freeipa/install
Fraser Tweedale 0e9ce73a52 Add uniqueness constraint on CA ACL name
It is possible to add caacl entries with same "name" (cn).  The
command is supposed to prevent this but direct LDAP operations allow
it and doing that will cause subsequent errors.

Enable the DS uniqueness constraint plugin for the cn attribute in
CA ACL entries.

Fixes: https://pagure.io/freeipa/issue/7304
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-12-12 14:36:44 +01:00
..
certmonger ipa-cacert-manage renew: switch from ext-signed CA to self-signed 2017-10-18 12:34:03 +02:00
conf Require UTF-8 fs encoding 2017-11-21 16:13:28 +01:00
html Address more 'to login' 2017-12-12 12:53:21 +01:00
migration logging: do not log into the root logger 2017-07-14 15:55:59 +02:00
oddjob wsgi, oddjob: remove needless uses of Env 2017-07-14 15:55:59 +02:00
restart_scripts renew_ra_cert: fix update of IPA RA user entry 2017-12-07 17:28:12 +01:00
share Require UTF-8 fs encoding 2017-11-21 16:13:28 +01:00
tools Run server upgrade in ipactl start/restart 2017-12-12 12:08:35 +01:00
ui More log in verbs 2017-12-12 12:53:21 +01:00
updates Add uniqueness constraint on CA ACL name 2017-12-12 14:36:44 +01:00
wsgi logging: do not log into the root logger 2017-07-14 15:55:59 +02:00
Makefile.am Configure HTTPD to work via Gss-Proxy 2017-02-15 07:13:37 +01:00
README.schema Add some basic rules for adding new schema 2010-08-27 13:40:37 -04:00

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.