Imported Upstream version 4.6.2
This commit is contained in:
Mario Fetka
74
install/updates/10-config.update
Normal file
74
install/updates/10-config.update
Normal file
@@ -0,0 +1,74 @@
|
||||
# Enforce matching SSL certificate host names when 389-ds acts as an SSL
|
||||
# client. A restart is necessary for this to take effect, we do one when
|
||||
# upgrading.
|
||||
dn: cn=config
|
||||
only:nsslapd-ssl-check-hostname: on
|
||||
|
||||
# Remove incorrect placement
|
||||
dn: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config
|
||||
remove: nsslapd-pluginPrecedence: 60
|
||||
|
||||
# Set the precedence of the ipa-modrdn plugin so it runs after other
|
||||
# plugins (the default is 50).
|
||||
dn: cn=IPA MODRDN,cn=plugins,cn=config
|
||||
only: nsslapd-pluginPrecedence: 60
|
||||
|
||||
# Set limits to suite better IPA deployment sizes, defaults are too
|
||||
# conservative
|
||||
dn: cn=config
|
||||
default: nsslapd-sizelimit:100000
|
||||
|
||||
dn: cn=config,cn=ldbm database,cn=plugins,cn=config
|
||||
replace: nsslapd-lookthroughlimit:5000::100000
|
||||
replace: nsslapd-idlistscanlimit:4000::100000
|
||||
|
||||
#Set much lower limits for anonymous searhes
|
||||
dn: cn=anonymous-limits,cn=etc,$SUFFIX
|
||||
default:objectclass:nsContainer
|
||||
default:objectclass:top
|
||||
default:cn: anonymous-limits
|
||||
default:nsSizeLimit: 5000
|
||||
default:nsLookThroughLimit: 5000
|
||||
|
||||
dn: cn=config
|
||||
only:nsslapd-anonlimitsdn:cn=anonymous-limits,cn=etc,$SUFFIX
|
||||
|
||||
# Add a defaultNamingContext if one hasn't already been set. This was
|
||||
# introduced in 389-ds-base-1.2.10-0.9.a8. Adding this to a server that
|
||||
# doesn't support it generates a non-fatal error.
|
||||
dn: cn=config
|
||||
add:nsslapd-defaultNamingContext:$SUFFIX
|
||||
|
||||
# Allow the root DSE to be searched even with minssf set
|
||||
dn: cn=config
|
||||
only:nsslapd-minssf-exclude-rootdse:on
|
||||
|
||||
# Set the IPA winsync precedence so it will run after the DS
|
||||
# POSIX winsync plugin
|
||||
dn: cn=ipa-winsync,cn=plugins,cn=config
|
||||
only: nsslapd-pluginPrecedence: 60
|
||||
|
||||
# Enable SASL mapping fallback
|
||||
dn: cn=config
|
||||
only:nsslapd-sasl-mapping-fallback: on
|
||||
|
||||
dn: cn=Full Principal,cn=mapping,cn=sasl,cn=config
|
||||
addifnew:nsSaslMapPriority: 10
|
||||
|
||||
dn: cn=Name Only,cn=mapping,cn=sasl,cn=config
|
||||
addifnew:nsSaslMapPriority: 10
|
||||
|
||||
# Default SASL buffer size was too small and could lead for example to
|
||||
# migration errors
|
||||
# Can be removed when https://fedorahosted.org/389/ticket/47457 is fixed
|
||||
dn: cn=config
|
||||
only:nsslapd-sasl-max-buffer-size:2097152
|
||||
|
||||
# Allow hashed passwords to be added by non-DM users. Without this
|
||||
# setting, password migration fails
|
||||
dn: cn=config
|
||||
only:nsslapd-allow-hashed-passwords:on
|
||||
|
||||
# Decrease default value for IO blocking to prevent server unresponsiveness
|
||||
dn: cn=config
|
||||
only:nsslapd-ioblocktimeout:10000
|
||||
Reference in New Issue
Block a user