c58629
From d3c36fb83314c3fd1b87572a1c80687f06d7e2d5 Mon Sep 17 00:00:00 2001
c58629
From: Tomas Krizek <tkrizek@redhat.com>
c58629
Date: Mon, 23 Oct 2017 14:06:20 +0200
c58629
Subject: [PATCH] ldap: limit the retro changelog to dns subtree
c58629
c58629
The content synchronization plugin can be limited to the dns subtree in
c58629
Directory Server. This increases performance and helps to prevent some
c58629
potential issues.
c58629
c58629
Fixes: https://pagure.io/freeipa/issue/6515
c58629
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
c58629
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
c58629
---
c58629
 install/updates/20-syncrepl.update | 2 +-
c58629
 1 file changed, 1 insertion(+), 1 deletion(-)
c58629
c58629
diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update
c58629
index faa13f645f492ea35824fe57632b56d52afa8a6e..318eda16870afa06d6c6d9098cbffdc085f2dba2 100644
c58629
--- a/install/updates/20-syncrepl.update
c58629
+++ b/install/updates/20-syncrepl.update
c58629
@@ -4,7 +4,7 @@ only:nsslapd-pluginEnabled: on
c58629
 # Remember original nsuniqueid for objects referenced from cn=changelog
c58629
 add:nsslapd-attribute: nsuniqueid:targetUniqueId
c58629
 add:nsslapd-changelogmaxage: 2d
c58629
-add:nsslapd-exclude-suffix: o=ipaca
c58629
+add:nsslapd-include-suffix: cn=dns,$SUFFIX
c58629
 
c58629
 # Keep memberOf and referential integrity plugins away from cn=changelog.
c58629
 # It is necessary for performance reasons because we don't have appropriate
c58629
-- 
c58629
2.9.5
c58629