Re: [Freeipa-devel] [PATCH] 79 Add SIDs for existing users and groups at the end of ipa-adtrust-install

2012-10-08 Thread Rob Crittenden 

Alexander Bokovoy wrote:

On Wed, 03 Oct 2012, Sumit Bose wrote:

Hi,

this patch adds a new option to ipa-adtrust-install to generate the SID
for users and groups at the end of the run. This fixes
https://fedorahosted.org/freeipa/ticket/3104 .

ACK, works for me too.



pushed to master and ipa-3-0 last Friday

rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 79 Add SIDs for existing users and groups at the end of ipa-adtrust-install

2012-10-05 Thread Alexander Bokovoy 

On Wed, 03 Oct 2012, Sumit Bose wrote:

Hi,

this patch adds a new option to ipa-adtrust-install to generate the SID
for users and groups at the end of the run. This fixes
https://fedorahosted.org/freeipa/ticket/3104 .

ACK, works for me too.

--
/ Alexander Bokovoy

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 79 Add SIDs for existing users and groups at the end of ipa-adtrust-install

2012-10-03 Thread Sumit Bose 
Hi,

this patch adds a new option to ipa-adtrust-install to generate the SID
for users and groups at the end of the run. This fixes
https://fedorahosted.org/freeipa/ticket/3104 .

bye,
Sumit
From 64f5b76c1869dbbc5e63035baa13642b43854839 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Tue, 2 Oct 2012 22:11:17 +0200
Subject: [PATCH] Add SIDs for existing users and groups at the end of
 ipa-adtrust-install

Fixes https://fedorahosted.org/freeipa/ticket/3104
---
 daemons/ipa-slapi-plugins/ipa-sidgen/Makefile.am  |  1 +
 .../ipa-sidgen/ipa-sidgen-task-example.ldif   | 10 --
 .../ipa-sidgen/ipa-sidgen-task-run.ldif   | 10 ++
 install/tools/ipa-adtrust-install |  5 -
 install/tools/man/ipa-adtrust-install.1   | 10 ++
 ipaserver/install/adtrustinstance.py  | 19 ++-
 6 Dateien geändert, 43 Zeilen hinzugefügt(+), 12 Zeilen entfernt(-)
 delete mode 100644 
daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-example.ldif
 create mode 100644 
daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-run.ldif

diff --git a/daemons/ipa-slapi-plugins/ipa-sidgen/Makefile.am 
b/daemons/ipa-slapi-plugins/ipa-sidgen/Makefile.am
index 
0d8b74e86369ae9c972e090ff0e6feddc840cfde..a0d0e9ecf366b23cc6f054945544cd88cd846cad
 100644
--- a/daemons/ipa-slapi-plugins/ipa-sidgen/Makefile.am
+++ b/daemons/ipa-slapi-plugins/ipa-sidgen/Makefile.am
@@ -49,6 +49,7 @@ appdir = $(IPA_DATA_DIR)
 app_DATA = \
ipa-sidgen-conf.ldif\
ipa-sidgen-task-conf.ldif   \
+   ipa-sidgen-task-run.ldif\
$(NULL)
 
 EXTRA_DIST =   \
diff --git a/daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-example.ldif 
b/daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-example.ldif
deleted file mode 100644
index 
9cfded73b1b53461c0c0aa4f563452f51d258aae..
--- a/daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-example.ldif
+++ /dev/null
@@ -1,10 +0,0 @@
-dn: cn=sidgen,cn=ipa-sidgen-task,cn=plugins,cn=config
-changetype: add
-objectClass: top
-objectClass: nsSlapdPlugin
-objectClass: extensibleObject
-cn: ipa-sidgen-task
-nsslapd-pluginPath: libipa_sidgen_task
-nsslapd-pluginInitfunc: sidgen_task_init
-nsslapd-basedn: $SUFFIX
-delay: 0
diff --git a/daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-run.ldif 
b/daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-run.ldif
new file mode 100644
index 
..663b7597b90a59c88c658dbcc5f483a6693f88dc
--- /dev/null
+++ b/daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-run.ldif
@@ -0,0 +1,10 @@
+dn: cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config
+changetype: add
+objectClass: top
+objectClass: extensibleObject
+cn: sidgen
+# $SUFFIX must be replaced with the base DN of the IPA directory tree
+nsslapd-basedn: $SUFFIX
+# delay specifies the time the task should sleep between the generation of SIDs
+# in nanoseconds
+delay: 0
diff --git a/install/tools/ipa-adtrust-install 
b/install/tools/ipa-adtrust-install
index 
12e218de62dd4b4d795f7372e0108e6a208f1285..f50bb58213ac0681cd8bda0a449ae21c48e6adb8
 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -61,6 +61,9 @@ def parse_options():
 parser.add_option(-A, --admin-name,
   sensitive=True, dest=admin_name, default='admin',
   help=admin user principal)
+parser.add_option(--add-sids, dest=add_sids, action=store_true,
+  default=False, help=Add SIDs for existing users and \
+  groups as the final step)
 
 options, args = parser.parse_args()
 safe_options = parser.get_safe_opts(options)
@@ -254,7 +257,7 @@ def main():
 smb.autobind = service.ENABLED
 smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
   netbios_name, options.rid_base, options.secondary_rid_base,
-  options.no_msdcs)
+  options.no_msdcs, options.add_sids)
 smb.find_local_id_range()
 smb.create_instance()
 
diff --git a/install/tools/man/ipa-adtrust-install.1 
b/install/tools/man/ipa-adtrust-install.1
index 
fa63bca3c4859325acb5891de6ad1e21b97dc754..9204b7d5fde7493a4c268eb71693e86a63a1b4b7
 100644
--- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1
@@ -71,6 +71,16 @@ are needed for the IPA domain which should point to all IPA 
servers:
 .IP
 \(bu _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs
 .TP
+\fB\-\-add\-sids\fR
+Add SIDs to existing users and groups as a final step of the
+ipa\-adtrust\-install run. If there a many existing users and groups and a
+couple of replicas in the environment this operation might lead to a high
+replication traffic and a performance degradation of all IPA servers in the
+environment. To avoid this the SID