Hello, The subject of provisioning was discussed https://www.redhat.com/archives/freeipa-devel/2016-May/msg00065.html. The documentation of the provisioning procedure is still going on but reviewing it I have a doubt about RetroCL/Content_Sync.
Provisioning will be done with high recommendations/constraints: * The provisioned instance should not be accessed by ldap client during provisioning. * The IPA deployment should contain only one server (the one used for provisioning) in order to prevent replication latency During provisioning, disabling RetroCL/Content_Sync gives a ~10% improvements (reducing the #ADD). The drawback of disabling RetroCL/Content_Sync is that the provisioned instance will not be able to send provisioned entries through syncRepl. Now considering that the provisioned instance is unique in the topology and will do full init of replicas, I think SyncRepl is useless and then we can disable RetroCL/Content_Sync during provisioning. Anyone is seeing a problem if those plugins are disabled during provisioning ? thanks thierry
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code