"Fossies" - the Fresh Open Source Software Archive

Member "freeipa-4.8.8/install/updates/10-config.update" (15 Jun 2020, 2481 Bytes) of package /linux/misc/freeipa-4.8.8.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "10-config.update": 4.8.6_vs_4.8.7.

    1 # Enforce matching SSL certificate host names when 389-ds acts as an SSL
    2 # client. A restart is necessary for this to take effect, we do one when
    3 # upgrading.
    4 dn: cn=config
    5 only:nsslapd-ssl-check-hostname: on
    6 
    7 # Remove incorrect placement
    8 dn: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config
    9 remove: nsslapd-pluginPrecedence: 60
   10 
   11 # Set the precedence of the ipa-modrdn plugin so it runs after other
   12 # plugins (the default is 50).
   13 dn: cn=IPA MODRDN,cn=plugins,cn=config
   14 only: nsslapd-pluginPrecedence: 60
   15 
   16 # Set limits to suite better IPA deployment sizes, defaults are too
   17 # conservative
   18 dn: cn=config
   19 default: nsslapd-sizelimit:100000
   20 
   21 dn: cn=config,cn=ldbm database,cn=plugins,cn=config
   22 replace: nsslapd-lookthroughlimit:5000::100000
   23 replace: nsslapd-idlistscanlimit:4000::100000
   24 
   25 #Set much lower limits for anonymous searhes
   26 dn: cn=anonymous-limits,cn=etc,$SUFFIX
   27 default:objectclass:nsContainer
   28 default:objectclass:top
   29 default:cn: anonymous-limits
   30 default:nsSizeLimit: 5000
   31 default:nsLookThroughLimit: 5000
   32 
   33 dn: cn=config
   34 only:nsslapd-anonlimitsdn:cn=anonymous-limits,cn=etc,$SUFFIX
   35 
   36 # Add a defaultNamingContext if one hasn't already been set. This was
   37 # introduced in 389-ds-base-1.2.10-0.9.a8. Adding this to a server that
   38 # doesn't support it generates a non-fatal error.
   39 dn: cn=config
   40 add:nsslapd-defaultNamingContext:$SUFFIX
   41 
   42 # Allow the root DSE to be searched even with minssf set
   43 dn: cn=config
   44 only:nsslapd-minssf-exclude-rootdse:on
   45 
   46 # Set the IPA winsync precedence so it will run after the DS
   47 # POSIX winsync plugin
   48 dn: cn=ipa-winsync,cn=plugins,cn=config
   49 only: nsslapd-pluginPrecedence: 60
   50 
   51 # Enable SASL mapping fallback
   52 dn: cn=config
   53 only:nsslapd-sasl-mapping-fallback: on
   54 
   55 dn: cn=Full Principal,cn=mapping,cn=sasl,cn=config
   56 addifnew:nsSaslMapPriority: 10
   57 
   58 dn: cn=Name Only,cn=mapping,cn=sasl,cn=config
   59 addifnew:nsSaslMapPriority: 10
   60 
   61 # Allow hashed passwords to be added by non-DM users. Without this
   62 # setting, password migration fails
   63 dn: cn=config
   64 only:nsslapd-allow-hashed-passwords:on
   65 
   66 # Decrease default value for IO blocking to prevent server unresponsiveness
   67 dn: cn=config
   68 only:nsslapd-ioblocktimeout:10000
   69 
   70 # 389-DS 1.4.1.6+ attempts to update passwords to new schema on LDAP bind.
   71 # IPa blocks hashed password updates and requires password changes to go
   72 # through proper APIs. This option disables password hashing schema updates
   73 # on LDAP bind, see https://pagure.io/freeipa/issue/8315
   74 dn: cn=config
   75 only: nsslapd-enable-upgrade-hash:off