freeipa/install/updates/20-replication.update

#
# Counter used to store the next replica id
#
# Start at 3 to avoid conflicts with v1.0 replica ids. The value itself
# isn't important but each replica needs a unique id.
dn: cn=replication,cn=etc,$SUFFIX
default: objectclass: nsDS5Replica
default: nsDS5ReplicaId: 3
default: nsDS5ReplicaRoot: $SUFFIX

# Group containing replication bind dns
dn: cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX
default: objectclass: top
default: objectclass: groupofnames
default: cn: replication managers
add: member: krbprincipalname=ldap/$FQDN@$REALM,cn=services,cn=accounts,$SUFFIX

# Topology configuration container
dn: cn=topology,cn=ipa,cn=etc,$SUFFIX
default: objectclass: top
default: objectclass: nsContainer
default: cn: topology

# Default topology configuration area
dn: cn=domain,cn=topology,cn=ipa,cn=etc,$SUFFIX
default: objectclass: top
default: objectclass: iparepltopoconf
default: ipaReplTopoConfRoot: $SUFFIX
default: cn: domain
add: nsDS5ReplicatedAttributeList: $EXCLUDES
add: nsDS5ReplicatedAttributeListTotal: $TOTAL_EXCLUDES
add: nsds5ReplicaStripAttrs: $STRIP_ATTRS

# Remove old topology configuration area (unused)
dn: cn=realm,cn=topology,cn=ipa,cn=etc,$SUFFIX
deleteentry: cn=realm,cn=topology,cn=ipa,cn=etc,$SUFFIX

# add IPA realm managed suffix to master entry
dn: cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
add: objectclass: ipaReplTopoManagedServer
add: ipaReplTopoManagedSuffix: $SUFFIX

# Enable Topology Plugin
dn: cn=IPA Topology Configuration,cn=plugins,cn=config
default: changetype: add
default: objectClass: top
default: objectClass: nsSlapdPlugin
default: objectClass: extensibleObject
default: cn: IPA Topology Configuration
default: nsslapd-pluginPath: libtopology
default: nsslapd-pluginInitfunc: ipa_topo_init
default: nsslapd-pluginType: object
default: nsslapd-pluginEnabled: on
default: nsslapd-topo-plugin-shared-config-base: cn=ipa,cn=etc,$SUFFIX
default: nsslapd-topo-plugin-shared-replica-root: $SUFFIX
default: nsslapd-topo-plugin-shared-replica-root: o=ipaca
default: nsslapd-topo-plugin-shared-binddngroup: cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX
default: nsslapd-topo-plugin-startup-delay: 20
default: nsslapd-pluginId: none
default: nsslapd-plugin-depends-on-named: ldbm database
default: nsslapd-plugin-depends-on-named: Multimaster Replication Plugin
default: nsslapd-pluginVersion: 1.0
default: nsslapd-pluginVendor: none
default: nsslapd-pluginDescription: none

# Set replication changelog limit (#5086)
dn: cn=changelog5,cn=config
addifnew: nsslapd-changelogmaxage: 7d