Fixes #440 Simo.
-- Simo Sorce * Red Hat, Inc * New York
>From 1f743fe8d420f8e7ab1392af6a8ffaa575fc5783 Mon Sep 17 00:00:00 2001 From: Simo Sorce <[email protected]> Date: Wed, 17 Nov 2010 10:41:41 -0500 Subject: [PATCH 3/3] Exclude Krb lockout attributes from replication Fixes: https://fedorahosted.org/freeipa/ticket/440 --- ipaserver/install/replication.py | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index a09fb3058e6256b8d371670278c0278da564a2d0..7b4e903b40d0217f4dfebcb6a2a505f57d9a45ff 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -340,6 +340,12 @@ class ReplicationManager: repl_man_passwd = kargs.get("bindpw", self.repl_man_passwd) port = kargs.get("port", PORT) + # List of attributes that need to be excluded from replication. + excludes = ('memberof', + 'krblastsuccessfulauth', + 'krblastfailedauth', + 'krbloginfailedcount') + entry = ipaldap.Entry(dn) entry.setValues('objectclass', "nsds5replicationagreement") entry.setValues('cn', cn) @@ -352,7 +358,8 @@ class ReplicationManager: entry.setValues('nsds5replicaroot', self.suffix) entry.setValues('nsds5replicaupdateschedule', '0000-2359 0123456') entry.setValues('nsds5replicatransportinfo', 'SSL') - entry.setValues('nsDS5ReplicatedAttributeList', '(objectclass=*) $ EXCLUDE memberOf') + entry.setValues('nsDS5ReplicatedAttributeList', + '(objectclass=*) $ EXCLUDE %s' % " ".join(excludes)) entry.setValues('description', "me to %s%d" % (b.host, port)) if iswinsync: self.setup_winsync_agmt(entry, **kargs) -- 1.7.3.2
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
