif +++ /dev/null @@ -1,30 +0,0 @@ -# add plugin configuration for posix users - -dn: cn=Posix Accounts,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config -changetype: add -objectclass: top -objectclass: extensibleObject -cn: Posix Accounts -dnaType: uidNumber -dnaNextValue: eval($UIDSTART+1) -dnaInterval: 1 -dnaMaxValue: eval($UIDSTART+100000) -dnaMagicRegen: 999 -dnaFilter: (objectclass=posixAccount) -dnaScope: $SUFFIX - -# add plugin configuration for posix groups - -dn: cn=Posix Groups,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config -changetype: add -objectclass: top -objectclass: extensibleObject -cn: Posix Groups -dnaType: gidNumber -dnaNextValue: eval($GIDSTART+3) -dnaInterval: 1 -dnaMaxValue: eval($GIDSTART+100000) -dnaMagicRegen: 999 -dnaFilter: (objectclass=posixGroup) -dnaScope: $SUFFIX - diff --git a/install/share/dna-upg.ldif b/install/share/dna-upg.ldif deleted file mode 100644 index c4edcfaa..00000000 --- a/install/share/dna-upg.ldif +++ /dev/null @@ -1,16 +0,0 @@ -# add plugin configuration for user private groups - -dn: cn=User Private Groups,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config -changetype: add -objectclass: top -objectclass: extensibleObject -cn: Posix Accounts -dnaType: uidNumber -dnaType: gidNumber -dnaNextValue: eval($UIDSTART+1) -dnaInterval: 1 -dnaMaxValue: eval($UIDSTART+100000) -dnaMagicRegen: 999 -dnaFilter: (|(objectclass=posixAccount)(objectClass=posixGroup)) -dnaScope: $SUFFIX - diff --git a/install/share/dna.ldif b/install/share/dna.ldif new file mode 100644 index 00000000..5707d3a6 --- /dev/null +++ b/install/share/dna.ldif @@ -0,0 +1,17 @@ +# add plugin configuration for user private groups + +dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config +changetype: add +objectclass: top +objectclass: extensibleObject +cn: Posix IDs +dnaType: uidNumber +dnaType: gidNumber +dnaNextValue: eval($IDSTART) +dnaMaxValue: eval($IDMAX) +dnaMagicRegen: 999 +dnaFilter: (|(objectclass=posixAccount)(objectClass=posixGroup)) +dnaScope: $SUFFIX +dnaThreshold: 500 +dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,$SUFFIX + diff --git a/install/share/master-entry.ldif b/install/share/master-entry.ldif index 09c1d44f..2c007ad5 100644 --- a/install/share/master-entry.ldif +++ b/install/share/master-entry.ldif @@ -3,5 +3,3 @@ changetype: add objectclass: top objectclass: extensibleObject cn: $FQHN -dnabase: 1100 -dnainterval: 4 -- cgit