2007-08-29 17:07:05 -05:00
|
|
|
dn: cn=accounts,$SUFFIX
|
2007-06-28 18:09:54 -05:00
|
|
|
changetype: add
|
0000-12-31 18:09:24 -05:50
|
|
|
objectClass: top
|
2007-08-29 17:07:05 -05:00
|
|
|
objectClass: nsContainer
|
2007-11-18 14:02:26 -06:00
|
|
|
objectClass: krbPwdPolicy
|
2007-08-29 17:07:05 -05:00
|
|
|
cn: accounts
|
2007-11-16 11:59:32 -06:00
|
|
|
krbMinPwdLife: 3600
|
|
|
|
|
krbPwdMinDiffChars: 0
|
|
|
|
|
krbPwdMinLength: 8
|
|
|
|
|
krbPwdHistoryLength: 0
|
2007-12-03 17:09:14 -06:00
|
|
|
krbMaxPwdLife: 7776000
|
0000-12-31 18:09:24 -05:50
|
|
|
|
2007-08-29 17:07:05 -05:00
|
|
|
dn: cn=users,cn=accounts,$SUFFIX
|
2007-06-28 18:09:54 -05:00
|
|
|
changetype: add
|
0000-12-31 18:09:24 -05:50
|
|
|
objectClass: top
|
2007-08-29 17:07:05 -05:00
|
|
|
objectClass: nsContainer
|
|
|
|
|
cn: users
|
0000-12-31 18:09:24 -05:50
|
|
|
|
2007-08-31 17:36:54 -05:00
|
|
|
dn: cn=groups,cn=accounts,$SUFFIX
|
2007-06-28 18:09:54 -05:00
|
|
|
changetype: add
|
0000-12-31 18:09:24 -05:50
|
|
|
objectClass: top
|
2007-08-29 17:07:05 -05:00
|
|
|
objectClass: nsContainer
|
|
|
|
|
cn: groups
|
0000-12-31 18:09:24 -05:50
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
dn: cn=services,cn=accounts,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
cn: services
|
0000-12-31 18:09:24 -05:50
|
|
|
|
2007-11-30 15:58:02 -06:00
|
|
|
dn: cn=computers,cn=accounts,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
cn: computers
|
|
|
|
|
|
2010-05-14 08:37:54 -05:00
|
|
|
dn: cn=hbacservices,cn=accounts,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
cn: hbacservices
|
|
|
|
|
|
|
|
|
|
dn: cn=hbacservicegroups,cn=accounts,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
cn: hbacservicegroups
|
|
|
|
|
|
2010-09-27 15:51:28 -05:00
|
|
|
dn: cn=sudocmds,cn=accounts,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
cn: sudocmds
|
|
|
|
|
|
|
|
|
|
dn: cn=sudocmdgroups,cn=accounts,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
cn: sudocmdgroups
|
|
|
|
|
|
2009-09-30 09:24:25 -05:00
|
|
|
dn: cn=hbac,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
cn: hbac
|
|
|
|
|
|
2010-09-27 15:51:28 -05:00
|
|
|
dn: cn=sudorules,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
cn: sudorules
|
|
|
|
|
|
2010-09-08 21:44:42 -05:00
|
|
|
dn: cn=SUDOers,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
objectClass: top
|
|
|
|
|
cn: SUDOers
|
|
|
|
|
|
2007-08-29 17:07:05 -05:00
|
|
|
dn: cn=etc,$SUFFIX
|
2007-08-06 09:05:53 -05:00
|
|
|
changetype: add
|
2007-08-29 17:07:05 -05:00
|
|
|
objectClass: nsContainer
|
2007-08-06 09:05:53 -05:00
|
|
|
objectClass: top
|
2007-08-29 17:07:05 -05:00
|
|
|
cn: etc
|
2007-08-06 09:05:53 -05:00
|
|
|
|
2007-08-29 17:07:05 -05:00
|
|
|
dn: cn=sysaccounts,cn=etc,$SUFFIX
|
2007-08-06 09:05:53 -05:00
|
|
|
changetype: add
|
2007-08-29 17:07:05 -05:00
|
|
|
objectClass: nsContainer
|
|
|
|
|
objectClass: top
|
|
|
|
|
cn: sysaccounts
|
|
|
|
|
|
