2008-09-10 14:56:11 -05:00
|
|
|
NULL =
|
|
|
|
|
|
|
|
appdir = $(IPA_DATA_DIR)/updates
|
|
|
|
app_DATA = \
|
2011-05-19 21:30:53 -05:00
|
|
|
10-config.update \
|
2012-11-15 20:38:26 -06:00
|
|
|
10-enable-betxn.update \
|
2012-02-09 15:52:07 -06:00
|
|
|
10-selinuxusermap.update \
|
2014-07-01 19:55:01 -05:00
|
|
|
10-rootdse.update \
|
2012-09-13 14:11:57 -05:00
|
|
|
10-uniqueness.update \
|
2013-04-11 12:24:46 -05:00
|
|
|
10-schema_compat.update \
|
Move Managed Entries into their own container in the replicated space.
Repoint cn=Managed Entries,cn=plugins,cn=config in common_setup
Create: cn=Managed Entries,cn=etc,$SUFFIX
Create: cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX
Create: cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
Create method for dynamically migrating any and all custom Managed Entries
from the cn=config space into the new container.
Separate the connection creation during update so that a restart can
be performed to initialize changes before performing a delete.
Add wait_for_open_socket() method in installutils
https://fedorahosted.org/freeipa/ticket/1708
2011-09-08 14:07:26 -05:00
|
|
|
19-managed-entries.update \
|
2011-02-17 16:19:24 -06:00
|
|
|
20-aci.update \
|
2009-03-23 14:20:43 -05:00
|
|
|
20-dna.update \
|
2011-05-18 14:12:22 -05:00
|
|
|
20-host_nis_groups.update \
|
2009-03-23 14:20:43 -05:00
|
|
|
20-indices.update \
|
|
|
|
20-nss_ldap.update \
|
|
|
|
20-replication.update \
|
2014-09-12 05:43:31 -05:00
|
|
|
20-sslciphers.update \
|
2013-10-25 05:41:25 -05:00
|
|
|
20-syncrepl.update \
|
2011-05-18 14:12:22 -05:00
|
|
|
20-user_private_groups.update \
|
2009-03-23 14:20:43 -05:00
|
|
|
20-winsync_index.update \
|
2011-02-28 16:35:44 -06:00
|
|
|
21-replicas_container.update \
|
2012-07-11 14:51:01 -05:00
|
|
|
21-ca_renewal_container.update \
|
2014-06-10 07:05:22 -05:00
|
|
|
21-certstore_container.update \
|
Expand Referential Integrity checks
Many attributes in IPA (e.g. manager, memberuser, managedby, ...)
are used to store DNs of linked objects in IPA (users, hosts, sudo
commands, etc.). However, when the linked objects is deleted or
renamed, the attribute pointing to it stays with the objects and
thus may create a dangling link causing issues in client software
reading the data.
Directory Server has a plugin to enforce referential integrity (RI)
by checking DEL and MODRDN operations and updating affected links.
It was already used for manager and secretary attributes and
should be expanded for the missing attributes to avoid dangling
links.
As a prerequisite, all attributes checked for RI must have pres
and eq indexes to avoid performance issues. Thus, the following
indexes are added:
* manager (pres index only)
* secretary (pres index only)
* memberHost
* memberUser
* sourcehost
* memberservice
* managedby
* memberallowcmd
* memberdenycmd
* ipasudorunas
* ipasudorunasgroup
Referential Integrity plugin is updated to enforce RI for all these
attributes. Unit tests covering RI checks for all these attributes
were added as well.
Note: this update will only fix RI on one master as RI plugin does
not check replicated operations.
https://fedorahosted.org/freeipa/ticket/2866
2012-09-12 03:00:35 -05:00
|
|
|
25-referint.update \
|
User Life Cycle: create containers and scoping DS plugins
User Life Cycle is designed http://www.freeipa.org/page/V4/User_Life-Cycle_Management
It manages 3 containers (Staging, Active, Delete). At install/upgrade Delete and Staging
containers needs to be created.
Active: cn=users,cn=accounts,$SUFFIX
Delete: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
Stage: cn=staged users ,cn=accounts,cn=provisioning,$SUFFIX
Plugins scopes:
krbPrincipalName, krbCanonicalName, ipaUniqueID, uid:
cn=accounts,SUFFIX
cn=deleted users,cn=accounts,cn=provisioning,SUFFIX
DNA:
cn=accounts,SUFFIX
Plugins exclude subtree:
IPA UUID, Referential Integrity, memberOf:
cn=provisioning,SUFFIX
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-08-07 09:29:02 -05:00
|
|
|
30-provisioning.update \
|
2012-01-10 21:39:26 -06:00
|
|
|
30-s4u2proxy.update \
|
2011-02-11 15:48:59 -06:00
|
|
|
40-delegation.update \
|
2013-02-12 09:50:00 -06:00
|
|
|
40-realm_domains.update \
|
2012-09-17 10:45:42 -05:00
|
|
|
40-replication.update \
|
2011-10-05 16:16:05 -05:00
|
|
|
40-dns.update \
|
2011-10-17 06:56:21 -05:00
|
|
|
40-automember.update \
|
2013-04-11 12:24:46 -05:00
|
|
|
40-otp.update \
|
2011-02-22 08:21:14 -06:00
|
|
|
45-roles.update \
|
2013-06-03 02:56:08 -05:00
|
|
|
50-7_bit_check.update \
|
2014-03-13 02:25:11 -05:00
|
|
|
50-dogtag10-migration.update \
|
2011-04-14 13:37:45 -05:00
|
|
|
50-lockout-policy.update \
|
|
|
|
50-groupuuid.update \
|
2011-08-24 16:28:22 -05:00
|
|
|
50-hbacservice.update \
|
2013-07-12 10:28:20 -05:00
|
|
|
50-krbenctypes.update \
|
2011-10-26 16:42:59 -05:00
|
|
|
50-nis.update \
|
2011-11-23 15:59:21 -06:00
|
|
|
50-ipaconfig.update \
|
2011-12-08 03:04:09 -06:00
|
|
|
55-pbacmemberof.update \
|
2012-02-28 05:22:49 -06:00
|
|
|
60-trusts.update \
|
|
|
|
61-trusts-s4u2proxy.update \
|
2012-06-12 04:58:41 -05:00
|
|
|
62-ranges.update \
|
2014-07-31 04:52:04 -05:00
|
|
|
71-idviews.update \
|
2008-09-10 14:56:11 -05:00
|
|
|
$(NULL)
|
|
|
|
|
|
|
|
EXTRA_DIST = \
|
|
|
|
$(app_DATA) \
|
|
|
|
$(NULL)
|
|
|
|
|
|
|
|
MAINTAINERCLEANFILES = \
|
|
|
|
*~ \
|
|
|
|
Makefile.in
|