mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
04ea75a7a5
User Life Cycle is designed http://www.freeipa.org/page/V4/User_Life-Cycle_Management It manages 3 containers (Staging, Active, Delete). At install/upgrade Delete and Staging containers needs to be created. Active: cn=users,cn=accounts,$SUFFIX Delete: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX Stage: cn=staged users ,cn=accounts,cn=provisioning,$SUFFIX Plugins scopes: krbPrincipalName, krbCanonicalName, ipaUniqueID, uid: cn=accounts,SUFFIX cn=deleted users,cn=accounts,cn=provisioning,SUFFIX DNA: cn=accounts,SUFFIX Plugins exclude subtree: IPA UUID, Referential Integrity, memberOf: cn=provisioning,SUFFIX https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
27 lines
1.1 KiB
Plaintext
27 lines
1.1 KiB
Plaintext
# Enable Retro changelog - it is necessary for SyncRepl
|
|
dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
|
|
only:nsslapd-pluginEnabled: on
|
|
# Remember original nsuniqueid for objects referenced from cn=changelog
|
|
add:nsslapd-attribute: nsuniqueid:targetUniqueId
|
|
add:nsslapd-changelogmaxage: 2d
|
|
|
|
# Keep memberOf and referential integrity plugins away from cn=changelog.
|
|
# It is necessary for performance reasons because we don't have appropriate
|
|
# indices for cn=changelog.
|
|
dn: cn=MemberOf Plugin,cn=plugins,cn=config
|
|
add:memberofentryscope: '$SUFFIX'
|
|
add:memberofentryscopeexcludesubtree: 'cn=provisioning,$SUFFIX'
|
|
|
|
dn: cn=referential integrity postoperation,cn=plugins,cn=config
|
|
add:nsslapd-plugincontainerscope: '$SUFFIX'
|
|
add:nsslapd-pluginentryscope: '$SUFFIX'
|
|
add:nsslapd-pluginExcludeEntryScope: 'cn=provisioning,$SUFFIX'
|
|
|
|
# Enable SyncRepl
|
|
dn: cn=Content Synchronization,cn=plugins,cn=config
|
|
only:nsslapd-pluginEnabled: on
|
|
|
|
# Make sure IPA UUID does not generate ipaUniqueID for Stage/Delete entries
|
|
dn: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config
|
|
add:ipaUuidExcludeSubtree: 'cn=provisioning,$SUFFIX'
|