summaryrefslogtreecommitdiffstats
path: root/install/tools
diff options
context:
space:
mode:
Diffstat (limited to 'install/tools')
-rwxr-xr-xinstall/tools/ipa-adtrust-install5
-rw-r--r--install/tools/man/ipa-adtrust-install.110
2 files changed, 14 insertions, 1 deletions
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 4285642e6..52179038e 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -61,6 +61,9 @@ def parse_options():
parser.add_option("-A", "--admin-name",
sensitive=True, dest="admin_name", default='admin',
help="admin user principal")
+ parser.add_option("--add-sids", dest="add_sids", action="store_true",
+ default=False, help="Add SIDs for existing users and" \
+ "groups as the final step")
options, args = parser.parse_args()
safe_options = parser.get_safe_opts(options)
@@ -250,7 +253,7 @@ def main():
smb.autobind = service.ENABLED
smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
netbios_name, options.rid_base, options.secondary_rid_base,
- options.no_msdcs)
+ options.no_msdcs, options.add_sids)
smb.find_local_id_range()
smb.create_instance()
diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1
index fa63bca3c..9204b7d5f 100644
--- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1
@@ -71,6 +71,16 @@ are needed for the IPA domain which should point to all IPA servers:
.IP
\(bu _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs
.TP
+\fB\-\-add\-sids\fR
+Add SIDs to existing users and groups as a final step of the
+ipa\-adtrust\-install run. If there a many existing users and groups and a
+couple of replicas in the environment this operation might lead to a high
+replication traffic and a performance degradation of all IPA servers in the
+environment. To avoid this the SID generation can be run after
+ipa\-adtrust\-install is run and scheduled independently. To start this task
+you have to load an edited version of ipa-sidgen-task-run.ldif with the
+ldapmodify command info the directory server.
+.TP
\fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input
.TP