IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Server Upgrade: Fix uniqueness plugins

Browse Source 
Due previous changes (in master branch only) the uniqueness plugins
became misconfigured.

After this patch:
* whole $SUFFIX will be checked by unique plugins
* just staged users are exluded from check

This reverts some changes in commit
52b7101c11

Since 389-ds-base 1.3.4.a1 new attribute 'uniqueness-exclude-subtrees'
can be used.

https://fedorahosted.org/freeipa/ticket/4921

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Martin Basti 2015-05-12 18:11:07 +02:00 committed by Jan Cholasta
parent 99c0b918a7
commit fbdfd688b9
3 changed files with 15 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
freeipa.spec.in
View File

@ -34,7 +34,7 @@ Source0: freeipa-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if ! %{ONLY_CLIENT} %if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.3.3.9 BuildRequires: 389-ds-base-devel >= 1.3.4.a1
BuildRequires: svrcore-devel BuildRequires: svrcore-devel
BuildRequires: policycoreutils >= 2.1.12-5 BuildRequires: policycoreutils >= 2.1.12-5
BuildRequires: systemd-units BuildRequires: systemd-units
@ -109,7 +109,7 @@ Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release} Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release} Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release} Requires: %{name}-admintools = %{version}-%{release}
Requires: 389-ds-base >= 1.3.3.9 Requires: 389-ds-base >= 1.3.4.a1
Requires: openldap-clients > 2.4.35-4 Requires: openldap-clients > 2.4.35-4
Requires: nss >= 3.14.3-12.0 Requires: nss >= 3.14.3-12.0
Requires: nss-tools >= 3.14.3-12.0 Requires: nss-tools >= 3.14.3-12.0
@ -144,7 +144,7 @@ Requires: zip
Requires: policycoreutils >= 2.1.12-5 Requires: policycoreutils >= 2.1.12-5
Requires: tar Requires: tar
Requires(pre): certmonger >= 0.76.8 Requires(pre): certmonger >= 0.76.8
Requires(pre): 389-ds-base >= 1.3.3.9 Requires(pre): 389-ds-base >= 1.3.4.a1
Requires: fontawesome-fonts Requires: fontawesome-fonts
Requires: open-sans-fonts Requires: open-sans-fonts
Requires: openssl Requires: openssl

12
install/share/unique-attributes.ldif
View File

@ -14,8 +14,8 @@ nsslapd-pluginId: NSUniqueAttr
nsslapd-pluginVersion: 1.1.0 nsslapd-pluginVersion: 1.1.0
nsslapd-pluginVendor: Fedora Project nsslapd-pluginVendor: Fedora Project
nsslapd-pluginDescription: Enforce unique attribute values nsslapd-pluginDescription: Enforce unique attribute values
uniqueness-subtrees: cn=accounts,$SUFFIX uniqueness-subtrees: $SUFFIX
uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
uniqueness-across-all-subtrees: on uniqueness-across-all-subtrees: on
dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config
@ -34,8 +34,8 @@ nsslapd-pluginId: NSUniqueAttr
nsslapd-pluginVersion: 1.1.0 nsslapd-pluginVersion: 1.1.0
nsslapd-pluginVendor: Fedora Project nsslapd-pluginVendor: Fedora Project
nsslapd-pluginDescription: Enforce unique attribute values nsslapd-pluginDescription: Enforce unique attribute values
uniqueness-subtrees: cn=accounts,$SUFFIX uniqueness-subtrees: $SUFFIX
uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
uniqueness-across-all-subtrees: on uniqueness-across-all-subtrees: on
dn: cn=netgroup uniqueness,cn=plugins,cn=config dn: cn=netgroup uniqueness,cn=plugins,cn=config
@ -72,8 +72,8 @@ nsslapd-pluginId: NSUniqueAttr
nsslapd-pluginVersion: 1.1.0 nsslapd-pluginVersion: 1.1.0
nsslapd-pluginVendor: Fedora Project nsslapd-pluginVendor: Fedora Project
nsslapd-pluginDescription: Enforce unique attribute values nsslapd-pluginDescription: Enforce unique attribute values
uniqueness-subtrees: cn=accounts,$SUFFIX uniqueness-subtrees: $SUFFIX
uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
uniqueness-across-all-subtrees: on uniqueness-across-all-subtrees: on
dn: cn=sudorule name uniqueness,cn=plugins,cn=config dn: cn=sudorule name uniqueness,cn=plugins,cn=config

20
install/updates/10-uniqueness.update
View File

@ -59,8 +59,8 @@ default:nsslapd-pluginInitfunc: NSUniqueAttr_Init
default:nsslapd-pluginType: preoperation default:nsslapd-pluginType: preoperation
default:nsslapd-pluginEnabled: on default:nsslapd-pluginEnabled: on
default:uniqueness-attribute-name: uid default:uniqueness-attribute-name: uid
default:uniqueness-subtrees: cn=accounts,$SUFFIX default:uniqueness-subtrees: $SUFFIX
default:uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX default:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
default:uniqueness-across-all-subtrees: on default:uniqueness-across-all-subtrees: on
default:uniqueness-subtree-entries-oc: posixAccount default:uniqueness-subtree-entries-oc: posixAccount
default:nsslapd-plugin-depends-on-type: database default:nsslapd-plugin-depends-on-type: database
@ -71,30 +71,22 @@ default:nsslapd-pluginDescription: Enforce unique attribute values
# uid uniqueness scopes Active/Delete containers # uid uniqueness scopes Active/Delete containers
dn: cn=uid uniqueness,cn=plugins,cn=config dn: cn=uid uniqueness,cn=plugins,cn=config
remove:uniqueness-subtrees: $SUFFIX add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
add:uniqueness-subtrees: cn=accounts,$SUFFIX
add:uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
remove:uniqueness-across-all-subtrees: off remove:uniqueness-across-all-subtrees: off
add:uniqueness-across-all-subtrees: on add:uniqueness-across-all-subtrees: on
add:uniqueness-subtree-entries-oc: posixAccount add:uniqueness-subtree-entries-oc: posixAccount
# krbPrincipalName uniqueness scopes Active/Delete containers # krbPrincipalName uniqueness scopes Active/Delete containers
dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config
remove:uniqueness-subtrees: $SUFFIX add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
add:uniqueness-subtrees: cn=accounts,$SUFFIX
add:uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
add:uniqueness-across-all-subtrees: on add:uniqueness-across-all-subtrees: on
# krbCanonicalName uniqueness scopes Active/Delete containers # krbCanonicalName uniqueness scopes Active/Delete containers
dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config
remove:uniqueness-subtrees: $SUFFIX add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
add:uniqueness-subtrees: cn=accounts,$SUFFIX
add:uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
add:uniqueness-across-all-subtrees: on add:uniqueness-across-all-subtrees: on
# ipaUniqueID uniqueness scopes Active/Delete containers # ipaUniqueID uniqueness scopes Active/Delete containers
dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config
remove:uniqueness-subtrees: $SUFFIX add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
add:uniqueness-subtrees: cn=accounts,$SUFFIX
add:uniqueness-subtrees: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
add:uniqueness-across-all-subtrees: on add:uniqueness-across-all-subtrees: on