diff options
| author | Martin Basti <mbasti@redhat.com> | 2015-02-23 17:46:46 +0100 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2015-03-05 12:43:35 +0100 |
| commit | 52b7101c1148618d5c8e2ec25576cc7ad3e9b7bb (patch) | |
| tree | 1a69f4c13728c9ca7141ed1e32552b4d65f37474 /install | |
| parent | 4b2ec5468fd8b76d118f919f8d02ca4fccee9aab (diff) | |
Fix uniqueness plugins
* add uniqueness-subtree-entries-oc:posixAccount to ensure idviews users
will not be forced to have unique uid
* remove unneded update plugins -> update was moved to .update file
* add uniqueness-across-all-subtrees required by user lifecycle
management
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'install')
| -rw-r--r-- | install/share/unique-attributes.ldif | 30 | ||||
| -rw-r--r-- | install/updates/10-uniqueness.update | 54 |
2 files changed, 48 insertions, 36 deletions
diff --git a/install/share/unique-attributes.ldif b/install/share/unique-attributes.ldif index ea38ac753..7e1e53fbc 100644 --- a/install/share/unique-attributes.ldif +++ b/install/share/unique-attributes.ldif @@ -9,12 +9,14 @@ nsslapd-pluginInitfunc: NSUniqueAttr_Init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on uniqueness-attribute-name: krbPrincipalName -uniqueness-subtrees: $SUFFIX nsslapd-plugin-depends-on-type: database nsslapd-pluginId: NSUniqueAttr nsslapd-pluginVersion: 1.1.0 nsslapd-pluginVendor: Fedora Project nsslapd-pluginDescription: Enforce unique attribute values +uniqueness-subtrees: cn=accounts,$SUFFIX +uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX +uniqueness-across-all-subtrees: on dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config changetype: add @@ -27,12 +29,14 @@ nsslapd-pluginInitfunc: NSUniqueAttr_Init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on uniqueness-attribute-name: krbCanonicalName -uniqueness-subtrees: $SUFFIX nsslapd-plugin-depends-on-type: database nsslapd-pluginId: NSUniqueAttr nsslapd-pluginVersion: 1.1.0 nsslapd-pluginVendor: Fedora Project nsslapd-pluginDescription: Enforce unique attribute values +uniqueness-subtrees: cn=accounts,$SUFFIX +uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX +uniqueness-across-all-subtrees: on dn: cn=netgroup uniqueness,cn=plugins,cn=config changetype: add @@ -63,12 +67,14 @@ nsslapd-pluginInitfunc: NSUniqueAttr_Init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on uniqueness-attribute-name: ipaUniqueID -uniqueness-subtrees: $SUFFIX nsslapd-plugin-depends-on-type: database nsslapd-pluginId: NSUniqueAttr nsslapd-pluginVersion: 1.1.0 nsslapd-pluginVendor: Fedora Project nsslapd-pluginDescription: Enforce unique attribute values +uniqueness-subtrees: cn=accounts,$SUFFIX +uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX +uniqueness-across-all-subtrees: on dn: cn=sudorule name uniqueness,cn=plugins,cn=config changetype: add @@ -87,21 +93,3 @@ nsslapd-plugin-depends-on-type: database nsslapd-pluginId: NSUniqueAttr nsslapd-pluginVersion: 1.1.0 nsslapd-pluginVendor: Fedora Project - -#dn: cn=uid uniqueness,cn=plugins,cn=config -#objectClass: top -#objectClass: nsSlapdPlugin -#objectClass: extensibleObject -#cn: uid uniqueness -#nsslapd-pluginPath: libattr-unique-plugin -#nsslapd-pluginInitfunc: NSUniqueAttr_Init -#nsslapd-pluginType: preoperation -#nsslapd-pluginEnabled: on -#uniqueness-attribute-name: uid -#uniqueness-subtrees: cn=accounts,$SUFFIX -#nsslapd-plugin-depends-on-type: database -#nsslapd-pluginId: NSUniqueAttr -#nsslapd-pluginVersion: 1.1.0 -#nsslapd-pluginVendor: Fedora Project -#nsslapd-pluginDescription: Enforce unique attribute values -# diff --git a/install/updates/10-uniqueness.update b/install/updates/10-uniqueness.update index b6e2fff6d..7bb0f4c39 100644 --- a/install/updates/10-uniqueness.update +++ b/install/updates/10-uniqueness.update @@ -49,28 +49,52 @@ default:nsslapd-pluginId: NSUniqueAttr default:nsslapd-pluginVersion: 1.1.0 default:nsslapd-pluginVendor: Fedora Project +dn: cn=uid uniqueness,cn=plugins,cn=config +default:objectClass: top +default:objectClass: nsSlapdPlugin +default:objectClass: extensibleObject +default:cn: uid uniqueness +default:nsslapd-pluginPath: libattr-unique-plugin +default:nsslapd-pluginInitfunc: NSUniqueAttr_Init +default:nsslapd-pluginType: preoperation +default:nsslapd-pluginEnabled: on +default:uniqueness-attribute-name: uid +default:uniqueness-subtrees: 'cn=accounts,$SUFFIX' +default:uniqueness-subtrees: 'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +default:uniqueness-across-all-subtrees: on +default:uniqueness-subtree-entries-oc: posixAccount +default:nsslapd-plugin-depends-on-type: database +default:nsslapd-pluginId: NSUniqueAttr +default:nsslapd-pluginVersion: 1.1.0 +default:nsslapd-pluginVendor: Fedora Project +default:nsslapd-pluginDescription: Enforce unique attribute values + # uid uniqueness scopes Active/Delete containers -dn: cn=attribute uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees:'$SUFFIX' -add:uniqueness-subtrees:'cn=accounts,$SUFFIX' -add:uniqueness-subtrees:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' -remove:nsslapd-pluginenabled:off -add:nsslapd-pluginenabled:on +dn: cn=uid uniqueness,cn=plugins,cn=config +remove:uniqueness-subtrees: '$SUFFIX' +add:uniqueness-subtrees: 'cn=accounts,$SUFFIX' +add:uniqueness-subtrees: 'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +remove:uniqueness-across-all-subtrees: off +add:uniqueness-across-all-subtrees: on +add:uniqueness-subtree-entries-oc: posixAccount # krbPrincipalName uniqueness scopes Active/Delete containers dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees:'$SUFFIX' -add:uniqueness-subtrees:'cn=accounts,$SUFFIX' -add:uniqueness-subtrees:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +remove:uniqueness-subtrees: '$SUFFIX' +add:uniqueness-subtrees: 'cn=accounts,$SUFFIX' +add:uniqueness-subtrees: 'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +add:uniqueness-across-all-subtrees: on # krbCanonicalName uniqueness scopes Active/Delete containers dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees:'$SUFFIX' -add:uniqueness-subtrees:'cn=accounts,$SUFFIX' -add:uniqueness-subtrees:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +remove:uniqueness-subtrees: '$SUFFIX' +add:uniqueness-subtrees: 'cn=accounts,$SUFFIX' +add:uniqueness-subtrees: 'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +add:uniqueness-across-all-subtrees: on # ipaUniqueID uniqueness scopes Active/Delete containers dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config -remove:uniqueness-subtrees:'$SUFFIX' -add:uniqueness-subtrees:'cn=accounts,$SUFFIX' -add:uniqueness-subtrees:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +remove:uniqueness-subtrees: '$SUFFIX' +add:uniqueness-subtrees: 'cn=accounts,$SUFFIX' +add:uniqueness-subtrees: 'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX' +add:uniqueness-across-all-subtrees: on |