diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2012-02-02 14:15:02 -0500 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-02-15 17:24:33 +0100 |
| commit | e3d9302741c569e81692ba789c9626832eef5a7f (patch) | |
| tree | 7a02807a2c8d2af341ffdcd4629a4faec48d37b7 | |
| parent | abd3ae2a82c5e6e5e9a26038ba532494068c0ffa (diff) | |
| download | freeipa.git-e3d9302741c569e81692ba789c9626832eef5a7f.tar.gz freeipa.git-e3d9302741c569e81692ba789c9626832eef5a7f.tar.xz freeipa.git-e3d9302741c569e81692ba789c9626832eef5a7f.zip | |
Update S4U2proxy delegation list when creating replicas
| -rw-r--r-- | install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | install/share/replica-s4u2proxy.ldif | 9 | ||||
| -rw-r--r-- | install/updates/30-s4u2proxy.update | 2 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 4 |
4 files changed, 15 insertions, 1 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 991f3b47..c33e0a54 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -53,6 +53,7 @@ app_DATA = \ sudobind.ldif \ automember.ldif \ replica-automember.ldif \ + replica-s4u2proxy.ldif \ $(NULL) EXTRA_DIST = \ diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif new file mode 100644 index 00000000..3cafa46c --- /dev/null +++ b/install/share/replica-s4u2proxy.ldif @@ -0,0 +1,9 @@ +dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX +changetype: modify +add: memberPrincipal +memberPrincipal: HTTP/$FQDN@$REALM + +dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX +changetype: modify +add: memberPrincipal +memberPrincipal: ldap/$FQDN@$REALM diff --git a/install/updates/30-s4u2proxy.update b/install/updates/30-s4u2proxy.update index 0775a69e..99b7a9cf 100644 --- a/install/updates/30-s4u2proxy.update +++ b/install/updates/30-s4u2proxy.update @@ -9,7 +9,7 @@ default: objectClass: groupOfPrincipals default: objectClass: top default: cn: ipa-http-delegation default: memberPrincipal: HTTP/$FQDN@$REALM -default: ipaAllowedTarget: 'cn=ipa-ldap-delegation-targets,cn=etc,$SUFFIX' +default: ipaAllowedTarget: 'cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX' dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX default: objectClass: groupOfPrincipals diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 77fe7d06..2fb749f1 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -247,6 +247,7 @@ class DsInstance(service.Service): self.step("adding replication acis", self.__add_replication_acis) # See LDIFs for automember configuration during replica install self.step("setting Auto Member configuration", self.__add_replica_automember_config) + self.step("enabling S4U2Proxy delegation", self.__setup_s4u2proxy) self.__common_post_setup() @@ -544,6 +545,9 @@ class DsInstance(service.Service): def __add_replication_acis(self): self._ldap_mod("replica-acis.ldif", self.sub_dict) + def __setup_s4u2proxy(self): + self._ldap_mod("replica-s4u2proxy.ldif", self.sub_dict) + def __create_indices(self): self._ldap_mod("indices.ldif") |