diff options
| author | Martin Basti <mbasti@redhat.com> | 2015-05-12 18:11:07 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-05-19 12:45:41 +0000 |
| commit | fbdfd688b9d04cfef3cd595a26c4cbf49f30e0f1 (patch) | |
| tree | 596f43ec2f6f4da6d9640fdaa55b15e18f1d8efb /install/updates/10-uniqueness.update | |
| parent | 99c0b918a7cdf4ea6f24b4cbe687d9cafd21de24 (diff) | |
| download | freeipa-fbdfd688b9d04cfef3cd595a26c4cbf49f30e0f1.tar.gz freeipa-fbdfd688b9d04cfef3cd595a26c4cbf49f30e0f1.tar.xz freeipa-fbdfd688b9d04cfef3cd595a26c4cbf49f30e0f1.zip | |
Server Upgrade: Fix uniqueness plugins
Due previous changes (in master branch only) the uniqueness plugins
became misconfigured.
After this patch:
* whole $SUFFIX will be checked by unique plugins
* just staged users are exluded from check
This reverts some changes in commit
52b7101c1148618d5c8e2ec25576cc7ad3e9b7bb
Since 389-ds-base 1.3.4.a1 new attribute 'uniqueness-exclude-subtrees'
can be used.
https://fedorahosted.org/freeipa/ticket/4921
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'install/updates/10-uniqueness.update')
| -rw-r--r-- | install/updates/10-uniqueness.update | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/install/updates/10-uniqueness.update b/install/updates/10-uniqueness.update index 2c9f1c555..dd8ec3a75 100644 --- a/install/updates/10-uniqueness.update +++ b/install/updates/10-uniqueness.update @@ -59,8 +59,8 @@ default:nsslapd-pluginInitfunc: NSUniqueAttr_Init default:nsslapd-pluginType: preoperation default:nsslapd-pluginEnabled: on default:uniqueness-attribute-name: uid -default:uniqueness-subtrees: cn=accounts,$SUFFIX -default:uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX +default:uniqueness-subtrees: $SUFFIX +default:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX default:uniqueness-across-all-subtrees: on default:uniqueness-subtree-entries-oc: posixAccount default:nsslapd-plugin-depends-on-type: database @@ -71,30 +71,22 @@ default:nsslapd-pluginDescription: Enforce unique attribute values # uid uniqueness scopes Active/Delete containers dn: cn=uid uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees: $SUFFIX -add:uniqueness-subtrees: cn=accounts,$SUFFIX -add:uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX +add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX remove:uniqueness-across-all-subtrees: off add:uniqueness-across-all-subtrees: on add:uniqueness-subtree-entries-oc: posixAccount # krbPrincipalName uniqueness scopes Active/Delete containers dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees: $SUFFIX -add:uniqueness-subtrees: cn=accounts,$SUFFIX -add:uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX +add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX add:uniqueness-across-all-subtrees: on # krbCanonicalName uniqueness scopes Active/Delete containers dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees: $SUFFIX -add:uniqueness-subtrees: cn=accounts,$SUFFIX -add:uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX +add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX add:uniqueness-across-all-subtrees: on # ipaUniqueID uniqueness scopes Active/Delete containers dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees: $SUFFIX -add:uniqueness-subtrees: cn=accounts,$SUFFIX -add:uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX +add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX add:uniqueness-across-all-subtrees: on |