ipa-modrdn: Enable plugin to handle krbPrincipalName on renames

install/share/Makefile.am

@@ -41,6 +41,7 @@ app_DATA =				\
 	wsgi.py				\
 	user_private_groups.ldif	\
 	uuid-ipauniqueid.ldif		\
+	modrdn-krbprinc.ldif		\
 	$(NULL)
 
 EXTRA_DIST =				\

install/share/modrdn-krbprinc.ldif

@@ -0,0 +1,11 @@
+# add plugin configuration for ipauniqueid
+dn: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config
+changetype: add
+objectclass: top
+objectclass: extensibleObject
+cn: Kerberos Principal Name
+ipaModRDNsourceAttr: uid
+ipaModRDNtargetAttr: krbPrincipalName
+ipaModRDNsuffix: @$REALM
+ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
+ipaModRDNscope: $SUFFIX

ipaserver/install/dsinstance.py

@@ -213,6 +213,7 @@ class DsInstance(service.Service):
         self.step("enabling ldapi", self.__enable_ldapi)
         self.step("configuring uniqueness plugin", self.__set_unique_attrs)
         self.step("configuring uuid plugin", self.__config_uuid_module)
+        self.step("configuring modrdn plugin", self.__config_modrdn_module)
         self.step("creating indices", self.__create_indices)
         self.step("configuring ssl for ds instance", self.__enable_ssl)
         self.step("configuring certmap.conf", self.__certmap_conf)
@@ -390,6 +391,10 @@ class DsInstance(service.Service):
         self._ldap_mod("uuid-conf.ldif")
         self._ldap_mod("uuid-ipauniqueid.ldif", self.sub_dict)
 
+    def __config_modrdn_module(self):
+        self._ldap_mod("modrdn-conf.ldif")
+        self._ldap_mod("modrdn-krbprinc.ldif", self.sub_dict)
+
     def __user_private_groups(self):
         if has_managed_entries(self.fqdn, self.dm_password):
             self._ldap_mod("user_private_groups.ldif", self.sub_dict)