IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-28 01:41:14 -06:00
Code Issues Packages Projects Releases Wiki Activity
54a91c3ed3
freeipa/install/updates/20-syncrepl.update

28 lines
1.1 KiB
Plaintext
Raw Normal View History

Limit memberOf and refInt DS plugins to main IPA suffix. This drastically improves performance of retro changelog trimming. https://fedorahosted.org/freeipa/ticket/3967
2014-01-23 05:22:38 -06:00
# Enable Retro changelog - it is necessary for SyncRepl
Enable Retro Changelog and Content Synchronization DS plugins Enable Retro Changelog and Content Synchronization DS plugins which are required for SyncRepl support. Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+. https://fedorahosted.org/freeipa/ticket/3967
2013-10-25 05:41:25 -05:00
dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
only:nsslapd-pluginEnabled: on
Limit memberOf and refInt DS plugins to main IPA suffix. This drastically improves performance of retro changelog trimming. https://fedorahosted.org/freeipa/ticket/3967
2014-01-23 05:22:38 -06:00
# Remember original nsuniqueid for objects referenced from cn=changelog
Enable Retro Changelog and Content Synchronization DS plugins Enable Retro Changelog and Content Synchronization DS plugins which are required for SyncRepl support. Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+. https://fedorahosted.org/freeipa/ticket/3967
2013-10-25 05:41:25 -05:00
add:nsslapd-attribute: nsuniqueid:targetUniqueId
add:nsslapd-changelogmaxage: 2d
Exclude o=ipaca subtree from Retro Changelog (syncrepl) CA and DS have issues with Retro Changelog plugin. CA subtree should be excluded from syncrepl. This should improve speed of CA related operations too. https://fedorahosted.org/freeipa/ticket/5538 Reviewed-By: Christian Heimes <cheimes@redhat.com>
2016-01-18 10:19:08 -06:00
add:nsslapd-exclude-suffix: o=ipaca
Enable Retro Changelog and Content Synchronization DS plugins Enable Retro Changelog and Content Synchronization DS plugins which are required for SyncRepl support. Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+. https://fedorahosted.org/freeipa/ticket/3967
2013-10-25 05:41:25 -05:00
Limit memberOf and refInt DS plugins to main IPA suffix. This drastically improves performance of retro changelog trimming. https://fedorahosted.org/freeipa/ticket/3967
2014-01-23 05:22:38 -06:00
# Keep memberOf and referential integrity plugins away from cn=changelog.
# It is necessary for performance reasons because we don't have appropriate
# indices for cn=changelog.
dn: cn=MemberOf Plugin,cn=plugins,cn=config
Server Upgrade: remove CSV from upgrade files CSV values are not supported in upgrade files anymore Instead of add:attribute: 'first, part', second please use add:attribute: firts, part add:attribute: second Required for ticket: https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-04-16 08:27:12 -05:00
add:memberofentryscope: $SUFFIX
add:memberofentryscopeexcludesubtree: cn=provisioning,$SUFFIX
Limit memberOf and refInt DS plugins to main IPA suffix. This drastically improves performance of retro changelog trimming. https://fedorahosted.org/freeipa/ticket/3967
2014-01-23 05:22:38 -06:00
dn: cn=referential integrity postoperation,cn=plugins,cn=config
Server Upgrade: remove CSV from upgrade files CSV values are not supported in upgrade files anymore Instead of add:attribute: 'first, part', second please use add:attribute: firts, part add:attribute: second Required for ticket: https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-04-16 08:27:12 -05:00
add:nsslapd-plugincontainerscope: $SUFFIX
add:nsslapd-pluginentryscope: $SUFFIX
add:nsslapd-pluginExcludeEntryScope: cn=provisioning,$SUFFIX
Limit memberOf and refInt DS plugins to main IPA suffix. This drastically improves performance of retro changelog trimming. https://fedorahosted.org/freeipa/ticket/3967
2014-01-23 05:22:38 -06:00
Enable Retro Changelog and Content Synchronization DS plugins Enable Retro Changelog and Content Synchronization DS plugins which are required for SyncRepl support. Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+. https://fedorahosted.org/freeipa/ticket/3967
2013-10-25 05:41:25 -05:00
# Enable SyncRepl
dn: cn=Content Synchronization,cn=plugins,cn=config
only:nsslapd-pluginEnabled: on
User Life Cycle: create containers and scoping DS plugins User Life Cycle is designed http://www.freeipa.org/page/V4/User_Life-Cycle_Management It manages 3 containers (Staging, Active, Delete). At install/upgrade Delete and Staging containers needs to be created. Active: cn=users,cn=accounts,$SUFFIX Delete: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX Stage: cn=staged users ,cn=accounts,cn=provisioning,$SUFFIX Plugins scopes: krbPrincipalName, krbCanonicalName, ipaUniqueID, uid: cn=accounts,SUFFIX cn=deleted users,cn=accounts,cn=provisioning,SUFFIX DNA: cn=accounts,SUFFIX Plugins exclude subtree: IPA UUID, Referential Integrity, memberOf: cn=provisioning,SUFFIX https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-08-07 09:29:02 -05:00
# Make sure IPA UUID does not generate ipaUniqueID for Stage/Delete entries
dn: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config
Server Upgrade: remove CSV from upgrade files CSV values are not supported in upgrade files anymore Instead of add:attribute: 'first, part', second please use add:attribute: firts, part add:attribute: second Required for ticket: https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-04-16 08:27:12 -05:00
add:ipaUuidExcludeSubtree: cn=provisioning,$SUFFIX
Reference in New Issue Copy Permalink