On Mon, 25 Jun 2012, Sumit Bose wrote:

this patch added support to automatically create SIDs for local objects
as described in ticket https://fedorahosted.org/freeipa/ticket/2825.

The post-operation plugin adds the SID and if necessary the needed
objectclass for a newly created object.

Works for me in tests.

The directory server task can you used to set SID to existing objects in
one run. Since there were concerns about the amount of replication
traffic this task accepts a parameter 'delay' to let the task pause for
the given number of micro-seconds after an object was changed. I also do
not start the task during ipa-adtrust-install to allow to run the task
at a more appropriate time. I wonder if it is ok to just have an ldif
file as example and explain in the docs how to start the task with
ldapmodify or if a tighter integration is needed. Typically this task
should be called only once after ipa-adtrust-install.
We probably would need to make something like 'ipa-task-manage' that
would allow listing, enabling, scheduling, and disabling all supported

Something to work on once we have refactored installer/tools
infrastructure in 3.1?

/ Alexander Bokovoy

Freeipa-devel mailing list

Reply via email to