4 files changed, 14 insertions, 11 deletions

diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index fda3ae2ac..5e8df7771 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -114,6 +114,7 @@ objectClass: posixaccount
 objectClass: krbprincipalaux
 objectClass: krbticketpolicyaux
 objectClass: inetuser
+objectClass: ipaobject
 uid: admin
 krbPrincipalName: admin@$REALM
 cn: Administrator
@@ -124,6 +125,7 @@ homeDirectory: /home/admin
 loginShell: /bin/bash
 gecos: Administrator
 nsAccountLock: False
+ipaUniqueID: autogenerate
 
 dn: cn=radius,$SUFFIX
 changetype: add
diff --git a/install/share/default-hbac.ldif b/install/share/default-hbac.ldif
index 29ec88838..b7b6ba284 100644
--- a/install/share/default-hbac.ldif
+++ b/install/share/default-hbac.ldif
@@ -1,5 +1,5 @@
 # default HBAC policy that grants permission to all services
-dn: ipauniqueid=$UUID,cn=hbac,$SUFFIX
+dn: ipauniqueid=autogenerate,cn=hbac,$SUFFIX
 changetype: add
 objectclass: ipaassociation
 objectclass: ipahbacrule
@@ -11,5 +11,5 @@ sourcehostcategory: all
 servicecategory: all
 ipaenabledflag: TRUE
 description: Allow all users to access any host from any host
-# ipauniqueid gets added for us by 389-ds
+ipauniqueid: autogenerate
 
diff --git a/install/share/uuid-ipauniqueid.ldif b/install/share/uuid-ipauniqueid.ldif
index 7041889ba..c8d08cd9b 100644
--- a/install/share/uuid-ipauniqueid.ldif
+++ b/install/share/uuid-ipauniqueid.ldif
@@ -5,6 +5,7 @@ objectclass: top
 objectclass: extensibleObject
 cn: IPA Unique IDs
 ipaUuidAttr: ipaUniqueID
-ipaUuidMagicRegen: 0
+ipaUuidMagicRegen: autogenerate
 ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation))
 ipaUuidScope: $SUFFIX
+ipaUuidEnforce: TRUE
diff --git a/install/updates/30-hbacsvc.update b/install/updates/30-hbacsvc.update
index 229c0f143..9bbdeacc8 100644
--- a/install/updates/30-hbacsvc.update
+++ b/install/updates/30-hbacsvc.update
@@ -3,49 +3,49 @@ default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: sshd
 default:description: sshd
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=ftp,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: ftp
 default:description: ftp
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=su,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: su
 default:description: su
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=login,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: login
 default:description: login
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=su-l,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: su-l
 default:description: su with login shell
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: sudo
 default:description: sudo
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=sudo-i,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: sudo-i
 default:description: sudo-i
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=SUDO,cn=hbacservicegroups,cn=accounts,$SUFFIX
 default:objectClass: ipaobject
@@ -54,7 +54,7 @@ default:objectClass: nestedGroup
 default:objectClass: groupOfNames
 default:objectClass: top
 default:cn: SUDO
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 default:description: Default group of SUDO related services
 default:member: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
 default:member: cn=sudo-i,cn=hbacservices,cn=accounts,$SUFFIX