mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Use nestedgroup instead of groupofnames for rolegroups so we have memberof
This commit is contained in:
parent
342337a893
commit
b4cef3b79b
@ -2,73 +2,73 @@
|
|||||||
|
|
||||||
dn: cn=helpdesk,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=helpdesk,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: helpdesk
|
add:cn: helpdesk
|
||||||
add:description: Helpdesk
|
add:description: Helpdesk
|
||||||
|
|
||||||
dn: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: useradmin
|
add:cn: useradmin
|
||||||
add:description: User Administrators
|
add:description: User Administrators
|
||||||
|
|
||||||
dn: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: groupadmin
|
add:cn: groupadmin
|
||||||
add:description: Group Administrators
|
add:description: Group Administrators
|
||||||
|
|
||||||
dn: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: hostadmin
|
add:cn: hostadmin
|
||||||
add:description: Host Administrators
|
add:description: Host Administrators
|
||||||
|
|
||||||
dn: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: hostgroupadmin
|
add:cn: hostgroupadmin
|
||||||
add:description: Host Group Administrators
|
add:description: Host Group Administrators
|
||||||
|
|
||||||
dn: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: delegationadmin
|
add:cn: delegationadmin
|
||||||
add:description: Role administration
|
add:description: Role administration
|
||||||
|
|
||||||
dn: cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: serviceadmin
|
add:cn: serviceadmin
|
||||||
add:description: Service Administrators
|
add:description: Service Administrators
|
||||||
|
|
||||||
dn: cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: automountadmin
|
add:cn: automountadmin
|
||||||
add:description: Automount Administrators
|
add:description: Automount Administrators
|
||||||
|
|
||||||
dn: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: netgroupadmin
|
add:cn: netgroupadmin
|
||||||
add:description: Netgroups Administrators
|
add:description: Netgroups Administrators
|
||||||
|
|
||||||
dn: cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: dnsadmin
|
add:cn: dnsadmin
|
||||||
add:description: DNS Administrators
|
add:description: DNS Administrators
|
||||||
|
|
||||||
dn: cn=dnsserver,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=dnsserver,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: dnsserver
|
add:cn: dnsserver
|
||||||
add:description: DNS Servers
|
add:description: DNS Servers
|
||||||
|
|
||||||
dn: cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
dn: cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: certadmin
|
add:cn: certadmin
|
||||||
add:description: Certificate Administrators
|
add:description: Certificate Administrators
|
||||||
|
|
||||||
@ -81,35 +81,35 @@ add:cn: taskgroups
|
|||||||
|
|
||||||
dn: cn=addusers,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=addusers,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: addusers
|
add:cn: addusers
|
||||||
add:description: Add Users
|
add:description: Add Users
|
||||||
add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=change_password,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=change_password,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: change_password
|
add:cn: change_password
|
||||||
add:description: Change a user password
|
add:description: Change a user password
|
||||||
add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=add_user_to_default_group,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=add_user_to_default_group,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: add_user_to_default_group
|
add:cn: add_user_to_default_group
|
||||||
add:description: Add user to default group
|
add:description: Add user to default group
|
||||||
add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=removeusers,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=removeusers,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: removeusers
|
add:cn: removeusers
|
||||||
add:description: Remove Users
|
add:description: Remove Users
|
||||||
add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=modifyusers,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=modifyusers,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: modifyusers
|
add:cn: modifyusers
|
||||||
add:description: Modify Users
|
add:description: Modify Users
|
||||||
add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -144,28 +144,28 @@ add:aci: '(targetattr = "givenName || sn || cn || displayName || title || initia
|
|||||||
|
|
||||||
dn: cn=addgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=addgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: addgroups
|
add:cn: addgroups
|
||||||
add:description: Add Groups
|
add:description: Add Groups
|
||||||
add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=removegroups,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=removegroups,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: removegroups
|
add:cn: removegroups
|
||||||
add:description: Remove Groups
|
add:description: Remove Groups
|
||||||
add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=modifygroups,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=modifygroups,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: modifygroups
|
add:cn: modifygroups
|
||||||
add:description: Modify Groups
|
add:description: Modify Groups
|
||||||
add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=modifygroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=modifygroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: modifygroupmembership
|
add:cn: modifygroupmembership
|
||||||
