diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-11 14:09:06 -0500 |
|---|---|---|
| committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-11 14:09:06 -0500 |
| commit | ec23f4b717dc7e47e9000d2d135ac4914cc2180b (patch) | |
| tree | 11f0f93fba577d68433fa8a5d0d177997eab0ac2 /confskel | |
| parent | 02cfa8d8afb2c84b0683e4071f4482a54d2e459e (diff) | |
| download | kcmldapcontroller-ec23f4b717dc7e47e9000d2d135ac4914cc2180b.tar.gz kcmldapcontroller-ec23f4b717dc7e47e9000d2d135ac4914cc2180b.zip | |
Move primary realm wizard sources to separate directory
Add cert-updater
Diffstat (limited to 'confskel')
| -rw-r--r-- | confskel/openldap/ldif/olcDatabase.ldif | 2 | ||||
| -rw-r--r-- | confskel/openldap/ldif/tde-core.ldif | 12 | ||||
| -rw-r--r-- | confskel/openldap/skel.ldif | 2 |
3 files changed, 9 insertions, 7 deletions
diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif index 945ccce..e45e186 100644 --- a/confskel/openldap/ldif/olcDatabase.ldif +++ b/confskel/openldap/ldif/olcDatabase.ldif @@ -4,7 +4,7 @@ objectClass: olcHdbConfig olcDatabase: {@@@LDIFSCHEMANUMBER@@@}hdb olcDbDirectory: /var/lib/ldap olcSuffix: @@@REALM_DCNAME@@@ -olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags +olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,privateRootCertificateKey by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" by sockurl.regex="^ldapi:///$" write diff --git a/confskel/openldap/ldif/tde-core.ldif b/confskel/openldap/ldif/tde-core.ldif index f87b6b2..ca68eb2 100644 --- a/confskel/openldap/ldif/tde-core.ldif +++ b/confskel/openldap/ldif/tde-core.ldif @@ -17,13 +17,15 @@ olcAttributeTypes: {11} ( 1.3.6.1.4.1.99999.1.1.12 NAME 'lastLogon' DESC 'Timest olcAttributeTypes: {12} ( 1.3.6.1.4.1.99999.1.1.13 NAME 'lastLogoff' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # Used for storing sharable certificates and keys olcAttributeTypes: {13} ( 1.3.6.1.4.1.99999.1.1.14 NAME 'publicRootCertificate' DESC 'Certificate authority root certificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE ) +# Used for storing private certificates and keys +olcAttributeTypes: {14} ( 1.3.6.1.4.1.99999.1.1.15 NAME 'privateRootCertificateKey' DESC 'Certificate authority root private key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE ) # Used for storing builtin user/group names -olcAttributeTypes: {14} ( 1.3.6.1.4.1.99999.1.1.15 NAME 'builtinRealmAdminAccount' DESC 'Built-in realm administrative account distinguished name' SUP name ) -olcAttributeTypes: {15} ( 1.3.6.1.4.1.99999.1.1.16 NAME 'builtinRealmAdminGroup' DESC 'Built-in realm administrative group distinguished name' SUP name ) -olcAttributeTypes: {16} ( 1.3.6.1.4.1.99999.1.1.17 NAME 'builtinMachineAdminGroup' DESC 'Built-in local machine administrative group distinguished name' SUP name ) -olcAttributeTypes: {17} ( 1.3.6.1.4.1.99999.1.1.18 NAME 'builtinStandardUserGroup' DESC 'Built-in standard user group distinguished name' SUP name ) +olcAttributeTypes: {15} ( 1.3.6.1.4.1.99999.1.1.16 NAME 'builtinRealmAdminAccount' DESC 'Built-in realm administrative account distinguished name' SUP name ) +olcAttributeTypes: {16} ( 1.3.6.1.4.1.99999.1.1.17 NAME 'builtinRealmAdminGroup' DESC 'Built-in realm administrative group distinguished name' SUP name ) +olcAttributeTypes: {17} ( 1.3.6.1.4.1.99999.1.1.18 NAME 'builtinMachineAdminGroup' DESC 'Built-in local machine administrative group distinguished name' SUP name ) +olcAttributeTypes: {18} ( 1.3.6.1.4.1.99999.1.1.19 NAME 'builtinStandardUserGroup' DESC 'Built-in standard user group distinguished name' SUP name ) olcObjectClasses: {0} ( 1.3.6.1.4.1.99999.1.2.1 NAME 'tdeExtendedUserData' SUP top AUXILIARY MAY ( website URL $ managerName $ secretaryName $ teletexId $ preferredDelivery $ locallyUniqueID $ notes $ pwdLastSet $ badPwdCount $ badPasswordTime $ lastLogon $ lastLogoff ) ) olcObjectClasses: {1} ( 1.3.6.1.4.1.99999.1.2.2 NAME 'tdeAccountObject' SUP top AUXILIARY MAY tdeBuiltinAccount ) -olcObjectClasses: {2} ( 1.3.6.1.4.1.99999.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate ) ) +olcObjectClasses: {2} ( 1.3.6.1.4.1.99999.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate $ privateRootCertificateKey ) ) olcObjectClasses: {3} ( 1.3.6.1.4.1.99999.1.2.4 NAME 'tdeBuiltinStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ builtinRealmAdminAccount $ builtinRealmAdminGroup $ builtinMachineAdminGroup $ builtinStandardUserGroup ) )
\ No newline at end of file diff --git a/confskel/openldap/skel.ldif b/confskel/openldap/skel.ldif index 7d3f2fa..a5ace18 100644 --- a/confskel/openldap/skel.ldif +++ b/confskel/openldap/skel.ldif @@ -205,7 +205,7 @@ emsdescription: Group emsplugins: PosixGroup emsplugins: KerberosGroup emstype: GroupEntry -gidNumber: 901 +gidNumber: 902 objectClass: groupOfNames objectClass: emsGroup objectClass: posixGroup |