mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
fff31ca220
Configure IPA so that topology plugin will manage also CA replication agreements. upgrades if CA is congigured: - ipaca suffix is added to cn=topology,cn=ipa,cn=etc,$SUFFIX - ipaReplTopoManagedSuffix: o=ipaca is added to master entry - binddngroup is added to o=ipaca replica entry Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
16 lines
562 B
Plaintext
16 lines
562 B
Plaintext
# add IPA CA managed suffix to master entry
|
|
dn: cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
|
|
add: objectclass: ipaReplTopoManagedServer
|
|
add: ipaReplTopoManagedSuffix: o=ipaca
|
|
|
|
# add IPA CA topology configuration area
|
|
dn: cn=ipaca,cn=topology,cn=ipa,cn=etc,$SUFFIX
|
|
default: objectclass: top
|
|
default: objectclass: iparepltopoconf
|
|
default: ipaReplTopoConfRoot: o=ipaca
|
|
default: cn: ipaca
|
|
|
|
# Update CA replication settings
|
|
dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
|
|
onlyifexist: nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX
|