|
 |
c58629 |
From d3c36fb83314c3fd1b87572a1c80687f06d7e2d5 Mon Sep 17 00:00:00 2001
|
|
|
c58629 |
From: Tomas Krizek <tkrizek@redhat.com>
|
|
|
c58629 |
Date: Mon, 23 Oct 2017 14:06:20 +0200
|
|
|
c58629 |
Subject: [PATCH] ldap: limit the retro changelog to dns subtree
|
|
|
c58629 |
|
|
|
c58629 |
The content synchronization plugin can be limited to the dns subtree in
|
|
|
c58629 |
Directory Server. This increases performance and helps to prevent some
|
|
|
c58629 |
potential issues.
|
|
|
c58629 |
|
|
|
c58629 |
Fixes: https://pagure.io/freeipa/issue/6515
|
|
|
c58629 |
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
|
|
|
c58629 |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
c58629 |
---
|
|
|
c58629 |
install/updates/20-syncrepl.update | 2 +-
|
|
|
c58629 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
c58629 |
|
|
|
c58629 |
diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update
|
|
|
c58629 |
index faa13f645f492ea35824fe57632b56d52afa8a6e..318eda16870afa06d6c6d9098cbffdc085f2dba2 100644
|
|
|
c58629 |
--- a/install/updates/20-syncrepl.update
|
|
|
c58629 |
+++ b/install/updates/20-syncrepl.update
|
|
|
c58629 |
@@ -4,7 +4,7 @@ only:nsslapd-pluginEnabled: on
|
|
|
c58629 |
# Remember original nsuniqueid for objects referenced from cn=changelog
|
|
|
c58629 |
add:nsslapd-attribute: nsuniqueid:targetUniqueId
|
|
|
c58629 |
add:nsslapd-changelogmaxage: 2d
|
|
|
c58629 |
-add:nsslapd-exclude-suffix: o=ipaca
|
|
|
c58629 |
+add:nsslapd-include-suffix: cn=dns,$SUFFIX
|
|
|
c58629 |
|
|
|
c58629 |
# Keep memberOf and referential integrity plugins away from cn=changelog.
|
|
|
c58629 |
# It is necessary for performance reasons because we don't have appropriate
|
|
|
c58629 |
--
|
|
|
c58629 |
2.9.5
|
|
|
c58629 |
|