9d21232151
- Update to upstream 3.3.4 - Install CA anchor into standard location (#928478) - ipa-client-install part of ipa-server-install fails on reinstall (#1044994) - Remove mod_ssl workaround (RHEL bug #1029046) - Enable syncrepl plugin to support bind-dyndb-ldap 4.0
74 lines
2.8 KiB
Diff
74 lines
2.8 KiB
Diff
From 031d08b13cec4c6c538a9c344576d349481ceeea Mon Sep 17 00:00:00 2001
|
|
From: Petr Spacek <pspacek@redhat.com>
|
|
Date: Thu, 23 Jan 2014 12:22:38 +0100
|
|
Subject: [PATCH 7/9] Limit memberOf and refInt DS plugins to main IPA suffix.
|
|
|
|
This drastically improves performance of retro changelog trimming.
|
|
|
|
https://fedorahosted.org/freeipa/ticket/3967
|
|
---
|
|
freeipa.spec.in | 6 +++---
|
|
install/updates/20-syncrepl.update | 13 ++++++++++++-
|
|
2 files changed, 15 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/freeipa.spec.in b/freeipa.spec.in
|
|
index 4f60be6ccd623de4574c7627e0ffc4ff0829e701..ef96c7c271ebba33b15d9b35891092e4151c3aae 100644
|
|
--- a/freeipa.spec.in
|
|
+++ b/freeipa.spec.in
|
|
@@ -21,7 +21,7 @@ Source0: freeipa-%{version}.tar.gz
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
|
%if ! %{ONLY_CLIENT}
|
|
-BuildRequires: 389-ds-base-devel >= 1.3.1.3
|
|
+BuildRequires: 389-ds-base-devel >= 1.3.2.10
|
|
BuildRequires: svrcore-devel
|
|
BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
|
|
BuildRequires: systemd-units
|
|
@@ -95,7 +95,7 @@ Group: System Environment/Base
|
|
Requires: %{name}-python = %{version}-%{release}
|
|
Requires: %{name}-client = %{version}-%{release}
|
|
Requires: %{name}-admintools = %{version}-%{release}
|
|
-Requires: 389-ds-base >= 1.3.1.3
|
|
+Requires: 389-ds-base >= 1.3.2.10
|
|
Requires: openldap-clients > 2.4.35-4
|
|
%if 0%{?fedora} == 18
|
|
Requires: nss >= 3.14.3-2
|
|
@@ -150,7 +150,7 @@ Requires: zip
|
|
Requires: policycoreutils >= %{POLICYCOREUTILSVER}
|
|
Requires: tar
|
|
Requires(pre): certmonger >= 0.65
|
|
-Requires(pre): 389-ds-base >= 1.3.1.3
|
|
+Requires(pre): 389-ds-base >= 1.3.2.10
|
|
|
|
# With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the
|
|
# entire SELinux policy is stored in the system policy
|
|
diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update
|
|
index c4158a1634410acd323f04f442bbbd2f69c24708..e1184bf48285fb216dfb0c82e5e97bb8cc35539c 100644
|
|
--- a/install/updates/20-syncrepl.update
|
|
+++ b/install/updates/20-syncrepl.update
|
|
@@ -1,9 +1,20 @@
|
|
-# Enable Retro changelog
|
|
+# Enable Retro changelog - it is necessary for SyncRepl
|
|
dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
|
|
only:nsslapd-pluginEnabled: on
|
|
+# Remember original nsuniqueid for objects referenced from cn=changelog
|
|
add:nsslapd-attribute: nsuniqueid:targetUniqueId
|
|
add:nsslapd-changelogmaxage: 2d
|
|
|
|
+# Keep memberOf and referential integrity plugins away from cn=changelog.
|
|
+# It is necessary for performance reasons because we don't have appropriate
|
|
+# indices for cn=changelog.
|
|
+dn: cn=MemberOf Plugin,cn=plugins,cn=config
|
|
+add:memberofentryscope: '$SUFFIX'
|
|
+
|
|
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
|
|
+add:nsslapd-plugincontainerscope: '$SUFFIX'
|
|
+add:nsslapd-pluginentryscope: '$SUFFIX'
|
|
+
|
|
# Enable SyncRepl
|
|
dn: cn=Content Synchronization,cn=plugins,cn=config
|
|
only:nsslapd-pluginEnabled: on
|
|
--
|
|
1.8.5.3
|
|
|