This patch enables the entryUSN plugin by default at install time. EntryUSN numbers are ususful fro clients that want to track newest objects w/o having to care about timestamps dated in the past and replicated by other masters. EntrUSN numbers are valid only in the context of a single server, as each master in the domain keeps its own entryUSN numbers.
Fixes 526 Simo. -- Simo Sorce * Red Hat, Inc * New York
>From f9b8b428833febea1b71de7fb751eff7d86ed82e Mon Sep 17 00:00:00 2001 From: Simo Sorce <sso...@redhat.com> Date: Tue, 23 Nov 2010 10:35:49 -0500 Subject: [PATCH] Enable EntryUSN plugin by default, with global scope This will allow clients to use entryusn values to track what changed in the directory regardles of replication delays. Fixes: https://fedorahosted.org/freeipa/ticket/526 --- install/share/Makefile.am | 1 + install/share/entryusn.ldif | 10 ++++++++++ ipaserver/install/dsinstance.py | 4 ++++ ipaserver/install/replication.py | 2 +- 4 files changed, 16 insertions(+), 1 deletions(-) create mode 100644 install/share/entryusn.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 1e71ae804fe2fde659c69c4341768a8230c2f487..c7e1c5c5a25d42cb1a0fb8cc9aac99e36856700a 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -45,6 +45,7 @@ app_DATA = \ user_private_groups.ldif \ uuid-ipauniqueid.ldif \ modrdn-krbprinc.ldif \ + entryusn.ldif \ $(NULL) EXTRA_DIST = \ diff --git a/install/share/entryusn.ldif b/install/share/entryusn.ldif new file mode 100644 index 0000000000000000000000000000000000000000..51f9fc6eb5fb7dc070f3e91fe432410d654c8fe1 --- /dev/null +++ b/install/share/entryusn.ldif @@ -0,0 +1,10 @@ +dn: cn=config +changetype: modify +replace: nsslapd-entryusn-global +nsslapd-entryusn-global: on + +dn: cn=USN,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 15847625771630782de23d654dc742d54f564265..600f0dd5d44a3827bdbdc619a28c4e690f6dc5cb 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -220,6 +220,7 @@ class DsInstance(service.Service): self.step("configuring uniqueness plugin", self.__set_unique_attrs) self.step("configuring uuid plugin", self.__config_uuid_module) self.step("configuring modrdn plugin", self.__config_modrdn_module) + self.step("enabling entryUSN plugin", self.__enable_entryusn) self.step("creating indices", self.__create_indices) self.step("configuring ssl for ds instance", self.__enable_ssl) self.step("configuring certmap.conf", self.__certmap_conf) @@ -357,6 +358,9 @@ class DsInstance(service.Service): # TODO: roll back here? logging.critical("Failed to restart the directory server. See the installation log for details.") + def __enable_entryusn(self): + self._ldap_mod("entryusn.ldif") + def __add_memberof_module(self): self._ldap_mod("memberof-conf.ldif") diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 7b4e903b40d0217f4dfebcb6a2a505f57d9a45ff..340a82ef33f471b92d780d258d09d6a634c9ad25 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -341,7 +341,7 @@ class ReplicationManager: port = kargs.get("port", PORT) # List of attributes that need to be excluded from replication. - excludes = ('memberof', + excludes = ('memberof', 'entryusn', 'krblastsuccessfulauth', 'krblastfailedauth', 'krbloginfailedcount') -- 1.7.3.2
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel