From c9c55a2845fd8471bc609a23f5a32d252f7df04c Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 17 Sep 2012 17:45:42 +0200 Subject: Run the CLEANALLRUV task when deleting a replication agreement. This adds two new commands to ipa-replica-manage: list-ruv & clean-ruv list-ruv can be use to list the update vectors the master has configugured clean-ruv can be used to fire off the CLEANRUV task to remove a replication vector. It should be used with caution. https://fedorahosted.org/freeipa/ticket/2303 --- install/updates/40-replication.update | 4 ++++ install/updates/Makefile.am | 1 + 2 files changed, 5 insertions(+) create mode 100644 install/updates/40-replication.update (limited to 'install/updates') diff --git a/install/updates/40-replication.update b/install/updates/40-replication.update new file mode 100644 index 00000000..f9e0496b --- /dev/null +++ b/install/updates/40-replication.update @@ -0,0 +1,4 @@ +# Let a delegated user put the database into read-only mode when deleting +# an agreement. +dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config +add:aci: '(targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)' diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 9e068966..1233126b 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -26,6 +26,7 @@ app_DATA = \ 25-referint.update \ 30-s4u2proxy.update \ 40-delegation.update \ + 40-replication.update \ 40-dns.update \ 40-automember.update \ 45-roles.update \ -- cgit