diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2013-03-01 15:02:14 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2013-03-13 10:32:36 -0400 |
| commit | 9005b9bc8aac7c1381aadb7d17107ebbebae005d (patch) | |
| tree | 15c0b3ce22d95e265130bf8fcb815bdf79e6b4dc /install/share | |
| parent | 63407ed477035765dda38fbead1353d4f47ac26a (diff) | |
| download | freeipa-9005b9bc8aac7c1381aadb7d17107ebbebae005d.tar.gz freeipa-9005b9bc8aac7c1381aadb7d17107ebbebae005d.tar.xz freeipa-9005b9bc8aac7c1381aadb7d17107ebbebae005d.zip | |
Extend ipa-replica-manage to be able to manage DNA ranges.
Attempt to automatically save DNA ranges when a master is removed.
This is done by trying to find a master that does not yet define
a DNA on-deck range. If one can be found then the range on the deleted
master is added.
If one cannot be found then it is reported as an error.
Some validation of the ranges are done to ensure that they do overlap
an IPA local range and do not overlap existing DNA ranges configured
on other masters.
http://freeipa.org/page/V3/Recover_DNA_Ranges
https://fedorahosted.org/freeipa/ticket/3321
Diffstat (limited to 'install/share')
| -rw-r--r-- | install/share/delegation.ldif | 9 | ||||
| -rw-r--r-- | install/share/replica-acis.ldif | 5 |
2 files changed, 14 insertions, 0 deletions
diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif index f62062fe4..14069586c 100644 --- a/install/share/delegation.ldif +++ b/install/share/delegation.ldif @@ -545,6 +545,15 @@ cn: Remove Replication Agreements ipapermissiontype: SYSTEM member: cn=Replication Administrators,cn=privileges,cn=pbac,$SUFFIX +dn: cn=Modify DNA Range,cn=permissions,cn=pbac,$SUFFIX +changetype: add +objectClass: top +objectClass: groupofnames +objectClass: ipapermission +cn: Modify DNA Range +ipapermissiontype: SYSTEM +member: cn=Replication Administrators,cn=privileges,cn=pbac,$SUFFIX + # Entitlement management dn: cn=Register Entitlements,cn=permissions,cn=pbac,$SUFFIX diff --git a/install/share/replica-acis.ldif b/install/share/replica-acis.ldif index 65dfb7a66..f4e96139f 100644 --- a/install/share/replica-acis.ldif +++ b/install/share/replica-acis.ldif @@ -20,6 +20,11 @@ changetype: modify add: aci aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,$SUFFIX";) +dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config +changetype: modify +add: aci +aci: (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,$SUFFIX";) + dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config changetype: modify add: aci |