2010-07-21 14:44:49 -05:00
|
|
|
dn: cn=entitlements,cn=etc,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
objectClass: top
|
|
|
|
|
cn: entitlements
|
|
|
|
|
|
2007-11-06 17:57:15 -06:00
|
|
|
dn: cn=ipa,cn=etc,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
objectClass: top
|
|
|
|
|
cn: ipa
|
|
|
|
|
|
|
|
|
|
dn: cn=masters,cn=ipa,cn=etc,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
objectClass: top
|
|
|
|
|
cn: masters
|
|
|
|
|
|
2008-05-22 16:55:27 -05:00
|
|
|
dn: uid=admin,cn=users,cn=accounts,$SUFFIX
|
2007-08-29 17:07:05 -05:00
|
|
|
changetype: add
|
2007-08-06 09:05:53 -05:00
|
|
|
objectClass: top
|
|
|
|
|
objectClass: person
|
2009-07-10 05:17:42 -05:00
|
|
|
objectClass: posixaccount
|
|
|
|
|
objectClass: krbprincipalaux
|
2010-01-12 09:30:00 -06:00
|
|
|
objectClass: krbticketpolicyaux
|
2009-07-10 05:17:42 -05:00
|
|
|
objectClass: inetuser
|
2007-08-29 17:07:05 -05:00
|
|
|
uid: admin
|
|
|
|
|
krbPrincipalName: admin@$REALM
|
|
|
|
|
cn: Administrator
|
|
|
|
|
sn: Administrator
|
2009-08-27 13:12:55 -05:00
|
|
|
uidNumber: $UIDSTART
|
|
|
|
|
gidNumber: $GIDSTART
|
2007-08-29 17:07:05 -05:00
|
|
|
homeDirectory: /home/admin
|
|
|
|
|
loginShell: /bin/bash
|
|
|
|
|
gecos: Administrator
|
2007-12-11 20:56:36 -06:00
|
|
|
nsAccountLock: False
|
2007-08-29 17:07:05 -05:00
|
|
|
|
2007-11-30 19:29:12 -06:00
|
|
|
dn: cn=radius,$SUFFIX
|
2007-11-09 23:09:07 -06:00
|
|
|
changetype: add
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
objectClass: top
|
|
|
|
|
cn: radius
|
|
|
|
|
|
2007-11-30 19:29:12 -06:00
|
|
|
dn: cn=clients,cn=radius,$SUFFIX
|
2007-11-09 23:09:07 -06:00
|
|
|
changetype: add
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
objectClass: top
|
|
|
|
|
cn: clients
|
|
|
|
|
|
2007-11-30 19:29:12 -06:00
|
|
|
dn: cn=profiles,cn=radius,$SUFFIX
|
2007-11-13 12:06:18 -06:00
|
|
|
changetype: add
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
objectClass: top
|
|
|
|
|
cn: profiles
|
|
|
|
|
|
2007-11-30 19:29:12 -06:00
|
|
|
dn: uid=ipa_default, cn=profiles,cn=radius,$SUFFIX
|
2007-11-13 12:06:18 -06:00
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: radiusprofile
|
Add radius profile implementations:
get_radius_profile_by_uid
add_radius_profile
update_radius_profile
delete_radius_profile
find_radius_profiles
Rewrite command line arg handling, now support pair entry, interactive
mode with auto completion, reading pairs from a file, better handling
of mandatory values, better help, long arg names now match attribute
name in pairs
Establish mappings for all attributes and names used in clients and
profiles
Add notion of containers to radius clients and profiles in LDAP
Move common code, variables, constants, and strings into the files
radius_client.py, radius_util.py, ipautil.py to eliminate redundant
elements which could get out of sync if modified and to provide access
to other code which might benefit from using these items in the
future.
