mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-28 01:41:14 -06:00
54a91c3ed3
CA and DS have issues with Retro Changelog plugin. CA subtree should be excluded from syncrepl. This should improve speed of CA related operations too. https://fedorahosted.org/freeipa/ticket/5538 Reviewed-By: Christian Heimes <cheimes@redhat.com>
28 lines
1.1 KiB
Plaintext
28 lines
1.1 KiB
Plaintext
# Enable Retro changelog - it is necessary for SyncRepl
|
|
dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
|
|
only:nsslapd-pluginEnabled: on
|
|
# Remember original nsuniqueid for objects referenced from cn=changelog
|
|
add:nsslapd-attribute: nsuniqueid:targetUniqueId
|
|
add:nsslapd-changelogmaxage: 2d
|
|
add:nsslapd-exclude-suffix: o=ipaca
|
|
|
|
# Keep memberOf and referential integrity plugins away from cn=changelog.
|
|
# It is necessary for performance reasons because we don't have appropriate
|
|
# indices for cn=changelog.
|
|
dn: cn=MemberOf Plugin,cn=plugins,cn=config
|
|
add:memberofentryscope: $SUFFIX
|
|
add:memberofentryscopeexcludesubtree: cn=provisioning,$SUFFIX
|
|
|
|
dn: cn=referential integrity postoperation,cn=plugins,cn=config
|
|
add:nsslapd-plugincontainerscope: $SUFFIX
|
|
add:nsslapd-pluginentryscope: $SUFFIX
|
|
add:nsslapd-pluginExcludeEntryScope: cn=provisioning,$SUFFIX
|
|
|
|
# Enable SyncRepl
|
|
dn: cn=Content Synchronization,cn=plugins,cn=config
|
|
only:nsslapd-pluginEnabled: on
|
|
|
|
# Make sure IPA UUID does not generate ipaUniqueID for Stage/Delete entries
|
|
dn: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config
|
|
add:ipaUuidExcludeSubtree: cn=provisioning,$SUFFIX
|