mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
Add LDAP schema for SSH public keys.
https://fedorahosted.org/freeipa/ticket/754
This commit is contained in:
parent
528a94f839
commit
63ea0a304e
@ -27,6 +27,7 @@ attributeTypes: ( 2.16.840.1.113730.3.8.11.20 NAME 'memberPrincipal' DESC 'Princ
|
||||
attributeTypes: ( 2.16.840.1.113730.3.8.11.21 NAME 'ipaAllowToImpersonate' DESC 'Principals that can be impersonated' SUP distinguishedName X-ORIGIN 'IPA-v3')
|
||||
attributeTypes: ( 2.16.840.1.113730.3.8.11.22 NAME 'ipaAllowedTarget' DESC 'Target principals alowed to get a ticket for' SUP distinguishedName X-ORIGIN 'IPA-v3')
|
||||
attributeTypes: (2.16.840.1.113730.3.8.11.30 NAME 'ipaSELinuxUser' DESC 'An SELinux user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3')
|
||||
attributeTypes: (2.16.840.1.113730.3.8.11.31 NAME 'ipaSshPubKey' DESC 'SSH public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'IPA v3' )
|
||||
objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $ memberOf $ description $ owner) X-ORIGIN 'IPA v3' )
|
||||
objectClasses: (2.16.840.1.113730.3.8.12.2 NAME 'ipaNTUserAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) MAY ( ipaNTHash $ ipaNTLogonScript $ ipaNTProfilePath $ ipaNTHomeDirectory $ ipaNTHomeDirectoryDrive ) X-ORIGIN 'IPA v3' )
|
||||
objectClasses: (2.16.840.1.113730.3.8.12.3 NAME 'ipaNTGroupAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' )
|
||||
@ -35,3 +36,6 @@ objectClasses: (2.16.840.1.113730.3.8.12.5 NAME 'ipaNTTrustedDomain' SUP top STR
|
||||
objectClasses: (2.16.840.1.113730.3.8.12.6 NAME 'groupOfPrincipals' SUP top AUXILIARY MUST ( cn ) MAY ( memberPrincipal ) X-ORIGIN 'IPA v3' )
|
||||
objectClasses: (2.16.840.1.113730.3.8.12.7 NAME 'ipaKrb5DelegationACL' SUP groupOfPrincipals STRUCTURAL MAY ( ipaAllowToImpersonate $ ipaAllowedTarget ) X-ORIGIN 'IPA v3' )
|
||||
objectClasses: (2.16.840.1.113730.3.8.12.10 NAME 'ipaSELinuxUserMap' SUP ipaAssociation STRUCTURAL MUST ipaSELinuxUser MAY ( accessTime $ seeAlso ) X-ORIGIN 'IPA v3')
|
||||
objectClasses: (2.16.840.1.113730.3.8.12.11 NAME 'ipaSshGroupOfPubKeys' ABSTRACT MAY ipaSshPubKey X-ORIGIN 'IPA v3' )
|
||||
objectClasses: (2.16.840.1.113730.3.8.12.12 NAME 'ipaSshUser' SUP ipaSshGroupOfPubKeys AUXILIARY X-ORIGIN 'IPA v3' )
|
||||
objectClasses: (2.16.840.1.113730.3.8.12.13 NAME 'ipaSshHost' SUP ipaSshGroupOfPubKeys AUXILIARY X-ORIGIN 'IPA v3' )
|
||||
|
@ -192,6 +192,7 @@ objectClass: krbprincipalaux
|
||||
objectClass: krbticketpolicyaux
|
||||
objectClass: inetuser
|
||||
objectClass: ipaobject
|
||||
objectClass: ipasshuser
|
||||
uid: admin
|
||||
krbPrincipalName: admin@$REALM
|
||||
cn: Administrator
|
||||
@ -365,6 +366,7 @@ ipaUserObjectClasses: posixaccount
|
||||
ipaUserObjectClasses: krbprincipalaux
|
||||
ipaUserObjectClasses: krbticketpolicyaux
|
||||
ipaUserObjectClasses: ipaobject
|
||||
ipaUserObjectClasses: ipasshuser
|
||||
ipaDefaultEmailDomain: $DOMAIN
|
||||
ipaMigrationEnabled: FALSE
|
||||
ipaConfigString: AllowNThash
|
||||
|
21
install/updates/10-ssh.update
Normal file
21
install/updates/10-ssh.update
Normal file
@ -0,0 +1,21 @@
|
||||
# Add the SSH schema
|
||||
dn: cn=schema
|
||||
add:attributeTypes:
|
||||
( 2.16.840.1.113730.3.8.11.31 NAME 'ipaSshPubKey'
|
||||
DESC 'SSH public key'
|
||||
EQUALITY octetStringMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
|
||||
X-ORIGIN 'IPA v3' )
|
||||
add:objectClasses:
|
||||
( 2.16.840.1.113730.3.8.12.11 NAME 'ipaSshGroupOfPubKeys'
|
||||
ABSTRACT
|
||||
MAY ipaSshPubKey
|
||||
X-ORIGIN 'IPA v3' )
|
||||
add:objectClasses:
|
||||
( 2.16.840.1.113730.3.8.12.12 NAME 'ipaSshUser'
|
||||
SUP ipaSshGroupOfPubKeys AUXILIARY
|
||||
X-ORIGIN 'IPA v3' )
|
||||
add:objectClasses:
|
||||
( 2.16.840.1.113730.3.8.12.13 NAME 'ipaSshHost'
|
||||
SUP ipaSshGroupOfPubKeys AUXILIARY
|
||||
X-ORIGIN 'IPA v3' )
|
@ -2,3 +2,4 @@ dn: cn=ipaConfig,cn=etc,$SUFFIX
|
||||
default:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
|
||||
default:ipaSELinuxUserMapDefault: guest_u:s0
|
||||
|
||||
add:ipaUserObjectClasses: ipasshuser
|
||||
|
@ -7,6 +7,7 @@ app_DATA = \
|
||||
10-RFC4876.update \
|
||||
10-config.update \
|
||||
10-sudo.update \
|
||||
10-ssh.update \
|
||||
19-managed-entries.update \
|
||||
20-aci.update \
|
||||
20-dna.update \
|
||||
|
Loading…
Reference in New Issue
Block a user