Fix quoting to work with new csv handler in ldapupdate

install/updates/10-RFC4876.update

@@ -52,7 +52,7 @@ add:attributeTypes:
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
      SINGLE-VALUE 
      X-ORIGIN 'RFC4876' )
-add:attributeTypes: 
+add:attributeTypes:" 
    ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod'
      DESC 'Identifies the types of authentication methods either
      used, required, or provided by a service or peer'
@@ -60,8 +60,8 @@ add:attributeTypes:
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
      SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )
+     X-ORIGIN 'RFC4876' )"
-add:attributeTypes: 
+add:attributeTypes:" 
    ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL'
      DESC 'Time to live, in seconds, before a profile is
      considered stale'
@@ -69,29 +69,29 @@ add:attributeTypes:
      ORDERING integerOrderingMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )
+     X-ORIGIN 'RFC4876' )"
-add:attributeTypes: 
+add:attributeTypes:" 
    ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap'
      DESC 'Attribute mappings used, required, or supported by an
      agent or service'
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
-     X-ORIGIN 'RFC4876' )
+     X-ORIGIN 'RFC4876' )"
-add:attributeTypes: 
+add:attributeTypes:" 
    ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel'
      DESC 'Identifies type of credentials either used, required,
      or supported by an agent or service'
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )
+     X-ORIGIN 'RFC4876' )"
-add:attributeTypes: 
+add:attributeTypes:" 
    ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap'
      DESC 'Object class mappings used, required, or supported by
      an agent or service'
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
-     X-ORIGIN 'RFC4876' )
+     X-ORIGIN 'RFC4876' )"
 add:attributeTypes: 
    ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope'
      DESC 'Default scope used when performing a search'
@@ -99,37 +99,37 @@ add:attributeTypes:
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE 
      X-ORIGIN 'RFC4876' )
-add:attributeTypes: 
+add:attributeTypes:" 
    ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel'
      DESC 'Specifies the type of credentials either used, required,
      or supported by a specific service'
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
-     X-ORIGIN 'RFC4876' )
+     X-ORIGIN 'RFC4876' )"
-add:attributeTypes: 
+add:attributeTypes:" 
    ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor'
      DESC 'Specifies search descriptors required, used, or
      supported by a particular service or agent'
      EQUALITY caseExactMatch
      SUBSTR caseExactSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
-     X-ORIGIN 'RFC4876' )
+     X-ORIGIN 'RFC4876' )"
-add:attributeTypes: 
+add:attributeTypes:" 
    ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMethod'
      DESC 'Specifies types authentication methods either
      used, required, or supported by a particular service'
      EQUALITY caseIgnoreMatch
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
-     X-ORIGIN 'RFC4876' )
+     X-ORIGIN 'RFC4876' )"
-add:attributeTypes: 
+add:attributeTypes:" 
    ( 1.3.6.1.4.1.11.1.3.1.1.16 NAME 'dereferenceAliases'
      DESC 'Specifies if a service or agent either requires,
      supports, or uses dereferencing of aliases.'
      EQUALITY booleanMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
      SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )
+     X-ORIGIN 'RFC4876' )"
 add:objectClasses: 
    ( 1.3.6.1.4.1.11.1.3.1.2.5 NAME 'DUAConfigProfile'
      SUP top STRUCTURAL

install/updates/40-delegation.update

@@ -66,61 +66,61 @@ add:objectClass: top
 add:objectClass: groupofnames
 add:cn: addusers
 add:description: Add Users
-add:member:"cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=change_password,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: change_password
 add:description: Change a user password
-add:member:"cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=add_user_to_default_group,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: add_user_to_default_group
 add:description: Add user to default group
-add:member:"cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=removeusers,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: removeusers
 add:description: Remove Users
-add:member:"cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=modifyusers,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: modifyusers
 add:description: Modify Users
-add:member:"cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 # Add the ACIs that grant these permissions for user administration
 