Add utility functions:
format_list()
parse_key_value_pairs()
Add utility class:
AttributeValueCompleter
Unify attribute usage in radius ldap schema
2007-11-21 12:11:10 -06:00
|
|
|
uid: ipa_default
|
2007-11-13 12:06:18 -06:00
|
|
|
|
2007-08-29 17:07:05 -05:00
|
|
|
dn: cn=admins,cn=groups,cn=accounts,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
2007-11-20 09:22:43 -06:00
|
|
|
objectClass: groupofnames
|
2009-07-10 05:17:42 -05:00
|
|
|
objectClass: posixgroup
|
2009-12-01 06:41:47 -06:00
|
|
|
objectClass: ipausergroup
|
2007-10-04 15:41:19 -05:00
|
|
|
cn: admins
|
2007-08-30 11:23:39 -05:00
|
|
|
description: Account administrators group
|
2009-08-27 13:12:55 -05:00
|
|
|
gidNumber: $GIDSTART
|
2008-05-22 16:55:27 -05:00
|
|
|
member: uid=admin,cn=users,cn=accounts,$SUFFIX
|
2007-12-11 20:56:36 -06:00
|
|
|
nsAccountLock: False
|
2007-08-06 09:05:53 -05:00
|
|
|
|
2007-08-29 17:07:05 -05:00
|
|
|
dn: cn=ipausers,cn=groups,cn=accounts,$SUFFIX
|
2007-08-06 09:05:53 -05:00
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
2007-11-20 09:22:43 -06:00
|
|
|
objectClass: groupofnames
|
2009-07-10 05:17:42 -05:00
|
|
|
objectClass: nestedgroup
|
|
|
|
|
objectClass: ipausergroup
|
|
|
|
|
objectClass: posixgroup
|
2009-08-27 13:12:55 -05:00
|
|
|
gidNumber: eval($GIDSTART+1)
|
2007-11-14 09:49:03 -06:00
|
|
|
description: Default group for all users
|
2007-08-29 17:07:05 -05:00
|
|
|
cn: ipausers
|
2007-11-14 09:49:03 -06:00
|
|
|
|
|
|
|
|
dn: cn=editors,cn=groups,cn=accounts,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
objectClass: top
|
2007-11-20 09:22:43 -06:00
|
|
|
objectClass: groupofnames
|
2009-07-10 05:17:42 -05:00
|
|
|
objectClass: posixgroup
|
2009-12-01 06:41:47 -06:00
|
|
|
objectClass: ipausergroup
|
2009-08-27 13:12:55 -05:00
|
|
|
gidNumber: eval($GIDSTART+2)
|
2007-11-14 09:49:03 -06:00
|
|
|
description: Limited admins who can edit other users
|
|
|
|
|
cn: editors
|
2007-11-16 11:59:32 -06:00
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
dn: cn=ipaConfig,cn=etc,$SUFFIX
|
2007-11-16 11:59:32 -06:00
|
|
|
changetype: add
|
|
|
|
|
objectClass: nsContainer
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: ipaGuiConfig
|
2010-10-04 14:13:36 -05:00
|
|
|
objectClass: ipaConfigObject
|
2009-07-10 05:17:42 -05:00
|
|
|
ipaUserSearchFields: uid,givenname,sn,telephonenumber,ou,title
|
2007-11-16 11:59:32 -06:00
|
|
|
ipaGroupSearchFields: cn,description
|
|
|
|
|
ipaSearchTimeLimit: 2
|
|
|
|
|
ipaSearchRecordsLimit: 0
|
|
|
|
|
ipaHomesRootDir: /home
|
|
|
|
|
ipaDefaultLoginShell: /bin/sh
|
|
|
|
|
ipaDefaultPrimaryGroup: ipausers
|
|
|
|
|
ipaMaxUsernameLength: 8
|
|
|
|
|
ipaPwdExpAdvNotify: 4
|
2007-12-05 23:30:26 -06:00
|
|
|
ipaGroupObjectClasses: top
|
|
|
|
|
ipaGroupObjectClasses: groupofnames
|
2009-07-10 05:17:42 -05:00
|
|
|
ipaGroupObjectClasses: nestedgroup
|
|
|
|
|
ipaGroupObjectClasses: ipausergroup
|
2009-08-10 15:24:10 -05:00
|
|
|
ipaGroupObjectClasses: ipaobject
|
2007-12-05 23:30:26 -06:00
|
|
|
ipaUserObjectClasses: top
|
|
|
|
|
ipaUserObjectClasses: person
|
2009-07-10 05:17:42 -05:00
|
|
|
ipaUserObjectClasses: organizationalperson
|
|
|
|
|
ipaUserObjectClasses: inetorgperson
