Add LDAP schema for certificate store.

Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2024-12-23 07:33:27 -06:00 · 2014-06-10 14:04:36 +02:00 · 2014-06-10 14:04:36 +02:00 · 25c10bc161
commit 25c10bc161
parent 61f166da5d
4 changed files with 11 additions and 0 deletions
--- a/install/share/65ipacertstore.ldif
+++ b/install/share/65ipacertstore.ldif
@ -0,0 +1,8 @@
+dn: cn=schema
+attributeTypes: (2.16.840.1.113730.3.8.11.56 NAME 'ipaCertSubject' DESC 'Subject name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
+attributeTypes: (2.16.840.1.113730.3.8.11.57 NAME 'ipaCertIssuerSerial' DESC 'Issuer name and serial number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v4.1' )
+attributeTypes: (2.16.840.1.113730.3.8.11.58 NAME 'ipaKeyTrust' DESC 'Key trust (unknown, trusted, distrusted)' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
+attributeTypes: (2.16.840.1.113730.3.8.11.59 NAME 'ipaKeyUsage' DESC 'Allowed key usage' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v4.1' )
+attributeTypes: (2.16.840.1.113730.3.8.11.60 NAME 'ipaKeyExtUsage' DESC 'Allowed extended key usage' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 X-ORIGIN 'IPA v4.1' )
+objectClasses: (2.16.840.1.113730.3.8.12.27 NAME 'ipaCertificate' SUP top STRUCTURAL MUST ( cn $ ipaCertIssuerSerial $ ipaCertSubject $ ipaPublicKey ) MAY ( ipaConfigString ) X-ORIGIN 'IPA v4.1' )
+objectClasses: (2.16.840.1.113730.3.8.12.28 NAME 'ipaKeyPolicy' SUP top AUXILIARY MAY ( ipaKeyTrust $ ipaKeyUsage $ ipaKeyExtUsage ) X-ORIGIN 'IPA v4.1' )
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@ -16,6 +16,7 @@ app_DATA =				\
 	60basev3.ldif			\
 	60ipadns.ldif			\
 	61kerberos-ipav3.ldif		\
+	65ipacertstore.ldif		\
 	65ipasudo.ldif			\
 	70ipaotp.ldif			\
 	anonymous-vlv.ldif		\
--- a/install/share/copy-schema-to-ca.py
+++ b/install/share/copy-schema-to-ca.py
@ -31,6 +31,7 @@ SCHEMA_FILENAMES = (
    "60basev3.ldif",
    "60ipadns.ldif",
    "61kerberos-ipav3.ldif",
+    "65ipacertstore.ldif",
    "65ipasudo.ldif",
    "70ipaotp.ldif",
    "05rfc2247.ldif",
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -58,6 +58,7 @@ IPA_SCHEMA_FILES = ("60kerberos.ldif",
                    "60basev3.ldif",
                    "60ipadns.ldif",
                    "61kerberos-ipav3.ldif",
+                    "65ipacertstore.ldif",
                    "65ipasudo.ldif",
                    "70ipaotp.ldif",
                    "15rfc2307bis.ldif",