 dn: $SUFFIX
-add:aci: (target = "ldap:///uid=*,cn=users,cn=accounts,$SUFFIX")(version
+add:aci: '(target = "ldap:///uid=*,cn=users,cn=accounts,$SUFFIX")(version
   3.0;acl "Add Users";allow (add) groupdn = "ldap:///cn=addusers,cn=taskgroups
- ,cn=accounts,$SUFFIX";)
+ ,cn=accounts,$SUFFIX";)'
-add:aci: (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || samb
+add:aci: '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || samb
  aNTPassword || passwordHistory")(version 3.0;acl "change_password";allow (wri
  te) groupdn = "ldap:///cn=change_password,cn=taskgroups,cn=accounts,$SUFFIX
- ";)
+ ";)'
-add:aci: (targetattr = "member")(target = "ldap:///cn=ipausers,cn=groups,cn=accoun
+add:aci: '(targetattr = "member")(target = "ldap:///cn=ipausers,cn=groups,cn=accoun
  ts,$SUFFIX")(version 3.0;acl "Add user to default group";allow (wri
  te) groupdn = "ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts
- ,$SUFFIX";)
+ ,$SUFFIX";)'
-add:aci: (target = "ldap:///uid=*,cn=users,cn=accounts,$SUFFIX")(version
+add:aci: '(target = "ldap:///uid=*,cn=users,cn=accounts,$SUFFIX")(version
   3.0;acl "Remove Users";allow (delete) groupdn = "ldap:///cn=removeusers,cn=t
- askgroups,cn=accounts,$SUFFIX";)
+ askgroups,cn=accounts,$SUFFIX";)'
-add:aci: (targetattr = "givenName || sn || cn || displayName || title || initials 
+add:aci: '(targetattr = "givenName || sn || cn || displayName || title || initials 
  || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneN
  umber || telephoneNumber || street || roomNumber || l || st || postalCode || 
  manager || secretary || description || carLicense || labeledURI || inetUserHT
  TPURL || seeAlso || employeeType || businessCategory || ou")(target = "ldap:/
  //uid=*,cn=users,cn=accounts,$SUFFIX")(version 3.0;acl "Modify User
  s";allow (write) groupdn = "ldap:///cn=modifyusers,cn=taskgroups,cn=accounts,
- $SUFFIX";)
+ $SUFFIX";)'
 
 # Add the taskgroups referenced by the ACIs for group administration
 
@@ -129,48 +129,48 @@ add:objectClass: top
 add:objectClass: groupofnames
 add:cn: addgroups
 add:description: Add Groups
-add:member:"cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=removegroups,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: removegroups
 add:description: Remove Groups
-add:member:"cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=modifygroups,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: modifygroups
 add:description: Modify Groups
-add:member:"cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=modifygroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: modifygroupmembership
 add:description: Modify Group membership
-add:member:"cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 # Add the ACIs that grant these permissions for group administration
 
 dn: $SUFFIX
-add:aci: (target = "ldap:///cn=*,cn=groups,cn=accounts,$SUFFIX")(version
+add:aci: '(target = "ldap:///cn=*,cn=groups,cn=accounts,$SUFFIX")(version
   3.0;acl "Add Groups";allow (add) groupdn = "ldap:///cn=addgroups,cn=taskgroups
- ,cn=accounts,$SUFFIX";)
+ ,cn=accounts,$SUFFIX";)'
-add:aci: (targetattr = "member")(target = "ldap:///cn=*,cn=groups,cn=accoun
+add:aci: '(targetattr = "member")(target = "ldap:///cn=*,cn=groups,cn=accoun
  ts,$SUFFIX")(version 3.0;acl "Modify group membership";allow (wri
  te) groupdn = "ldap:///cn=modifygroupmembership,cn=taskgroups,cn=accounts
- ,$SUFFIX";)
+ ,$SUFFIX";)'
-add:aci: (target = "ldap:///cn=*,cn=groups,cn=accounts,$SUFFIX")(version
+add:aci: '(target = "ldap:///cn=*,cn=groups,cn=accounts,$SUFFIX")(version
   3.0;acl "Remove Groups";allow (delete) groupdn = "ldap:///cn=removegroups,cn=t
- askgroups,cn=accounts,$SUFFIX";)
+ askgroups,cn=accounts,$SUFFIX";)'
 # we need objectclass and gidnumber in modify so a non-posix group can be
 # promoted
-add:aci: (targetattr = "cn || description || gidnumber || objectclass")(target
+add:aci: '(targetattr = "cn || description || gidnumber || objectclass")(target
   = "ldap:///cn=*,cn=groups,cn=accounts,$SUFFIX")(version 3.0;acl "Modify Group
  s";allow (write) groupdn = "ldap:///cn=modifygroups,cn=taskgroups,cn=accounts,
- $SUFFIX";)
+ $SUFFIX";)'
 
