|
 |
3f51ca |
From d3c36fb83314c3fd1b87572a1c80687f06d7e2d5 Mon Sep 17 00:00:00 2001
|
|
|
3f51ca |
From: Tomas Krizek <tkrizek@redhat.com>
|
|
|
3f51ca |
Date: Mon, 23 Oct 2017 14:06:20 +0200
|
|
|
3f51ca |
Subject: [PATCH] ldap: limit the retro changelog to dns subtree
|
|
|
3f51ca |
|
|
|
3f51ca |
The content synchronization plugin can be limited to the dns subtree in
|
|
|
3f51ca |
Directory Server. This increases performance and helps to prevent some
|
|
|
3f51ca |
potential issues.
|
|
|
3f51ca |
|
|
|
3f51ca |
Fixes: https://pagure.io/freeipa/issue/6515
|
|
|
3f51ca |
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
|
|
|
3f51ca |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
3f51ca |
---
|
|
|
3f51ca |
install/updates/20-syncrepl.update | 2 +-
|
|
|
3f51ca |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
3f51ca |
|
|
|
3f51ca |
diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update
|
|
|
3f51ca |
index faa13f645f492ea35824fe57632b56d52afa8a6e..318eda16870afa06d6c6d9098cbffdc085f2dba2 100644
|
|
|
3f51ca |
--- a/install/updates/20-syncrepl.update
|
|
|
3f51ca |
+++ b/install/updates/20-syncrepl.update
|
|
|
3f51ca |
@@ -4,7 +4,7 @@ only:nsslapd-pluginEnabled: on
|
|
|
3f51ca |
# Remember original nsuniqueid for objects referenced from cn=changelog
|
|
|
3f51ca |
add:nsslapd-attribute: nsuniqueid:targetUniqueId
|
|
|
3f51ca |
add:nsslapd-changelogmaxage: 2d
|
|
|
3f51ca |
-add:nsslapd-exclude-suffix: o=ipaca
|
|
|
3f51ca |
+add:nsslapd-include-suffix: cn=dns,$SUFFIX
|
|
|
3f51ca |
|
|
|
3f51ca |
# Keep memberOf and referential integrity plugins away from cn=changelog.
|
|
|
3f51ca |
# It is necessary for performance reasons because we don't have appropriate
|
|
|
3f51ca |
--
|
|
|
3f51ca |
2.9.5
|
|
|
3f51ca |
|