freeipa/install/updates
Rob Crittenden ce50630d5e Add ACI to allow hosts to add their own services
Use wildcards and DN matching in an ACI to allow a host
that binds using GSSAPI to add a service for itself.

Set required version of 389-ds-base to 1.3.4.0 GA.

https://fedorahosted.org/freeipa/ticket/4567

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-06-29 13:41:52 +02:00
..
05-pre_upgrade_plugins.update Server Upgrade: specify order of plugins in update files 2015-04-14 19:25:47 +02:00
10-config.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
10-enable-betxn.update Enable transactions by default, make password and modrdn TXN-aware 2012-11-21 14:55:12 +01:00
10-rootdse.update Set the default attributes for RootDSE 2014-09-24 10:02:44 +02:00
10-schema_compat.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
10-selinuxusermap.update Remove schema modifications from update files 2013-11-18 16:54:21 +01:00
10-uniqueness.update Uid uniqueness: fix: exclude compat tree from uniqueness 2015-05-22 15:41:41 +02:00
19-managed-entries.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
20-aci.update Add ACI to allow hosts to add their own services 2015-06-29 13:41:52 +02:00
20-dna.update User life cycle: DNA DS plugin should exclude provisioning DIT 2015-05-18 09:37:21 +02:00
20-host_nis_groups.update Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
20-indices.update Fix indicies ntUserDomainId, ntUniqueId 2015-06-29 13:40:29 +02:00
20-nss_ldap.update Name update files so they can be easily sorted. 2009-03-25 11:03:07 -04:00
20-replication.update add entries required by topology plugin on update 2015-06-11 12:10:40 +02:00
20-sslciphers.update Update SSL ciphers configured in 389-ds-base 2014-09-12 16:42:09 +02:00
20-syncrepl.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
20-user_private_groups.update Add plugin framework to LDAP updates. 2011-11-22 23:57:10 -05:00
20-uuid.update DNSSEC: DNS key synchronization daemon 2014-10-21 12:23:03 +02:00
20-winsync_index.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
21-ca_renewal_container.update Use certmonger to renew CA subsystem certificates 2012-07-30 13:39:08 +02:00
21-certstore_container.update Add container for certificate store. 2014-07-30 16:04:21 +02:00
21-replicas_container.update Store list of non-master replicas in DIT and provide way to list them 2011-03-02 09:46:46 -05:00
25-referint.update Add CA ACL plugin 2015-06-11 10:50:31 +00:00
30-provisioning.update User life cycle: Stage user Administrators permission/priviledge 2015-05-18 09:37:21 +02:00
30-s4u2proxy.update Add S4U2Proxy delegation permissions on upgrades 2012-02-15 18:00:46 +01:00
40-automember.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
40-certprofile.update Add certprofile plugin 2015-06-04 08:27:33 +00:00
40-delegation.update Add certprofile plugin 2015-06-04 08:27:33 +00:00
40-dns.update DNS: add UnknownRecord to schema 2015-06-18 14:37:28 +02:00
40-otp.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
40-realm_domains.update Add list of domains associated to our realm to cn=etc 2013-02-19 14:15:46 +02:00
40-replication.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
41-caacl.update Add CA ACL plugin 2015-06-11 10:50:31 +00:00
45-roles.update ULC: fix: upgrade for stage Stage User Admins failed 2015-06-02 13:50:19 +00:00
50-7_bit_check.update Do not check userPassword with 7-bit plugin 2013-06-06 18:12:50 +02:00
50-dogtag10-migration.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
50-groupuuid.update The default groups we create should have ipaUniqueId set 2011-04-15 13:02:17 +02:00
50-hbacservice.update Add crond as a default HBAC service 2013-01-17 09:50:48 -05:00
50-ipaconfig.update Add support for managing user auth types 2013-11-08 12:48:15 +01:00
50-krbenctypes.update Add Camellia ciphers to allowed list. 2013-07-18 10:49:38 +03:00
50-lockout-policy.update Disallow direct modifications to enrolledBy. 2011-07-14 19:11:49 -04:00
50-nis.update Server Upgrade: create default config for NIS Server plugin 2015-06-18 17:48:36 +02:00
55-pbacmemberof.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
59-trusts-sysacount.update Upgrade: fix trusts objectclass violationi 2014-11-13 13:31:17 +01:00
60-trusts.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
61-trusts-s4u2proxy.update Server Upgrade: remove CSV from upgrade files 2015-05-11 16:08:01 +00:00
62-ranges.update Remove changetype attribute from update plugin 2014-10-17 12:02:25 +02:00
71-idviews.update idviews: Create container for ID views under cn=accounts 2014-09-30 10:42:06 +02:00
72-domainlevels.update Add Domain Level feature 2015-05-26 11:59:47 +00:00
90-post_upgrade_plugins.update Server Upgrade: specify order of plugins in update files 2015-04-14 19:25:47 +02:00
Makefile.am Add CA ACL plugin 2015-06-11 10:50:31 +00:00
README Remove schema modifications from update files 2013-11-18 16:54:21 +01:00

The update files are sorted before being processed because there are
cases where order matters (such as getting schema added first, creating
parent entries, etc).

Updates are applied in blocks of ten so that any entries that are dependant
on another can be added successfully without having to rely on the length
of the DN to get the sorting correct.

The file names should use the format #-<description>.update where # conforms
to this:

10 - 19: Configuration
20 - 29: 389-ds configuration, new indices
30 - 39: Structual elements of the DIT
40 - 49: Pre-loaded data
50 - 59: Cleanup existing data
60 - 69: AD Trust
70 - 79: Reserved
80 - 89: Reserved

These numbers aren't absolute, there may be reasons to put an update
into one place or another, but by adhereing to the scheme it will be
easier to find existing updates and know where to put new ones.