 # Add the taskgroups referenced by the ACIs for host administration
 
@@ -179,35 +179,35 @@ add:objectClass: top
 add:objectClass: groupofnames
 add:cn: addhosts
 add:description: Add Hosts
-add:member:"cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=removehosts,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: removehosts
 add:description: Remove Hosts
-add:member:"cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=modifyhosts,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: modifyhosts
 add:description: Modify Hosts
-add:member:"cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 # Add the ACIs that grant these permissions for host administration
 
 dn: $SUFFIX
-add:aci: (target = "ldap:///cn=*,cn=computers,cn=accounts,$SUFFIX")(version
+add:aci: '(target = "ldap:///cn=*,cn=computers,cn=accounts,$SUFFIX")(version
   3.0;acl "Add Hosts";allow (add) groupdn = "ldap:///cn=addhosts,cn=taskgroups
- ,cn=accounts,$SUFFIX";)
+ ,cn=accounts,$SUFFIX";)'
-add:aci: (target = "ldap:///cn=*,cn=computers,cn=accounts,$SUFFIX")(version
+add:aci: '(target = "ldap:///cn=*,cn=computers,cn=accounts,$SUFFIX")(version
   3.0;acl "Remove Hosts";allow (delete) groupdn = "ldap:///cn=removehosts,cn=
- taskgroups,cn=accounts,$SUFFIX";)
+ taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (targetattr = "cn || description || locality || location || platform
+add:aci: '(targetattr = "cn || description || locality || location || platform
  || os")(target = "ldap:///cn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;
  acl "Modify Hosts";allow (write) groupdn = "ldap:///cn=modifyhosts,
- cn=taskgroups,cn=accounts,$SUFFIX";)
+ cn=taskgroups,cn=accounts,$SUFFIX";)'
 
 # Add the taskgroups referenced by the ACIs for hostgroup administration
 
@@ -216,46 +216,46 @@ add:objectClass: top
 add:objectClass: groupofnames
 add:cn: addhostgroups
 add:description: Add Host Groups
-add:member:"cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=removehostgroups,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: removehostgroups
 add:description: Remove Host Groups
-add:member:"cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=modifyhostgroups,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: modifyhostgroups
 add:description: Modify Host Groups
-add:member:"cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: modifyhostgroupmembership
 add:description: Modify Host Group membership
-add:member:"cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 # Add the ACIs that grant these permissions for hostgroup administration
 
 dn: $SUFFIX
-add:aci: (target = "ldap:///cn=*,cn=hostgroups,cn=accounts,$SUFFIX")(version
+add:aci: '(target = "ldap:///cn=*,cn=hostgroups,cn=accounts,$SUFFIX")(version
   3.0;acl "Add Hosts";allow (add) groupdn = "ldap:///cn=addhostgroups,cn=
- taskgroups,cn=accounts,$SUFFIX";)
+ taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (target = "ldap:///cn=*,cn=hostgroups,cn=accounts,$SUFFIX")(version
+add:aci: '(target = "ldap:///cn=*,cn=hostgroups,cn=accounts,$SUFFIX")(version
   3.0;acl "Remove Hosts";allow (delete) groupdn = "ldap:///cn=
- removehostgroups,cn=taskgroups,cn=accounts,$SUFFIX";)
+ removehostgroups,cn=taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (targetattr = "cn || description")(target = "ldap:///cn=*,cn=
+add:aci: '(targetattr = "cn || description")(target = "ldap:///cn=*,cn=
  hostgroups,cn=accounts,$SUFFIX")(version 3.0; acl "Modify Hosts";allow
   (write) groupdn = "ldap:///cn=modifyhostgroups,cn=taskgroups,
- cn=accounts,$SUFFIX";)
+ cn=accounts,$SUFFIX";)'
-add:aci: (targetattr = "member")(target = "ldap:///cn=*,cn=hostgroups,cn=accoun
+add:aci: '(targetattr = "member")(target = "ldap:///cn=*,cn=hostgroups,cn=accoun
  ts,$SUFFIX")(version 3.0;acl "Modify host group membership";allow (wri
  te) groupdn = "ldap:///cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts
- ,$SUFFIX";)
+ ,$SUFFIX";)'
 