|
|
|
|
|
ipaUserObjectClasses: inetuser
|
|
|
|
|
ipaUserObjectClasses: posixaccount
|
|
|
|
|
ipaUserObjectClasses: krbprincipalaux
|
2010-01-12 09:30:00 -06:00
|
|
|
ipaUserObjectClasses: krbticketpolicyaux
|
2007-12-05 23:30:26 -06:00
|
|
|
ipaUserObjectClasses: radiusprofile
|
2009-08-10 15:24:10 -05:00
|
|
|
ipaUserObjectClasses: ipaobject
|
2007-12-10 10:53:00 -06:00
|
|
|
ipaDefaultEmailDomain: $DOMAIN
|
2009-09-04 07:51:28 -05:00
|
|
|
ipaMigrationEnabled: FALSE
|
2010-10-04 14:13:36 -05:00
|
|
|
ipaConfigString: AllowNThash
|
2007-11-20 21:45:29 -06:00
|
|
|
|
|
|
|
|
dn: cn=account inactivation,cn=accounts,$SUFFIX
|
2007-11-26 21:28:53 -06:00
|
|
|
changetype: add
|
2007-11-20 21:45:29 -06:00
|
|
|
description: Lock accounts based on group membership
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: ldapsubentry
|
|
|
|
|
objectClass: cosSuperDefinition
|
|
|
|
|
objectClass: cosClassicDefinition
|
|
|
|
|
cosTemplateDn: cn=cosTemplates,cn=accounts,$SUFFIX
|
|
|
|
|
cosAttribute: nsAccountLock operational
|
|
|
|
|
cosSpecifier: memberOf
|
|
|
|
|
cn: Account Inactivation
|
|
|
|
|
|
|
|
|
|
dn: cn=cosTemplates,cn=accounts,$SUFFIX
|
2007-11-26 21:28:53 -06:00
|
|
|
changetype: add
|
2007-11-20 21:45:29 -06:00
|
|
|
objectclass: top
|
|
|
|
|
objectclass: nsContainer
|
|
|
|
|
cn: cosTemplates
|
|
|
|
|
|
2010-04-16 15:23:45 -05:00
|
|
|
dn: cn=cn\=inactivated\,cn\=account inactivation\,cn\=accounts\,$ESCAPED_SUFFIX,cn=cosTemplates,cn=accounts,$SUFFIX
|
2007-11-26 21:28:53 -06:00
|
|
|
changetype: add
|
2007-11-20 21:45:29 -06:00
|
|
|
objectClass: top
|
|
|
|
|
objectClass: cosTemplate
|
|
|
|
|
objectClass: extensibleobject
|
|
|
|
|
nsAccountLock: true
|
|
|
|
|
cosPriority: 1
|
|
|
|
|
|
|
|
|
|
dn: cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX
|
2007-11-26 21:28:53 -06:00
|
|
|
changetype: add
|
2007-11-20 21:45:29 -06:00
|
|
|
objectclass: top
|
2007-11-21 15:07:07 -06:00
|
|
|
objectclass: groupofnames
|
2007-11-20 21:45:29 -06:00
|
|
|
|
2010-04-16 15:23:45 -05:00
|
|
|
dn: cn=cn\=activated\,cn\=account inactivation\,cn\=accounts\,$ESCAPED_SUFFIX,cn=cosTemplates,cn=accounts,$SUFFIX
|
2007-11-26 21:28:53 -06:00
|
|
|
changetype: add
|
2007-11-20 21:45:29 -06:00
|
|
|
objectClass: top
|
|
|
|
|
objectClass: cosTemplate
|
|
|
|
|
objectClass: extensibleobject
|
|
|
|
|
nsAccountLock: false
|
|
|
|
|
cosPriority: 0
|
|
|
|
|
|
|
|
|
|
dn: cn=Activated,cn=Account Inactivation,cn=accounts,$SUFFIX
|
2007-11-26 21:28:53 -06:00
|
|
|
changetype: add
|
2007-11-20 21:45:29 -06:00
|
|
|
objectclass: top
|
2007-11-21 15:07:07 -06:00
|
|
|
objectclass: groupofnames
|
2009-10-02 08:30:16 -05:00
|
|
|
|
|
|
|
|
# templates for this cos definition are managed by the pwpolicy plugin
|
|
|
|
|
dn: cn=Password Policy,cn=accounts,$SUFFIX
|
|
|
|
|
changetype: add
|
|
|
|
|
description: Password Policy based on group membership
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: ldapsubentry
|
|
|
|
|
objectClass: cosSuperDefinition
|
|
|
|
|
objectClass: cosClassicDefinition
|
|
|
|
|
cosTemplateDn: cn=cosTemplates,cn=accounts,$SUFFIX
|
|
|
|
|
cosAttribute: krbPwdPolicyReference
|
|
|
|
|
cosSpecifier: memberOf
|
