mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-28 01:41:14 -06:00
56 lines
3.4 KiB
Plaintext
56 lines
3.4 KiB
Plaintext
# Add the SELinux User map config schema
|
|
dn: cn=schema
|
|
add:attributeTypes:
|
|
( 2.16.840.1.113730.3.8.3.26
|
|
NAME 'ipaSELinuxUserMapDefault'
|
|
DESC 'Default SELinux user'
|
|
EQUALITY caseIgnoreMatch
|
|
ORDERING caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
|
|
X-ORIGIN 'IPA v3')
|
|
add:attributeTypes:
|
|
( 2.16.840.1.113730.3.8.3.27
|
|
NAME 'ipaSELinuxUserMapOrder'
|
|
DESC 'Available SELinux user context ordering'
|
|
EQUALITY caseIgnoreMatch
|
|
ORDERING caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
|
|
X-ORIGIN 'IPA v3')
|
|
X-ORIGIN 'IPA v3')
|
|
replace:objectClasses:( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase ) )::( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder) )
|
|
|
|
# Add the default PAC service type relies on the new SELinux user map
|
|
# values being there so add it here.
|
|
dn: cn=schema
|
|
replace:objectClasses:( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder ) )::( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder $$ ipaKrbAuthzData) )
|
|
|
|
# Add the SELinux User map schema
|
|
add:attributeTypes:
|
|
( 2.16.840.1.113730.3.8.11.30
|
|
NAME 'ipaSELinuxUser'
|
|
DESC 'An SELinux user'
|
|
EQUALITY caseIgnoreMatch
|
|
ORDERING caseIgnoreOrderingMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
|
|
X-ORIGIN 'IPA v3')
|
|
add:objectClasses:
|
|
( 2.16.840.1.113730.3.8.12.10
|
|
NAME 'ipaSELinuxUserMap' SUP ipaAssociation
|
|
STRUCTURAL MUST ipaSELinuxUser
|
|
MAY ( accessTime $$ seeAlso )
|
|
|
|
# Create the SELinux User map container
|
|
dn: cn=selinux,$SUFFIX
|
|
default:objectClass: top
|
|
default:objectClass: nsContainer
|
|
default:cn: selinux
|
|
|
|
dn: cn=usermap,cn=selinux,$SUFFIX
|
|
default:objectClass: top
|
|
default:objectClass: nsContainer
|
|
default:cn: usermap
|
|
|