add:description: Modify Group membership
|
add:description: Modify Group membership
|
||||||
add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -194,21 +194,21 @@ add:aci: '(targetattr = "cn || description || gidnumber || objectclass")(target
|
|||||||
|
|
||||||
dn: cn=addhosts,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=addhosts,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: addhosts
|
add:cn: addhosts
|
||||||
add:description: Add Hosts
|
add:description: Add Hosts
|
||||||
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=removehosts,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=removehosts,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: removehosts
|
add:cn: removehosts
|
||||||
add:description: Remove Hosts
|
add:description: Remove Hosts
|
||||||
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=modifyhosts,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=modifyhosts,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: modifyhosts
|
add:cn: modifyhosts
|
||||||
add:description: Modify Hosts
|
add:description: Modify Hosts
|
||||||
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -232,28 +232,28 @@ add:aci: '(targetattr = "cn || description || l || location ||
|
|||||||
|
|
||||||
dn: cn=addhostgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=addhostgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: addhostgroups
|
add:cn: addhostgroups
|
||||||
add:description: Add Host Groups
|
add:description: Add Host Groups
|
||||||
add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=removehostgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=removehostgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: removehostgroups
|
add:cn: removehostgroups
|
||||||
add:description: Remove Host Groups
|
add:description: Remove Host Groups
|
||||||
add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=modifyhostgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=modifyhostgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: modifyhostgroups
|
add:cn: modifyhostgroups
|
||||||
add:description: Modify Host Groups
|
add:description: Modify Host Groups
|
||||||
add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: modifyhostgroupmembership
|
add:cn: modifyhostgroupmembership
|
||||||
add:description: Modify Host Group membership
|
add:description: Modify Host Group membership
|
||||||
add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -280,14 +280,14 @@ add:aci: '(targetattr = "member")(target = "ldap:///cn=*,cn=hostgroups,cn=accoun
|
|||||||
|
|
||||||
dn: cn=addservices,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=addservices,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: addservices
|
add:cn: addservices
|
||||||
add:description: Add Services
|
add:description: Add Services
|
||||||
add:member:'cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=removeservices,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=removeservices,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: removeservices
|
add:cn: removeservices
|
||||||
add:description: Remove Services
|
add:description: Remove Services
|
||||||
add:member:'cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -307,35 +307,35 @@ add:aci: '(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,
|
|||||||
|
|
||||||
dn: cn=addroles,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=addroles,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: addhrole
|
add:cn: addhrole
|
||||||
add:description: Add Roles
|
add:description: Add Roles
|
||||||
add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=removeroles,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=removeroles,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: removeroles
|
add:cn: removeroles
|
||||||
add:description: Remove Roles
|
add:description: Remove Roles
|
||||||
add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=modifyroles,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=modifyroles,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: modifyroles
|
add:cn: modifyroles
|
||||||
add:description: Modify Roles
|
add:description: Modify Roles
|
||||||
add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: modifyrolegroupmembership
|
add:cn: modifyrolegroupmembership
|
||||||
add:description: Modify Role Group membership
|
add:description: Modify Role Group membership
|
||||||
add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: modifytaskgroupmembership
|
add:cn: modifytaskgroupmembership
|
||||||
add:description: Modify Task Group membership
|
add:description: Modify Task Group membership
|
||||||
add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -365,14 +365,14 @@ add:aci: '(targetattr = "member")(target = "ldap:///cn=*,cn=taskgroups,cn=accoun
|
|||||||
|
|
||||||
dn: cn=addautomount,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=addautomount,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: addautomount
|
add:cn: addautomount
|
||||||
add:description: Add Automount maps/keys
|
add:description: Add Automount maps/keys
|
||||||
add:member:'cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=removeautomount,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=removeautomount,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: removeautomount
|
add:cn: removeautomount
|
||||||
add:description: Remove Automount maps/keys
|
add:description: Remove Automount maps/keys
|
||||||
add:member:'cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -397,28 +397,28 @@ add:aci: '(target = "ldap:///automountkey=*,automountmapname=*,cn=automount,
|
|||||||
|
|
||||||
dn: cn=addnetgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=addnetgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: addnetgroups
