2011-07-19 17:19:57 -05:00
|
|
|
dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
|
2013-03-06 03:07:13 -06:00
|
|
|
only:schema-compat-entry-rdn:'%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")'
|
2014-05-14 05:52:26 -05:00
|
|
|
add:schema-compat-entry-attribute: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'
|
2014-05-14 06:09:28 -05:00
|
|
|
add:schema-compat-entry-attribute: 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}'
|
2014-05-14 06:18:00 -05:00
|
|
|
# Fix for #4324 (regression of #1309)
|
|
|
|
remove:schema-compat-entry-attribute:'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")'
|
2014-05-14 07:48:07 -05:00
|
|
|
remove:schema-compat-entry-attribute:'sudoRunAsUser=%{ipaSudoRunAsExtUser}'
|
|
|
|
remove:schema-compat-entry-attribute:'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}'
|
|
|
|
remove:schema-compat-entry-attribute:'sudoRunAsUser=%deref("ipaSudoRunAs","uid")'
|
|
|
|
remove:schema-compat-entry-attribute:'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}'
|
|
|
|
remove:schema-compat-entry-attribute:'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")'
|
2014-05-14 06:18:00 -05:00
|
|
|
|
|
|
|
# We need to add the value in a separate transaction
|
|
|
|
dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
|
|
|
|
add: schema-compat-entry-attribute: 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")'
|
2014-05-14 07:48:07 -05:00
|
|
|
add: schema-compat-entry-attribute: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")'
|
|
|
|
add: schema-compat-entry-attribute: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'
|
|
|
|
add: schema-compat-entry-attribute: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")'
|
|
|
|
add: schema-compat-entry-attribute: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")'
|
|
|
|
add: schema-compat-entry-attribute: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")'
|
2014-10-29 10:23:03 -05:00
|
|
|
remove: schema-compat-ignore-subtree: cn=changelog
|
|
|
|
remove: schema-compat-ignore-subtree: o=ipaca
|
|
|
|
add: schema-compat-restrict-subtree: '$SUFFIX'
|
|
|
|
add: schema-compat-restrict-subtree: 'cn=Schema Compatibility,cn=plugins,cn=config'
|
2014-05-14 05:52:26 -05:00
|
|
|
|
2012-04-05 09:03:04 -05:00
|
|
|
# Change padding for host and userCategory so the pad returns the same value
|
|
|
|
# as the original, '' or -.
|
|
|
|
dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
|
|
|
|
replace: schema-compat-entry-attribute:'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})::nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-})'
|
2014-10-29 10:23:03 -05:00
|
|
|
remove: schema-compat-ignore-subtree: cn=changelog
|
|
|
|
remove: schema-compat-ignore-subtree: o=ipaca
|
|
|
|
add: schema-compat-restrict-subtree: '$SUFFIX'
|
|
|
|
add: schema-compat-restrict-subtree: 'cn=Schema Compatibility,cn=plugins,cn=config'
|
2012-04-16 14:31:12 -05:00
|
|
|
|
|
|
|
dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
|
|
|
|
default:objectClass: top
|
|
|
|
default:objectClass: extensibleObject
|
|
|
|
default:cn: computers
|
|
|
|
default:schema-compat-container-group: cn=compat, $SUFFIX
|
|
|
|
default:schema-compat-container-rdn: cn=computers
|
|
|
|
default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
|
|
|
|
default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
|
|
|
|
default:schema-compat-entry-rdn: cn=%first("%{fqdn}")
|
|
|
|
default:schema-compat-entry-attribute: objectclass=device
|
|
|
|
default:schema-compat-entry-attribute: objectclass=ieee802Device
|
|
|
|
default:schema-compat-entry-attribute: cn=%{fqdn}
|
|
|
|
default:schema-compat-entry-attribute: macAddress=%{macAddress}
|
2014-10-29 10:23:03 -05:00
|
|
|
remove: schema-compat-ignore-subtree: cn=changelog
|
|
|
|
remove: schema-compat-ignore-subtree: o=ipaca
|
|
|
|
add: schema-compat-restrict-subtree: '$SUFFIX'
|
|
|
|
add: schema-compat-restrict-subtree: 'cn=Schema Compatibility,cn=plugins,cn=config'
|
2012-04-16 14:31:12 -05:00
|
|
|
|
2014-01-15 01:58:16 -06:00
|
|
|
dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
|
|
|
|
add:schema-compat-entry-attribute: sudoOrder=%{sudoOrder}
|
2014-02-20 04:18:16 -06:00
|
|
|
|
2014-10-08 08:11:54 -05:00
|
|
|
dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
|
2014-10-29 10:23:03 -05:00
|
|
|
remove: schema-compat-ignore-subtree: cn=changelog
|
|
|
|
remove: schema-compat-ignore-subtree: o=ipaca
|
|
|
|
add: schema-compat-restrict-subtree: '$SUFFIX'
|
|
|
|
add: schema-compat-restrict-subtree: 'cn=Schema Compatibility,cn=plugins,cn=config'
|
2014-10-08 08:11:54 -05:00
|
|
|
|
|
|
|
dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
|
2014-10-29 10:23:03 -05:00
|
|
|
remove: schema-compat-ignore-subtree: cn=changelog
|
|
|
|
remove: schema-compat-ignore-subtree: o=ipaca
|
|
|
|
add: schema-compat-restrict-subtree: '$SUFFIX'
|
|
|
|
add: schema-compat-restrict-subtree: 'cn=Schema Compatibility,cn=plugins,cn=config'
|
2014-10-08 08:11:54 -05:00
|
|
|
|
2014-02-20 04:18:16 -06:00
|
|
|
dn: cn=Schema Compatibility,cn=plugins,cn=config
|
|
|
|
# We need to run schema-compat pre-bind callback before
|
|
|
|
# other IPA pre-bind callbacks to make sure bind DN is
|
|
|
|
# rewritten to the original entry if needed
|
|
|
|
add:nsslapd-pluginprecedence: 49
|
|
|
|
|
2014-09-30 06:54:50 -05:00
|
|
|
dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
|
|
|
|
add:schema-compat-entry-attribute: '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'
|
|
|
|
add:schema-compat-entry-attribute: '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")'
|
|
|
|
add:schema-compat-entry-attribute: 'ipaanchoruuid=%{ipaanchoruuid}'
|
|
|
|
add:schema-compat-entry-attribute: '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")'
|
|
|
|
|
|
|
|
dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
|
|
|
|
add:schema-compat-entry-attribute: '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'
|
|
|
|
add:schema-compat-entry-attribute: '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")'
|
|
|
|
add:schema-compat-entry-attribute: 'ipaanchoruuid=%{ipaanchoruuid}'
|
|
|
|
add:schema-compat-entry-attribute: '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")'
|