From 20b1e0a75ec832d906e7f66d2b306aabdce03901 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 23 Nov 2010 10:35:49 -0500 Subject: [PATCH] Enable EntryUSN plugin by default, with global scope This will allow clients to use entryusn values to track what changed in the directory regardles of replication delays. Fixes: https://fedorahosted.org/freeipa/ticket/526 --- install/share/Makefile.am | 1 + install/share/entryusn.ldif | 10 ++++++++++ ipaserver/install/dsinstance.py | 4 ++++ ipaserver/install/replication.py | 2 +- 4 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 install/share/entryusn.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 1e71ae804..c7e1c5c5a 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -45,6 +45,7 @@ app_DATA = \ user_private_groups.ldif \ uuid-ipauniqueid.ldif \ modrdn-krbprinc.ldif \ + entryusn.ldif \ $(NULL) EXTRA_DIST = \ diff --git a/install/share/entryusn.ldif b/install/share/entryusn.ldif new file mode 100644 index 000000000..51f9fc6eb --- /dev/null +++ b/install/share/entryusn.ldif @@ -0,0 +1,10 @@ +dn: cn=config +changetype: modify +replace: nsslapd-entryusn-global +nsslapd-entryusn-global: on + +dn: cn=USN,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index ed60c6f8b..d4f0683c0 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -219,6 +219,7 @@ class DsInstance(service.Service): self.step("configuring uniqueness plugin", self.__set_unique_attrs) self.step("configuring uuid plugin", self.__config_uuid_module) self.step("configuring modrdn plugin", self.__config_modrdn_module) + self.step("enabling entryUSN plugin", self.__enable_entryusn) self.step("creating indices", self.__create_indices) self.step("configuring ssl for ds instance", self.__enable_ssl) self.step("configuring certmap.conf", self.__certmap_conf) @@ -357,6 +358,9 @@ class DsInstance(service.Service): # TODO: roll back here? logging.critical("Failed to restart the directory server. See the installation log for details.") + def __enable_entryusn(self): + self._ldap_mod("entryusn.ldif") + def __add_memberof_module(self): self._ldap_mod("memberof-conf.ldif") diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 7b4e903b4..340a82ef3 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -341,7 +341,7 @@ class ReplicationManager: port = kargs.get("port", PORT) # List of attributes that need to be excluded from replication. - excludes = ('memberof', + excludes = ('memberof', 'entryusn', 'krblastsuccessfulauth', 'krblastfailedauth', 'krbloginfailedcount')