 # Add the taskgroups referenced by the ACIs for service administration
 
@@ -264,24 +264,24 @@ add:objectClass: top
 add:objectClass: groupofnames
 add:cn: addservices
 add:description: Add Services
-add:member:"cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=removeservices,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: removeservices
 add:description: Remove Services
-add:member:"cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 # Add the ACIs that grant these permissions for service administration
 
 dn: $SUFFIX
-add:aci: (target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,
+add:aci: '(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,
  $SUFFIX")(version 3.0;acl "Add Services";allow (add) groupdn = "ldap:///cn
- =addservices,cn=taskgroups,cn=accounts,$SUFFIX";)
+ =addservices,cn=taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,
+add:aci: '(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,
  $SUFFIX")(version 3.0;acl "Remove Services";allow (delete) groupdn = "ldap
- :///cn=removeservices,cn=taskgroups,cn=accounts,$SUFFIX";)
+ :///cn=removeservices,cn=taskgroups,cn=accounts,$SUFFIX";)'
 
 # Add the taskgroups referenced by the ACIs for delegation administration
 # This just lets one manage taskgroup membership and create and delete roles
@@ -291,56 +291,56 @@ add:objectClass: top
 add:objectClass: groupofnames
 add:cn: addhrole
 add:description: Add Roles
-add:member:"cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=removeroles,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: removeroles
 add:description: Remove Roles
-add:member:"cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=modifyroles,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: modifyroles
 add:description: Modify Roles
-add:member:"cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: modifyrolegroupmembership
 add:description: Modify Role Group membership
-add:member:"cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: modifytaskgroupmembership
 add:description: Modify Task Group membership
-add:member:"cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 # Add the ACIs that grant these permissions for delegation administration
 
 dn: $SUFFIX
-add:aci: (target = "ldap:///cn=*,cn=rolegroups,cn=accounts,$SUFFIX")(version
+add:aci: '(target = "ldap:///cn=*,cn=rolegroups,cn=accounts,$SUFFIX")(version
   3.0;acl "Add Roles";allow (add) groupdn = "ldap:///cn=addroles,cn=taskgroups
- ,cn=accounts,$SUFFIX";)
+ ,cn=accounts,$SUFFIX";)'
-add:aci: (target = "ldap:///cn=*,cn=rolegroups,cn=accounts,$SUFFIX")(version
+add:aci: '(target = "ldap:///cn=*,cn=rolegroups,cn=accounts,$SUFFIX")(version
   3.0;acl "Remove Roles";allow (delete) groupdn = "ldap:///cn=removeroles,cn=
- taskgroups,cn=accounts,$SUFFIX";)
+ taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (targetattr = "cn || description")(target = "ldap:///cn=*,cn=rolegro
+add:aci: '(targetattr = "cn || description")(target = "ldap:///cn=*,cn=rolegro
  ups,cn=accounts,$SUFFIX")(version 3.0; acl "Modify Roles";allow (write) grou
- pdn = "ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,$SUFFIX";)
+ pdn = "ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (targetattr = "member")(target = "ldap:///cn=*,cn=rolegroups,cn=accoun
+add:aci: '(targetattr = "member")(target = "ldap:///cn=*,cn=rolegroups,cn=accoun
  ts,$SUFFIX")(version 3.0;acl "Modify role group membership";allow (wri
  te) groupdn = "ldap:///cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts
- ,$SUFFIX";)
+ ,$SUFFIX";)'
-add:aci: (targetattr = "member")(target = "ldap:///cn=*,cn=taskgroups,cn=accoun
+add:aci: '(targetattr = "member")(target = "ldap:///cn=*,cn=taskgroups,cn=accoun
  ts,$SUFFIX")(version 3.0;acl "Modify task group membership";allow (wri
  te) groupdn = "ldap:///cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts
- ,$SUFFIX";)
+ ,$SUFFIX";)'
 
 # Add the taskgroups referenced by the ACIs for automount administration
 
@@ -349,30 +349,30 @@ add:objectClass: top
 add:objectClass: groupofnames
 add:cn: addautomount
 add:description: Add Automount maps/keys
-add:member:"cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=removeautomount,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: removeautomount
 add:description: Remove Automount maps/keys
-add:member:"cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 # Add the ACIs that grant these permissions for service administration
 
