diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-02-02 14:15:02 -0500 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-02-15 17:24:16 +0100 |
commit | af52c4d31e0740e0378035119f6463fc13d58737 (patch) | |
tree | 0291ca8ef26e92f5f00b5ad1b1bb5e298f54d92f | |
parent | 2da6d6e7460b932f406b7f0632320433f9f98a85 (diff) | |
download | freeipa-af52c4d31e0740e0378035119f6463fc13d58737.tar.gz freeipa-af52c4d31e0740e0378035119f6463fc13d58737.tar.xz freeipa-af52c4d31e0740e0378035119f6463fc13d58737.zip |
Update S4U2proxy delegation list when creating replicas
-rw-r--r-- | install/share/Makefile.am | 1 | ||||
-rw-r--r-- | install/share/replica-s4u2proxy.ldif | 9 | ||||
-rw-r--r-- | install/updates/30-s4u2proxy.update | 2 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 4 |
4 files changed, 15 insertions, 1 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 682a57c7d..eefa35343 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -54,6 +54,7 @@ app_DATA = \ sudobind.ldif \ automember.ldif \ replica-automember.ldif \ + replica-s4u2proxy.ldif \ $(NULL) EXTRA_DIST = \ diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif new file mode 100644 index 000000000..3cafa46c2 --- /dev/null +++ b/install/share/replica-s4u2proxy.ldif @@ -0,0 +1,9 @@ +dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX +changetype: modify +add: memberPrincipal +memberPrincipal: HTTP/$FQDN@$REALM + +dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX +changetype: modify +add: memberPrincipal +memberPrincipal: ldap/$FQDN@$REALM diff --git a/install/updates/30-s4u2proxy.update b/install/updates/30-s4u2proxy.update index 0775a69ee..99b7a9cfc 100644 --- a/install/updates/30-s4u2proxy.update +++ b/install/updates/30-s4u2proxy.update @@ -9,7 +9,7 @@ default: objectClass: groupOfPrincipals default: objectClass: top default: cn: ipa-http-delegation default: memberPrincipal: HTTP/$FQDN@$REALM -default: ipaAllowedTarget: 'cn=ipa-ldap-delegation-targets,cn=etc,$SUFFIX' +default: ipaAllowedTarget: 'cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX' dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX default: objectClass: groupOfPrincipals diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 77fe7d06d..2fb749f17 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -247,6 +247,7 @@ class DsInstance(service.Service): self.step("adding replication acis", self.__add_replication_acis) # See LDIFs for automember configuration during replica install self.step("setting Auto Member configuration", self.__add_replica_automember_config) + self.step("enabling S4U2Proxy delegation", self.__setup_s4u2proxy) self.__common_post_setup() @@ -544,6 +545,9 @@ class DsInstance(service.Service): def __add_replication_acis(self): self._ldap_mod("replica-acis.ldif", self.sub_dict) + def __setup_s4u2proxy(self): + self._ldap_mod("replica-s4u2proxy.ldif", self.sub_dict) + def __create_indices(self): self._ldap_mod("indices.ldif") |