[Freeipa-devel] [PATCH] 0001 User Life Cycle: create containers and scoping DS plugins

Fri, 08 Aug 2014 00:25:19 -0700 

Hi,
The attached patch is a first patch related to 'User Life Cycle' (https://fedorahosted.org/freeipa/ticket/3813) 


It creates 'Stage' and 'Delete' containers and configure DS plugin to 
scope only 'Active' container or exclude 'Stage'/'Delete'


Thanks
thierry

From 61673280bcd96be638e1ceb86aa93d1b568bea02 Mon Sep 17 00:00:00 2001
From: "Thierry bordaz (tbordaz)" <tbor...@redhat.com>
Date: Thu, 7 Aug 2014 16:29:02 +0200
Subject: [PATCH] User Life Cycle: create containers and scoping  DS plugins

Bug Description:
	User Life Cycle is designed http://www.freeipa.org/page/V4/User_Life-Cycle_Management
	It manages 3 containers (Staging, Active, Delete). At install Delete and Staging containers
	needs to be created.
		Active: cn=users,cn=accounts,$SUFFIX
		Delete: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
		Stage:  cn=staged users ,cn=accounts,cn=provisioning,$SUFFIX

	Plugins scopes:
		krbPrincipalName, krbCanonicalName, ipaUniqueID, uid:
			cn=accounts,SUFFIX
			cn=deleted users,cn=accounts,cn=provisioning,SUFFIX
		DNA:
			cn=accounts,SUFFIX

		Plugins exclude subtree:
		IPA UUID, Referential Integrity, memberOf:
			cn=provisioning,SUFFIX

Reviewed by: ?

Platforms tested: F20

Flag Day: no

Doc impact: no

https://fedorahosted.org/freeipa/ticket/3813
---
 install/share/bootstrap-template.ldif | 24 ++++++++++++++++++++++++
 install/share/dna.ldif                |  2 +-
 install/share/unique-attributes.ldif  |  9 ++++++---
 install/share/uuid-ipauniqueid.ldif   |  1 +
 install/updates/10-uniqueness.update  |  8 ++++++++
 install/updates/20-syncrepl.update    |  2 ++
 6 files changed, 42 insertions(+), 4 deletions(-)

diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index 06b82aa4ae74e7766d0c09a63aa75fa222e7ab7d..f3e7353a9d2b6ee51ebf2c2c3948a0313e752f9d 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -34,6 +34,30 @@ objectClass: top
 objectClass: nsContainer
 cn: hostgroups
 
+dn: cn=provisioning,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: nsContainer
+cn: provisioning
+
+dn: cn=accounts,cn=provisioning,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: nsContainer
+cn: accounts
+
+dn: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: nsContainer
+cn: staged users
+
+dn: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: nsContainer
+cn: deleted users
+
 dn: cn=alt,$SUFFIX
 changetype: add
 objectClass: nsContainer
diff --git a/install/share/dna.ldif b/install/share/dna.ldif
index 86be44ccfaf65d2ea09c51a499271b95ed7fdbc3..b4c674d676b10859ec14f15ead66e66da47b8e69 100644
--- a/install/share/dna.ldif
+++ b/install/share/dna.ldif
@@ -11,7 +11,7 @@ dnaNextValue: eval($IDSTART)
 dnaMaxValue: eval($IDMAX)
 dnaMagicRegen: -1
 dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject))
-dnaScope: $SUFFIX
+dnaScope: cn=accounts,$SUFFIX
 dnaThreshold: 500
 dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,$SUFFIX
 
