mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
dcb5c2a520
The old 'realm' topology suffix is no longer used, howver, it was being created on masters with version 4.2.3 and later. Make sure it's properly removed. Note that this is not the case for the 'ipaca' suffix, whic was later removed to 'ca'. https://fedorahosted.org/freeipa/ticket/5526 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
69 lines
2.5 KiB
Plaintext
69 lines
2.5 KiB
Plaintext
#
|
|
# Counter used to store the next replica id
|
|
#
|
|
# Start at 3 to avoid conflicts with v1.0 replica ids. The value itself
|
|
# isn't important but each replica needs a unique id.
|
|
dn: cn=replication,cn=etc,$SUFFIX
|
|
default: objectclass: nsDS5Replica
|
|
default: nsDS5ReplicaId: 3
|
|
default: nsDS5ReplicaRoot: $SUFFIX
|
|
|
|
# Group containing replication bind dns
|
|
dn: cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX
|
|
default: objectclass: top
|
|
default: objectclass: groupofnames
|
|
default: cn: replication managers
|
|
add: member: krbprincipalname=ldap/$FQDN@$REALM,cn=services,cn=accounts,$SUFFIX
|
|
|
|
# Topology configuration container
|
|
dn: cn=topology,cn=ipa,cn=etc,$SUFFIX
|
|
default: objectclass: top
|
|
default: objectclass: nsContainer
|
|
default: cn: topology
|
|
|
|
# Default topology configuration area
|
|
dn: cn=domain,cn=topology,cn=ipa,cn=etc,$SUFFIX
|
|
default: objectclass: top
|
|
default: objectclass: iparepltopoconf
|
|
default: ipaReplTopoConfRoot: $SUFFIX
|
|
default: cn: domain
|
|
add: nsDS5ReplicatedAttributeList: $EXCLUDES
|
|
add: nsDS5ReplicatedAttributeListTotal: $TOTAL_EXCLUDES
|
|
add: nsds5ReplicaStripAttrs: $STRIP_ATTRS
|
|
|
|
# Remove old topology configuration area (unused)
|
|
dn: cn=realm,cn=topology,cn=ipa,cn=etc,$SUFFIX
|
|
deleteentry: cn=realm,cn=topology,cn=ipa,cn=etc,$SUFFIX
|
|
|
|
# add IPA realm managed suffix to master entry
|
|
dn: cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
|
|
add: objectclass: ipaReplTopoManagedServer
|
|
add: ipaReplTopoManagedSuffix: $SUFFIX
|
|
|
|
# Enable Topology Plugin
|
|
dn: cn=IPA Topology Configuration,cn=plugins,cn=config
|
|
default: changetype: add
|
|
default: objectClass: top
|
|
default: objectClass: nsSlapdPlugin
|
|
default: objectClass: extensibleObject
|
|
default: cn: IPA Topology Configuration
|
|
default: nsslapd-pluginPath: libtopology
|
|
default: nsslapd-pluginInitfunc: ipa_topo_init
|
|
default: nsslapd-pluginType: object
|
|
default: nsslapd-pluginEnabled: on
|
|
default: nsslapd-topo-plugin-shared-config-base: cn=ipa,cn=etc,$SUFFIX
|
|
default: nsslapd-topo-plugin-shared-replica-root: $SUFFIX
|
|
default: nsslapd-topo-plugin-shared-replica-root: o=ipaca
|
|
default: nsslapd-topo-plugin-shared-binddngroup: cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX
|
|
default: nsslapd-topo-plugin-startup-delay: 20
|
|
default: nsslapd-pluginId: none
|
|
default: nsslapd-plugin-depends-on-named: ldbm database
|
|
default: nsslapd-plugin-depends-on-named: Multimaster Replication Plugin
|
|
default: nsslapd-pluginVersion: 1.0
|
|
default: nsslapd-pluginVendor: none
|
|
default: nsslapd-pluginDescription: none
|
|
|
|
# Set replication changelog limit (#5086)
|
|
dn: cn=changelog5,cn=config
|
|
addifnew: nsslapd-changelogmaxage: 7d
|