Update S4U2proxy delegation list when creating replicas

install/share/Makefile.am

@@ -54,6 +54,7 @@ app_DATA =				\
 	sudobind.ldif			\
 	automember.ldif			\
 	replica-automember.ldif		\
+	replica-s4u2proxy.ldif		\
 	$(NULL)
 
 EXTRA_DIST =				\

install/share/replica-s4u2proxy.ldif

@@ -0,0 +1,9 @@
+dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX
+changetype: modify
+add: memberPrincipal
+memberPrincipal: HTTP/$FQDN@$REALM
+
+dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
+changetype: modify
+add: memberPrincipal
+memberPrincipal: ldap/$FQDN@$REALM

install/updates/30-s4u2proxy.update

@@ -9,7 +9,7 @@ default: objectClass: groupOfPrincipals
 default: objectClass: top
 default: cn: ipa-http-delegation
 default: memberPrincipal: HTTP/$FQDN@$REALM
-default: ipaAllowedTarget: 'cn=ipa-ldap-delegation-targets,cn=etc,$SUFFIX'
+default: ipaAllowedTarget: 'cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX'
 
 dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
 default: objectClass: groupOfPrincipals

ipaserver/install/dsinstance.py

@@ -247,6 +247,7 @@ class DsInstance(service.Service):
         self.step("adding replication acis", self.__add_replication_acis)
         # See LDIFs for automember configuration during replica install
         self.step("setting Auto Member configuration", self.__add_replica_automember_config)
+        self.step("enabling S4U2Proxy delegation", self.__setup_s4u2proxy)
 
         self.__common_post_setup()
 
@@ -544,6 +545,9 @@ class DsInstance(service.Service):
     def __add_replication_acis(self):
         self._ldap_mod("replica-acis.ldif", self.sub_dict)
 
+    def __setup_s4u2proxy(self):
+        self._ldap_mod("replica-s4u2proxy.ldif", self.sub_dict)
+
     def __create_indices(self):
         self._ldap_mod("indices.ldif")