diff options
| -rw-r--r-- | install/updates/10-uniqueness.update | 26 | ||||
| -rw-r--r-- | install/updates/20-dna.update | 4 | ||||
| -rw-r--r-- | install/updates/20-syncrepl.update | 6 | ||||
| -rw-r--r-- | install/updates/30-provisioning.update | 21 | ||||
| -rw-r--r-- | install/updates/Makefile.am | 1 |
5 files changed, 57 insertions, 1 deletions
diff --git a/install/updates/10-uniqueness.update b/install/updates/10-uniqueness.update index a336d3480..c9641c47f 100644 --- a/install/updates/10-uniqueness.update +++ b/install/updates/10-uniqueness.update @@ -48,3 +48,29 @@ default:nsslapd-plugin-depends-on-type: database default:nsslapd-pluginId: NSUniqueAttr default:nsslapd-pluginVersion: 1.1.0 default:nsslapd-pluginVendor: Fedora Project + +# uid uniqueness scopes Active/Delete containers +dn: cn=attribute uniqueness,cn=plugins,cn=config +remove:nsslapd-pluginarg1:'$SUFFIX' +add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX' +add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +remove:nsslapd-pluginenabled:off +add:nsslapd-pluginenabled:on + +# krbPrincipalName uniqueness scopes Active/Delete containers +dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config +remove:nsslapd-pluginarg1:'$SUFFIX' +add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX' +add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' + +# krbCanonicalName uniqueness scopes Active/Delete containers +dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config +remove:nsslapd-pluginarg1:'$SUFFIX' +add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX' +add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' + +# ipaUniqueID uniqueness scopes Active/Delete containers +dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config +remove:nsslapd-pluginarg1:'$SUFFIX' +add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX' +add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' diff --git a/install/updates/20-dna.update b/install/updates/20-dna.update index 04047dd12..719195e92 100644 --- a/install/updates/20-dna.update +++ b/install/updates/20-dna.update @@ -2,9 +2,11 @@ dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config only:nsslapd-pluginEnabled: on -# Change the magic value to -1 +# Change the magic value to -1 and restrict DNA to active accounts dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config only:dnaMagicRegen: -1 +remove:dnaScope: '$SUFFIX' +add:dnaScope: 'cn=accounts,$SUFFIX' dn: cn=ipa-winsync,cn=plugins,cn=config remove:ipaWinSyncUserAttr: uidNumber 999 diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update index e1184bf48..7a26f7b68 100644 --- a/install/updates/20-syncrepl.update +++ b/install/updates/20-syncrepl.update @@ -10,11 +10,17 @@ add:nsslapd-changelogmaxage: 2d # indices for cn=changelog. dn: cn=MemberOf Plugin,cn=plugins,cn=config add:memberofentryscope: '$SUFFIX' +add:memberofentryscopeexcludesubtree: 'cn=provisioning,$SUFFIX' dn: cn=referential integrity postoperation,cn=plugins,cn=config add:nsslapd-plugincontainerscope: '$SUFFIX' add:nsslapd-pluginentryscope: '$SUFFIX' +add:nsslapd-pluginExcludeEntryScope: 'cn=provisioning,$SUFFIX' # Enable SyncRepl dn: cn=Content Synchronization,cn=plugins,cn=config only:nsslapd-pluginEnabled: on + +# Make sure IPA UUID does not generate ipaUniqueID for Stage/Delete entries +dn: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config +add:ipaUuidExcludeSubtree: 'cn=provisioning,$SUFFIX' diff --git a/install/updates/30-provisioning.update b/install/updates/30-provisioning.update new file mode 100644 index 000000000..ef6d01a44 --- /dev/null +++ b/install/updates/30-provisioning.update @@ -0,0 +1,21 @@ +# bootstrap the user life cycle DIT structure. + +dn: cn=provisioning,$SUFFIX +add: objectclass: top +add: objectclass: nsContainer +add: cn: provisioning + +dn: cn=accounts,cn=provisioning,$SUFFIX +add: objectclass: top +add: objectclass: nsContainer +add: cn: accounts + +dn: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX +add: objectclass: top +add: objectclass: nsContainer +add: cn: staged users + +dn: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX +add: objectclass: top +add: objectclass: nsContainer +add: cn: staged users diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index f26eaeee0..1d912a7d2 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -21,6 +21,7 @@ app_DATA = \ 21-ca_renewal_container.update \ 21-certstore_container.update \ 25-referint.update \ + 30-provisioning.update \ 30-s4u2proxy.update \ 40-delegation.update \ 40-realm_domains.update \ |