Ticket 47667 - Allow nsDS5ReplicaBindDN to be a group DN
Bug Description: The request is not to define a specific bind DN for a replica
but to be able to specify a group and let all members
be treated as replicaBindDN
Fix Description: The fix adds a new attribute to the ndsdReplica object:
nsDS5ReplicaBindDNGroup: <dn>
When this attr is set at startup or when the replica object is modified
the group is expanded and its members and all mambers of its
subgroups are added to a hash of replcabinddns. this is in
parallel to the normal hash od replicabind dn specified using
the existing attr nsDS5ReplicaBindDN.
Since groups can change, the list of bingdns based on groups has to be
rebuilt when the spcified groups change. This check and the
rebuilding of the group has a performance cost and will be done only
in a specified interval, the interval can be configured by
nsDS5ReplicaBindDNGroupCheckInterval.
This attr takes the following values:
-1 no dymanic check at runtime, admin must take care that groups are stable
or restart to get changes accounted for
0 everytime a binddn is verified the groupdns are rebuilt
n only if n seconds have passed since last rebuild it is done again
https://fedorahosted.org/389/ticket/47667
Reviewed by: ?