6bfb761 Ticket 47667 - Allow nsDS5ReplicaBindDN to be a group DN

Authored and Committed by lkrispen 9 years ago
    Ticket 47667 - Allow nsDS5ReplicaBindDN to be a group DN
    
    Bug Description:  The request is not to define a specific bind DN for a replica
    			but to be able to specify a group and let all members
    			be treated as replicaBindDN
    
    Fix Description:   The fix adds a new attribute to the ndsdReplica object:
    			nsDS5ReplicaBindDNGroup: <dn>
    		   When this attr is set at startup or when the replica object is modified
    			the group is expanded and its members and all mambers of its
    			subgroups are added to a hash of replcabinddns. this is in
    			parallel to the normal hash od replicabind dn specified using
    			the existing attr nsDS5ReplicaBindDN.
    		   Since groups can change, the list of bingdns based on groups has to be
    			rebuilt when the spcified groups change. This check and the
    			rebuilding of the group has a performance cost and will be done only
    			in a specified interval, the interval can be configured by
    			nsDS5ReplicaBindDNGroupCheckInterval.
    			This attr takes the following values:
    			-1 no dymanic check at runtime, admin must take care that groups are stable
    				or restart to get changes accounted for
    			0 everytime a binddn is verified the groupdns are rebuilt
    			n only if n seconds have passed since last rebuild it is done again
    
    https://fedorahosted.org/389/ticket/47667
    
    Reviewed by: ?