|
add:cn: addnetgroups
|
||||||
add:description: Add netgroups
|
add:description: Add netgroups
|
||||||
add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=removenetgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=removenetgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: removenetgroups
|
add:cn: removenetgroups
|
||||||
add:description: Remove netgroups
|
add:description: Remove netgroups
|
||||||
add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=modifynetgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=modifynetgroups,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: modifynetgroups
|
add:cn: modifynetgroups
|
||||||
add:description: Modify netgroups
|
add:description: Modify netgroups
|
||||||
add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
|
||||||
dn: cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: modifynetgroupmembership
|
add:cn: modifynetgroupmembership
|
||||||
add:description: Modify netgroup membership
|
add:description: Modify netgroup membership
|
||||||
add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -443,7 +443,7 @@ add:aci: '(targetattr = "memberhost || externalhost || memberuser || member")
|
|||||||
# Taskgroup for retrieving host keytabs
|
# Taskgroup for retrieving host keytabs
|
||||||
dn: cn=manage_host_keytab,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=manage_host_keytab,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: manage_host_keytab
|
add:cn: manage_host_keytab
|
||||||
add:description: Manage host keytab
|
add:description: Manage host keytab
|
||||||
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -460,7 +460,7 @@ add:aci: '(targetattr = "krbPrincipalKey || krbLastPwdChange")
|
|||||||
# manage_host_keytab access
|
# manage_host_keytab access
|
||||||
dn: cn=enroll_host,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=enroll_host,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: enroll_host
|
add:cn: enroll_host
|
||||||
add:description: Enroll a host
|
add:description: Enroll a host
|
||||||
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -478,7 +478,7 @@ add:aci: '(targetattr = "krbPrincipalName || enrolledBy || objectClass")
|
|||||||
# Taskgroup for updating the DNS entries
|
# Taskgroup for updating the DNS entries
|
||||||
dn: cn=update_dns,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=update_dns,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: update_sn
|
add:cn: update_sn
|
||||||
add:description: Updates DNS
|
add:description: Updates DNS
|
||||||
add:member:'cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -500,7 +500,7 @@ add:cn: retrieve certificate
|
|||||||
# Taskgroup for retrieving certs
|
# Taskgroup for retrieving certs
|
||||||
dn: cn=retrieve_certs,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=retrieve_certs,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: retrieve_certs
|
add:cn: retrieve_certs
|
||||||
add:description: Retrieve SSL Certificates
|
add:description: Retrieve SSL Certificates
|
||||||
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -521,7 +521,7 @@ add:cn: request certificate
|
|||||||
# Taskgroup for requesting certs
|
# Taskgroup for requesting certs
|
||||||
dn: cn=request_certs,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=request_certs,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: reqeust_certs
|
add:cn: reqeust_certs
|
||||||
add:description: Request a SSL Certificate
|
add:description: Request a SSL Certificate
|
||||||
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -542,7 +542,7 @@ add:cn: certificate status
|
|||||||
# Taskgroup for requesting certs
|
# Taskgroup for requesting certs
|
||||||
dn: cn=certificate_status,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=certificate_status,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: reqeust_certs
|
add:cn: reqeust_certs
|
||||||
add:description: Status of cert request
|
add:description: Status of cert request
|
||||||
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -563,7 +563,7 @@ add:cn: revoke certificate
|
|||||||
# Taskgroup for requesting certs
|
# Taskgroup for requesting certs
|
||||||
dn: cn=revoke_certificate,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=revoke_certificate,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: reqeust_certs
|
add:cn: reqeust_certs
|
||||||
add:description: Revoke Certificate
|
add:description: Revoke Certificate
|
||||||
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -584,7 +584,7 @@ add:cn: revoke certificate
|
|||||||
# Taskgroup for requesting certs
|
# Taskgroup for requesting certs
|
||||||
dn: cn=revoke_certificate,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=revoke_certificate,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: reqeust_certs
|
add:cn: reqeust_certs
|
||||||
add:description: Revoke Certificate
|
add:description: Revoke Certificate
|
||||||
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
@ -605,7 +605,7 @@ add:cn: certificate remove hold
|
|||||||
# Taskgroup for requesting certs
|
# Taskgroup for requesting certs
|
||||||
dn: cn=certificate_remove_hold,cn=taskgroups,cn=accounts,$SUFFIX
|
dn: cn=certificate_remove_hold,cn=taskgroups,cn=accounts,$SUFFIX
|
||||||
add:objectClass: top
|
add:objectClass: top
|
||||||
add:objectClass: groupofnames
|
add:objectClass: nestedgroup
|
||||||
add:cn: reqeust_certs
|
add:cn: reqeust_certs
|
||||||
add:description: Certificate Remove Hold
|
add:description: Certificate Remove Hold
|
||||||
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
add:member:'cn=certadmin,cn=rolegroups,cn=accounts,$SUFFIX'
|
||||||
|
Loading…
Reference in New Issue
Block a user