summaryrefslogtreecommitdiffstats
path: root/install/share/ca-topology.uldif
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2015-08-07 15:14:58 -0400
committerSimo Sorce <simo@redhat.com>2015-10-01 16:20:49 -0400
commitbbd4a394f8dddd6f07730a91b6e4583f51473cce (patch)
tree37f9bed3463c99334f998cea88b96c955ff9bc93 /install/share/ca-topology.uldif
parent7142caf4351a025a72051577775e3cf8969562aa (diff)
downloadfreeipa-bbd4a394f8dddd6f07730a91b6e4583f51473cce.tar.gz
freeipa-bbd4a394f8dddd6f07730a91b6e4583f51473cce.tar.xz
freeipa-bbd4a394f8dddd6f07730a91b6e4583f51473cce.zip
Allow to setup the CA when promoting a replica
This patch makes --setup-ca work to set upa clone CA while creating a new replica. The standalone ipa-ca-install script is not converted yet though. Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'install/share/ca-topology.uldif')
-rw-r--r--install/share/ca-topology.uldif5
1 files changed, 5 insertions, 0 deletions
diff --git a/install/share/ca-topology.uldif b/install/share/ca-topology.uldif
index 3da9eaee1..8c9998cbc 100644
--- a/install/share/ca-topology.uldif
+++ b/install/share/ca-topology.uldif
@@ -11,5 +11,10 @@ default: ipaReplTopoConfRoot: o=ipaca
default: cn: ipaca
# Update CA replication settings
+dn: cn=o\3Dipaca,cn=mapping tree,cn=config
+add: aci: (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)
+add: aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)
+add: aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";)
+
dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
onlyifexist: nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX