mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
73d0d03891
Without this attribute explicitly set the replication plugin won't recognize updates from members of 'replication managers' sysaccount group, leading to stuck replica CA installation. https://fedorahosted.org/freeipa/ticket/6508 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
16 lines
569 B
Plaintext
16 lines
569 B
Plaintext
# add IPA CA managed suffix to master entry
|
|
dn: cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
|
|
add: objectclass: ipaReplTopoManagedServer
|
|
add: ipaReplTopoManagedSuffix: o=ipaca
|
|
|
|
# add IPA CA topology configuration area
|
|
dn: cn=ca,cn=topology,cn=ipa,cn=etc,$SUFFIX
|
|
default: objectclass: top
|
|
default: objectclass: iparepltopoconf
|
|
default: ipaReplTopoConfRoot: o=ipaca
|
|
default: cn: ca
|
|
|
|
dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
|
|
onlyifexist: nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX
|
|
add: nsds5replicabinddngroupcheckinterval: 60
|