mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-28 01:41:14 -06:00
83549087b5
We need to set uidNumber and gidNumber to the magic values so that DNA can assign appropriate Ids, otherwise the synchronization of users from AD will fail with an error about posixAccount requiring a missing (uidNumber) attribute. Fixes: https://fedorahosted.org/freeipa/ticket/1020
31 lines
1.2 KiB
Plaintext
31 lines
1.2 KiB
Plaintext
dn: cn=ipa-winsync,cn=plugins,cn=config
|
|
changetype: add
|
|
objectclass: top
|
|
objectclass: nsSlapdPlugin
|
|
objectclass: extensibleObject
|
|
cn: ipa-winsync
|
|
nsslapd-pluginpath: libipa_winsync
|
|
nsslapd-plugininitfunc: ipa_winsync_plugin_init
|
|
nsslapd-pluginDescription: Allows IPA to work with the DS windows sync feature
|
|
nsslapd-pluginid: ipa-winsync
|
|
nsslapd-pluginversion: 1.0
|
|
nsslapd-pluginvendor: Red Hat
|
|
nsslapd-plugintype: preoperation
|
|
nsslapd-pluginenabled: on
|
|
nsslapd-plugin-depends-on-type: database
|
|
ipaWinSyncRealmFilter: (objectclass=krbRealmContainer)
|
|
ipaWinSyncRealmAttr: cn
|
|
ipaWinSyncNewEntryFilter: (cn=ipaConfig)
|
|
ipaWinSyncNewUserOCAttr: ipauserobjectclasses
|
|
ipaWinSyncUserFlatten: true
|
|
ipaWinsyncHomeDirAttr: ipaHomesRootDir
|
|
ipaWinsyncLoginShellAttr: ipaDefaultLoginShell
|
|
ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup
|
|
ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
|
|
ipaWinSyncAcctDisable: both
|
|
ipaWinSyncInactivatedFilter: (&(cn=inactivated)(objectclass=groupOfNames))
|
|
ipaWinSyncActivatedFilter: (&(cn=activated)(objectclass=groupOfNames))
|
|
ipaWinSyncForceSync: true
|
|
ipaWinSyncUserAttr: uidNumber 999
|
|
ipaWinSyncUserAttr: gidNumber 999
|