 dn: $SUFFIX
-add:aci: (target = "ldap:///automountmapname=*,cn=automount,
+add:aci: '(target = "ldap:///automountmapname=*,cn=automount,
  $SUFFIX")(version 3.0;acl "Add automount maps";allow (add) groupdn = "ldap
- :///cn=addautomount,cn=taskgroups,cn=accounts,$SUFFIX";)
+ :///cn=addautomount,cn=taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (target = "ldap:///automountmapname=*,cn=automount,
+add:aci: '(target = "ldap:///automountmapname=*,cn=automount,
  $SUFFIX")(version 3.0;acl "Remove automount maps";allow (delete) groupdn =
-  "ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,$SUFFIX";)
+  "ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (target = "ldap:///automountkey=*,automountmapname=*,cn=automount,
+add:aci: '(target = "ldap:///automountkey=*,automountmapname=*,cn=automount,
  $SUFFIX")(version 3.0;acl "Add automount keys";allow (add) groupdn = "ldap
- :///cn=addautomount,cn=taskgroups,cn=accounts,$SUFFIX";)
+ :///cn=addautomount,cn=taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (target = "ldap:///automountkey=*,automountmapname=*,cn=automount,
+add:aci: '(target = "ldap:///automountkey=*,automountmapname=*,cn=automount,
  $SUFFIX")(version 3.0;acl "Remove automount keys";allow (delete) groupdn =
-  "ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,$SUFFIX";)
+  "ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,$SUFFIX";)'
 
 # Add the taskgroups referenced by the ACIs for netgroup administration
 
@@ -381,45 +381,45 @@ add:objectClass: top
 add:objectClass: groupofnames
 add:cn: addnetgroups
 add:description: Add netgroups
-add:member:"cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=removenetgroups,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: removenetgroups
 add:description: Remove netgroups
-add:member:"cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=modifynetgroups,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: modifynetgroups
 add:description: Modify netgroups
-add:member:"cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 dn: cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
 add:objectClass: top
 add:objectClass: groupofnames
 add:cn: modifynetgroupmembership
 add:description: Modify netgroup membership
-add:member:"cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 # Add the ACIs that grant these permissions for netgroup administration
 
 dn: $SUFFIX
-add:aci: (target = "ldap:///ipauniqueid=*,cn=ng,cn=alt,$SUFFIX")(version
+add:aci: '(target = "ldap:///ipauniqueid=*,cn=ng,cn=alt,$SUFFIX")(version
   3.0;acl "Add netgroups";allow (add) groupdn = "ldap:///cn=addnetgroups,cn=
- taskgroups,cn=accounts,$SUFFIX";)
+ taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (target = "ldap:///ipauniqueid=*,cn=ng,cn=alt,$SUFFIX")(version
+add:aci: '(target = "ldap:///ipauniqueid=*,cn=ng,cn=alt,$SUFFIX")(version
   3.0;acl "Remove netgroups";allow (delete) groupdn = "ldap:///cn=
- removenetgroups,cn=taskgroups,cn=accounts,$SUFFIX";)
+ removenetgroups,cn=taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (targetattr = "description")(target = "ldap:///ipauniqueid=*,cn=ng,
+add:aci: '(targetattr = "description")(target = "ldap:///ipauniqueid=*,cn=ng,
  cn=alt,$SUFFIX")(version 3.0; acl "Modify netgroups";allow (write) groupdn 
- = "ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,$SUFFIX";)
+ = "ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,$SUFFIX";)'
-add:aci: (targetattr = "memberhost || externalhost || memberuser || member")
+add:aci: '(targetattr = "memberhost || externalhost || memberuser || member")
  (target = "ldap:///ipauniqueid=*,cn=ng,cn=alt,$SUFFIX")(version 3.0;acl "Mo
  dify netgroup membership";allow (write) groupdn = "ldap:///cn=modifynetgrou
- pmembership,cn=taskgroups,cn=accounts,$SUFFIX";)
+ pmembership,cn=taskgroups,cn=accounts,$SUFFIX";)'
 
 # Taskgroup for retrieving host keytabs
 dn: cn=manage_host_keytab,cn=taskgroups,cn=accounts,$SUFFIX
@@ -427,11 +427,12 @@ add:objectClass: top
 add:objectClass: groupofnames
 add:cn: manage_host_keytab
 add:description: Manage host keytab
-add:member:"cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX"
+add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
 
 # Add the ACI needed to do host keytab admin
-add:aci: (targetattr = "krbPrincipalKey")(target = "ldap:///cn=*,
+dn: $SUFFIX
+add:aci: '(targetattr = "krbPrincipalKey")(target = "ldap:///cn=*,
   cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "Manage host keytab";
   allow (write) groupdn = "ldap:///cn=manage_host_keytab,cn=taskgroups,
-  cn=accounts,$SUFFIX";)
+  cn=accounts,$SUFFIX";)'