IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove support for LDAP proxy connections

Browse Source
This commit is contained in:
rcritten@redhat.com
2007-09-20 09:01:23 -04:00
parent e16e215cdd
commit 370500ab1a
3 changed files with 0 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ipa-server/ipa-install/ipa-server-setupssl
View File

@@ -112,18 +112,6 @@ if test -n "$needServerCert" ; then
certutil -S $prefixarg -n "Server-Cert" -s "cn=$myhost,ou=Fedora Directory Server" -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d $secdir -z $secdir/noise.txt -f $secdir/pwdfile.txt
fi
# 8. Generate the web service client certificate:
echo -e "0\n2\n9\nn\n0\n9\nn\n" | certutil -S $prefixarg -n webservice -s "uid=webservice, CN=Web Service, OU=Fedora Directory Server" -c "CA certificate" -t u,pu,u -m 1002 -v 120 -d $secdir -z $secdir/noise.txt -f $secdir/pwdfile.txt -1 -5
pk12util -d $secdir $prefixarg -o $secdir/webservice.p12 -n "webservice" -w $secdir/pwdfile.txt -k $secdir/pwdfile.txt
openssl pkcs12 -in $secdir/webservice.p12 -clcerts -nokeys -out /usr/share/ipa/cert.pem -passin file:$secdir/pwdfile.txt
openssl pkcs12 -in $secdir/webservice.p12 -nocerts -nodes -out /usr/share/ipa/key.pem -passin file:$secdir/pwdfile.txt
cp -p $secdir/cacert.asc /usr/share/ipa
chown apache:apache /usr/share/ipa/cert.pem /usr/share/ipa/key.pem /usr/share/ipa/cacert.asc
chmod 600 /usr/share/ipa/cert.pem /usr/share/ipa/key.pem
# create the pin file
if [ ! -f $secdir/pin.txt ] ; then
pinfile=$secdir/pin.txt

6
ipa-server/ipa-install/share/bootstrap-template.ldif
View File

@@ -39,12 +39,6 @@ objectClass: nsContainer
objectClass: top
cn: sysaccounts
dn: uid=webservice,cn=sysaccounts,cn=etc,$SUFFIX
changetype: add
objectClass: top
objectClass: account
uid: webservice
dn: uid=admin,cn=sysaccounts,cn=etc,$SUFFIX
changetype: add
objectClass: top

1
ipa-server/ipa-install/share/default-aci.ldif
View File

@@ -7,5 +7,4 @@ aci: (targetattr=*)(version 3.0; acl "Admin can manage any entry"; allow (all) u
aci: (targetattr="krbPrincipalName || krbUPEnabled || krbPrincipalKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData")(version 3.0; acl "KDC System Account"; allow (read, search, compare) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)
aci: (targetattr="krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "KDC System Account"; allow (read, search, compare, write) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)
aci: (targetattr="userPassword || krbPrincipalKey ||sambaLMPassword || sambaNTPassword || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange")(version 3.0; acl "Kpasswd access to passowrd hashes for passowrd changes"; allow (read, write) userdn="ldap:///krbprincipalname=kadmin/changepw@$REALM,cn=$REALM,cn=kerberos,$SUFFIX";)
aci: (targetfilter="(&(objectClass=krbPrincipalAux)(|(objectClass=person)(objectClass=posixAccount)))")(targetattr="*")(version 3.0; acl "allowproxy-webservice"; allow (proxy) userdn="ldap:///uid=webservice,cn=sysaccounts,cn=etc,$SUFFIX";)
aci: (targetfilter="(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfUniqueNames)(objectClass=posixGroup))")(targetattr="*")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add,delete,read,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)