dn: cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: nsContainer objectClass: krbPwdPolicy cn: accounts krbMinPwdLife: 3600 krbPwdMinDiffChars: 0 krbPwdMinLength: 8 krbPwdHistoryLength: 0 krbMaxPwdLife: 7776000 dn: cn=users,cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: nsContainer cn: users dn: cn=groups,cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: nsContainer cn: groups dn: cn=services,cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: nsContainer cn: services dn: cn=computers,cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: nsContainer cn: computers dn: cn=etc,$SUFFIX changetype: add objectClass: nsContainer objectClass: top cn: etc dn: cn=sysaccounts,cn=etc,$SUFFIX changetype: add objectClass: nsContainer objectClass: top cn: sysaccounts dn: cn=ipa,cn=etc,$SUFFIX changetype: add objectClass: nsContainer objectClass: top cn: ipa dn: cn=masters,cn=ipa,cn=etc,$SUFFIX changetype: add objectClass: nsContainer objectClass: top cn: masters dn: uid=admin,cn=users,cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: person objectClass: posixaccount objectClass: krbprincipalaux objectClass: inetuser uid: admin krbPrincipalName: admin@$REALM cn: Administrator sn: Administrator uidNumber: 999 gidNumber: 1001 homeDirectory: /home/admin loginShell: /bin/bash gecos: Administrator nsAccountLock: False dn: cn=radius,$SUFFIX changetype: add objectClass: nsContainer objectClass: top cn: radius dn: cn=clients,cn=radius,$SUFFIX changetype: add objectClass: nsContainer objectClass: top cn: clients dn: cn=profiles,cn=radius,$SUFFIX changetype: add objectClass: nsContainer objectClass: top cn: profiles dn: uid=ipa_default, cn=profiles,cn=radius,$SUFFIX changetype: add objectClass: top objectClass: radiusprofile uid: ipa_default dn: cn=admins,cn=groups,cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: groupofnames objectClass: posixgroup cn: admins description: Account administrators group gidNumber: 1001 member: uid=admin,cn=users,cn=accounts,$SUFFIX nsAccountLock: False dn: cn=ipausers,cn=groups,cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: posixgroup gidNumber: 1002 description: Default group for all users cn: ipausers dn: cn=editors,cn=groups,cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: groupofnames objectClass: posixgroup gidNumber: 1003 description: Limited admins who can edit other users cn: editors dn: cn=ipaConfig,cn=etc,$SUFFIX changetype: add objectClass: nsContainer objectClass: top objectClass: ipaGuiConfig ipaUserSearchFields: uid,givenname,sn,telephonenumber,ou,title ipaGroupSearchFields: cn,description ipaSearchTimeLimit: 2 ipaSearchRecordsLimit: 0 ipaHomesRootDir: /home ipaDefaultLoginShell: /bin/sh ipaDefaultPrimaryGroup: ipausers ipaMaxUsernameLength: 8 ipaPwdExpAdvNotify: 4 ipaGroupObjectClasses: top ipaGroupObjectClasses: groupofnames ipaGroupObjectClasses: nestedgroup ipaGroupObjectClasses: ipausergroup ipaUserObjectClasses: top ipaUserObjectClasses: person ipaUserObjectClasses: organizationalperson ipaUserObjectClasses: inetorgperson ipaUserObjectClasses: inetuser ipaUserObjectClasses: posixaccount ipaUserObjectClasses: krbprincipalaux ipaUserObjectClasses: radiusprofile ipaDefaultEmailDomain: $DOMAIN dn: cn=account inactivation,cn=accounts,$SUFFIX changetype: add description: Lock accounts based on group membership objectClass: top objectClass: ldapsubentry objectClass: cosSuperDefinition objectClass: cosClassicDefinition cosTemplateDn: cn=cosTemplates,cn=accounts,$SUFFIX cosAttribute: nsAccountLock operational cosSpecifier: memberOf cn: Account Inactivation dn: cn=cosTemplates,cn=accounts,$SUFFIX changetype: add objectclass: top objectclass: nsContainer cn: cosTemplates dn: cn="cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX", cn=cosTemplates,cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: cosTemplate objectClass: extensibleobject nsAccountLock: true cosPriority: 1 dn: cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX changetype: add objectclass: top objectclass: groupofnames dn: cn="cn=activated,cn=account inactivation,cn=accounts,$SUFFIX", cn=cosTemplates,cn=accounts,$SUFFIX changetype: add objectClass: top objectClass: cosTemplate objectClass: extensibleobject nsAccountLock: false cosPriority: 0 dn: cn=Activated,cn=Account Inactivation,cn=accounts,$SUFFIX changetype: add objectclass: top objectclass: groupofnames