IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-28 18:01:23 -06:00
Code Issues Packages Projects Releases Wiki Activity
356059e07d
freeipa/install/updates/10-uniqueness.update
Thierry bordaz (tbordaz) 04ea75a7a5 User Life Cycle: create containers and scoping DS plugins 
User Life Cycle is designed http://www.freeipa.org/page/V4/User_Life-Cycle_Management
It manages 3 containers (Staging, Active, Delete). At install/upgrade Delete and Staging
containers needs to be created.
		Active: cn=users,cn=accounts,$SUFFIX
		Delete: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
		Stage:  cn=staged users ,cn=accounts,cn=provisioning,$SUFFIX

Plugins scopes:
		krbPrincipalName, krbCanonicalName, ipaUniqueID, uid:
			cn=accounts,SUFFIX
			cn=deleted users,cn=accounts,cn=provisioning,SUFFIX
		DNA:
			cn=accounts,SUFFIX

		Plugins exclude subtree:
		IPA UUID, Referential Integrity, memberOf:
			cn=provisioning,SUFFIX

https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-08-19 09:48:20 +02:00

77 lines
3.2 KiB
Plaintext
Raw Blame History

dn: cn=sudorule name uniqueness,cn=plugins,cn=config
default:objectClass: top
default:objectClass: nsSlapdPlugin
default:objectClass: extensibleObject
default:cn: sudorule name uniqueness
default:nsslapd-pluginDescription: Enforce unique attribute values
default:nsslapd-pluginPath: libattr-unique-plugin
default:nsslapd-pluginInitfunc: NSUniqueAttr_Init
default:nsslapd-pluginType: preoperation
default:nsslapd-pluginEnabled: on
default:nsslapd-pluginarg0: cn
default:nsslapd-pluginarg1: cn=sudorules,cn=sudo,$SUFFIX
default:nsslapd-plugin-depends-on-type: database
default:nsslapd-pluginId: NSUniqueAttr
default:nsslapd-pluginVersion: 1.1.0
default:nsslapd-pluginVendor: Fedora Project
dn: cn=certificate store subject uniqueness,cn=plugins,cn=config
default:objectClass: top
default:objectClass: nsSlapdPlugin
default:objectClass: extensibleObject
default:cn: certificate store subject uniqueness
default:nsslapd-pluginDescription: Enforce unique attribute values
default:nsslapd-pluginPath: libattr-unique-plugin
default:nsslapd-pluginInitfunc: NSUniqueAttr_Init
default:nsslapd-pluginType: preoperation
default:nsslapd-pluginEnabled: on
default:nsslapd-pluginarg0: ipaCertSubject
default:nsslapd-pluginarg1: cn=certificates,cn=ipa,cn=etc,$SUFFIX
default:nsslapd-plugin-depends-on-type: database
default:nsslapd-pluginId: NSUniqueAttr
default:nsslapd-pluginVersion: 1.1.0
default:nsslapd-pluginVendor: Fedora Project
dn: cn=certificate store issuer/serial uniqueness,cn=plugins,cn=config
default:objectClass: top
default:objectClass: nsSlapdPlugin
default:objectClass: extensibleObject
default:cn: certificate store issuer/serial uniqueness
default:nsslapd-pluginDescription: Enforce unique attribute values
default:nsslapd-pluginPath: libattr-unique-plugin
default:nsslapd-pluginInitfunc: NSUniqueAttr_Init
default:nsslapd-pluginType: preoperation
default:nsslapd-pluginEnabled: on
default:nsslapd-pluginarg0: ipaCertIssuerSerial
default:nsslapd-pluginarg1: cn=certificates,cn=ipa,cn=etc,$SUFFIX
default:nsslapd-plugin-depends-on-type: database
default:nsslapd-pluginId: NSUniqueAttr
default:nsslapd-pluginVersion: 1.1.0
default:nsslapd-pluginVendor: Fedora Project
# uid uniqueness scopes Active/Delete containers
dn: cn=attribute uniqueness,cn=plugins,cn=config
remove:nsslapd-pluginarg1:'$SUFFIX'
add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
remove:nsslapd-pluginenabled:off
add:nsslapd-pluginenabled:on
# krbPrincipalName uniqueness scopes Active/Delete containers
dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config
remove:nsslapd-pluginarg1:'$SUFFIX'
add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
# krbCanonicalName uniqueness scopes Active/Delete containers
dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config
remove:nsslapd-pluginarg1:'$SUFFIX'
add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
# ipaUniqueID uniqueness scopes Active/Delete containers
dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config
remove:nsslapd-pluginarg1:'$SUFFIX'
add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
Reference in New Issue View Git Blame Copy Permalink