Blob Blame History Raw
install/updates/30-ipservices.update from 39eaf2fa as it is not part of the
release tarball of 4.8.0 but needed for 27586cb7:

commit 39eaf2fab5e27bd12edfb2a24c439a8ea5fb26f0
Author: Christian Heimes <cheimes@redhat.com>
Date:   Fri Dec 7 13:08:49 2018 +0100

    Add index and container for RFC 2307 IP services
    
    IPA doesn't officially support RFC 2307 IP services. However SSSD has a
    nsswitch plugin to provide service lookups. The subtree search for
    (&(ipserviceport=$PORT)(ipserviceprotocol=$SRV)(objectclass=ipservice)) in
    cn=accounts,$SUFFIX has caused performance issues on large
    installations.
    
    This patch introduced a dedicated container
    cn=ipservices,cn=accounts,$SUFFIX for IP services for future use or 3rd
    party extensions. SSSD will be change its search base in an upcoming
    release, too.
    
    A new ipServicePort index is added to optimize searches for an IP
    service by port. There is no index on ipServiceProtocol because the index
    would have poor selectivity. An ipService entry has either 'tcp' or 'udp'
    as protocol.
    
    Fixes: https://pagure.io/freeipa/issue/7797
    See: https://pagure.io/freeipa/issue/7786
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

diff --git a/install/updates/30-ipservices.update b/install/updates/30-ipservices.update
new file mode 100644
index 000000000..01a6d52f8
--- /dev/null
+++ b/install/updates/30-ipservices.update
@@ -0,0 +1,6 @@
+# container for RFC 2307 IP services
+
+dn: cn=ipservices,cn=accounts,$SUFFIX
+default: objectClass: top
+default: objectClass: nsContainer
+default: cn: ipservices
install/updates/75-user-trust-attributes.update from c18ee9b6 as it is not
part of the release tarball of 4.8.0 but needed for 27586cb7:

commit c18ee9b641ddc1e6b52d0413caa1fb98ac13785d
Author: Tibor Dudlák <tdudlak@redhat.com>
Date:   Tue Apr 2 16:23:09 2019 +0200

    Add SMB attributes for users
    
    SMB attributes are used by Samba domain controller when reporting
    details about IPA users via LSA DCE RPC calls.
    
    Based on the initial work from the external plugin:
    https://github.com/abbra/freeipa-user-trust-attributes
    
    Related: https://pagure.io/freeipa/issue/3999
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Signed-off-by: Tibor Dudlák <tdudlak@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>

diff --git a/install/updates/75-user-trust-attributes.update b/install/updates/75-user-trust-attributes.update
new file mode 100644
index 000000000..43bb40c7d
--- /dev/null
+++ b/install/updates/75-user-trust-attributes.update
@@ -0,0 +1,5 @@
+# Add an explicit self-service ACI to allow writing to manage trust attributes
+# for the owner of the object
+dn: cn=users,cn=accounts,$SUFFIX
+add:aci:(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "system:Allow trust agents to read user SMB attributes";allow (read) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX";)
+add:aci:(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "selfservice:Users can manage their SMB attributes";allow (write) userdn = "ldap:///self";)
commit 27586cb7ae32af191cb8a3c36fc8856957300f08
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Fri Aug 9 23:03:25 2019 +0300

    install: Add missing scripts to app_DATA.
    
    Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index bce8a56b1..68facbaf2 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -30,6 +30,7 @@ app_DATA =				\
 	21-ca_renewal_container.update	\
 	21-certstore_container.update	\
 	25-referint.update		\
+	30-ipservices.update		\
 	30-provisioning.update		\
 	30-s4u2proxy.update		\
 	37-locations.update		\
@@ -63,6 +64,7 @@ app_DATA =				\
 	73-custodia.update		\
 	73-winsync.update		\
 	73-certmap.update		\
+	75-user-trust-attributes.update	\
 	80-schema_compat.update \
 	90-post_upgrade_plugins.update	\
 	$(NULL)