diff --git a/install/share/unique-attributes.ldif b/install/share/unique-attributes.ldif
index 0e680a0e45b455469f9be9555aed1e63f1d97faf..19084128cd7fd297a0916dd5a602aee061ad7576 100644
--- a/install/share/unique-attributes.ldif
+++ b/install/share/unique-attributes.ldif
@@ -9,7 +9,8 @@ nsslapd-pluginInitfunc: NSUniqueAttr_Init
 nsslapd-pluginType: preoperation
 nsslapd-pluginEnabled: on
 nsslapd-pluginarg0: krbPrincipalName
-nsslapd-pluginarg1: $SUFFIX
+nsslapd-pluginarg1: cn=accounts,$SUFFIX
+nsslapd-pluginarg2: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
 nsslapd-plugin-depends-on-type: database
 nsslapd-pluginId: NSUniqueAttr
 nsslapd-pluginVersion: 1.1.0
@@ -27,7 +28,8 @@ nsslapd-pluginInitfunc: NSUniqueAttr_Init
 nsslapd-pluginType: preoperation
 nsslapd-pluginEnabled: on
 nsslapd-pluginarg0: krbCanonicalName
-nsslapd-pluginarg1: $SUFFIX
+nsslapd-pluginarg1: cn=accounts,$SUFFIX
+nsslapd-pluginarg2: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
 nsslapd-plugin-depends-on-type: database
 nsslapd-pluginId: NSUniqueAttr
 nsslapd-pluginVersion: 1.1.0
@@ -63,7 +65,8 @@ nsslapd-pluginInitfunc: NSUniqueAttr_Init
 nsslapd-pluginType: preoperation
 nsslapd-pluginEnabled: on
 nsslapd-pluginarg0: ipaUniqueID
-nsslapd-pluginarg1: $SUFFIX
+nsslapd-pluginarg1: cn=accounts,$SUFFIX
+nsslapd-pluginarg2: cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
 nsslapd-plugin-depends-on-type: database
 nsslapd-pluginId: NSUniqueAttr
 nsslapd-pluginVersion: 1.1.0
diff --git a/install/share/uuid-ipauniqueid.ldif b/install/share/uuid-ipauniqueid.ldif
index c8d08cd9b282307c87e14951f1382386b8191c1a..b61b6bd3f201352dbfb1122cd77e78142563df06 100644
--- a/install/share/uuid-ipauniqueid.ldif
+++ b/install/share/uuid-ipauniqueid.ldif
@@ -8,4 +8,5 @@ ipaUuidAttr: ipaUniqueID
 ipaUuidMagicRegen: autogenerate
 ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation))
 ipaUuidScope: $SUFFIX
+ipaUuidExcludeSubtree: cn=provisioning,$SUFFIX
 ipaUuidEnforce: TRUE
diff --git a/install/updates/10-uniqueness.update b/install/updates/10-uniqueness.update
index a336d3480866f74b82b35280e6ed788f1abb992f..e7fb7a6ba530561c19e87e793a956924865d5530 100644
--- a/install/updates/10-uniqueness.update
+++ b/install/updates/10-uniqueness.update
@@ -48,3 +48,11 @@ default:nsslapd-plugin-depends-on-type: database
 default:nsslapd-pluginId: NSUniqueAttr
 default:nsslapd-pluginVersion: 1.1.0
 default:nsslapd-pluginVendor: Fedora Project
+
+# uid uniqueness scopes Active/Delete containers
+dn: cn=attribute uniqueness,cn=plugins,cn=config
+remove:nsslapd-pluginarg1:'$SUFFIX'
+add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
+add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX
+remove:nsslapd-pluginenabled:off
+add:nsslapd-pluginenabled:on
diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update
index e1184bf48285fb216dfb0c82e5e97bb8cc35539c..c9c46fdd9e918c5590e90e6846af7f7646a939b7 100644
--- a/install/updates/20-syncrepl.update
+++ b/install/updates/20-syncrepl.update
@@ -10,10 +10,12 @@ add:nsslapd-changelogmaxage: 2d
 # indices for cn=changelog.
 dn: cn=MemberOf Plugin,cn=plugins,cn=config
 add:memberofentryscope: '$SUFFIX'
+add:memberofentryscopeexcludesubtree: 'cn=provisioning,$SUFFIX'
 
 dn: cn=referential integrity postoperation,cn=plugins,cn=config
 add:nsslapd-plugincontainerscope: '$SUFFIX'
 add:nsslapd-pluginentryscope: '$SUFFIX'
+add:nsslapd-pluginExcludeEntryScope: 'cn=provisioning,$SUFFIX'
 
 # Enable SyncRepl
 dn: cn=Content Synchronization,cn=plugins,cn=config
-- 
1.7.11.7


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel





















					Reply via email to