diff options
| author | Simo Sorce <ssorce@redhat.com> | 2010-11-11 18:15:28 -0500 |
|---|---|---|
| committer | Adam Young <ayoung@redhat.com> | 2010-11-22 12:42:16 -0500 |
| commit | 6a5c4763afad6fec2b49ffadbca9628a7ed162d5 (patch) | |
| tree | d3f4016a9c25f63a205e39d53eebcec5e0c35e38 /install/share/bootstrap-template.ldif | |
| parent | 61e2016ee3e52d938557c0bed0248476555b0afa (diff) | |
| download | freeipa-6a5c4763afad6fec2b49ffadbca9628a7ed162d5.tar.gz freeipa-6a5c4763afad6fec2b49ffadbca9628a7ed162d5.tar.xz freeipa-6a5c4763afad6fec2b49ffadbca9628a7ed162d5.zip | |
id ranges: change DNA configuration
Change the way we specify the id ranges to force uid and gid ranges to always
be the same. Add option to specify a maximum id.
Change DNA configuration to use shared ranges so that masters and replicas can
actually share the same overall range in a safe way.
Configure replicas so that their default range is depleted. This will force
them to fetch a range portion from the master on the first install.
fixes: https://fedorahosted.org/freeipa/ticket/198
Diffstat (limited to 'install/share/bootstrap-template.ldif')
| -rw-r--r-- | install/share/bootstrap-template.ldif | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index a767a3917..7946526b2 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -100,6 +100,18 @@ objectClass: nsContainer objectClass: top cn: masters +dn: cn=dna,cn=ipa,cn=etc,$SUFFIX +changetype: add +objectClass: nsContainer +objectClass: top +cn: dna + +dn: cn=posix-ids,cn=dna,cn=ipa,cn=etc,$SUFFIX +changetype: add +objectClass: nsContainer +objectClass: top +cn: posix-ids + dn: uid=admin,cn=users,cn=accounts,$SUFFIX changetype: add objectClass: top @@ -113,8 +125,8 @@ uid: admin krbPrincipalName: admin@$REALM cn: Administrator sn: Administrator -uidNumber: $UIDSTART -gidNumber: $GIDSTART +uidNumber: $IDSTART +gidNumber: $IDSTART homeDirectory: /home/admin loginShell: /bin/bash gecos: Administrator @@ -153,7 +165,7 @@ objectClass: posixgroup objectClass: ipausergroup cn: admins description: Account administrators group -gidNumber: $GIDSTART +gidNumber: $IDSTART member: uid=admin,cn=users,cn=accounts,$SUFFIX nsAccountLock: False @@ -164,7 +176,7 @@ objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: posixgroup -gidNumber: eval($GIDSTART+1) +gidNumber: eval($IDSTART+1) description: Default group for all users cn: ipausers @@ -174,7 +186,7 @@ objectClass: top objectClass: groupofnames objectClass: posixgroup objectClass: ipausergroup -gidNumber: eval($GIDSTART+2) +gidNumber: eval($IDSTART+2) description: Limited admins who can edit other users cn: editors |