From 6a5c4763afad6fec2b49ffadbca9628a7ed162d5 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Nov 2010 18:15:28 -0500 Subject: id ranges: change DNA configuration Change the way we specify the id ranges to force uid and gid ranges to always be the same. Add option to specify a maximum id. Change DNA configuration to use shared ranges so that masters and replicas can actually share the same overall range in a safe way. Configure replicas so that their default range is depleted. This will force them to fetch a range portion from the master on the first install. fixes: https://fedorahosted.org/freeipa/ticket/198 --- install/share/bootstrap-template.ldif | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) (limited to 'install/share/bootstrap-template.ldif') diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index a767a391..7946526b 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -100,6 +100,18 @@ objectClass: nsContainer objectClass: top cn: masters +dn: cn=dna,cn=ipa,cn=etc,$SUFFIX +changetype: add +objectClass: nsContainer +objectClass: top +cn: dna + +dn: cn=posix-ids,cn=dna,cn=ipa,cn=etc,$SUFFIX +changetype: add +objectClass: nsContainer +objectClass: top +cn: posix-ids + dn: uid=admin,cn=users,cn=accounts,$SUFFIX changetype: add objectClass: top @@ -113,8 +125,8 @@ uid: admin krbPrincipalName: admin@$REALM cn: Administrator sn: Administrator -uidNumber: $UIDSTART -gidNumber: $GIDSTART +uidNumber: $IDSTART +gidNumber: $IDSTART homeDirectory: /home/admin loginShell: /bin/bash gecos: Administrator @@ -153,7 +165,7 @@ objectClass: posixgroup objectClass: ipausergroup cn: admins description: Account administrators group -gidNumber: $GIDSTART +gidNumber: $IDSTART member: uid=admin,cn=users,cn=accounts,$SUFFIX nsAccountLock: False @@ -164,7 +176,7 @@ objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: posixgroup -gidNumber: eval($GIDSTART+1) +gidNumber: eval($IDSTART+1) description: Default group for all users cn: ipausers @@ -174,7 +186,7 @@ objectClass: top objectClass: groupofnames objectClass: posixgroup objectClass: ipausergroup -gidNumber: eval($GIDSTART+2) +gidNumber: eval($IDSTART+2) description: Limited admins who can edit other users cn: editors -- cgit