mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-29 10:21:18 -06:00
d0587cbdd5
This will create a host service principal and may create a host entry (for admins). A keytab will be generated, by default in /etc/krb5.keytab If no kerberos credentails are available then enrollment over LDAPS is used if a password is provided. This change requires that openldap be used as our C LDAP client. It is much easier to do SSL using openldap than mozldap (no certdb required). Otherwise we'd have to write a slew of extra code to create a temporary cert database, import the CA cert, ...
17 lines
531 B
Plaintext
17 lines
531 B
Plaintext
dn: cn=ipa_enrollment_extop,cn=plugins,cn=config
|
|
changetype: add
|
|
objectclass: top
|
|
objectclass: nsSlapdPlugin
|
|
objectclass: extensibleObject
|
|
cn: ipa_enrollment_extop
|
|
nsslapd-pluginpath: libipa_enrollment_extop
|
|
nsslapd-plugininitfunc: ipaenrollment_init
|
|
nsslapd-plugintype: extendedop
|
|
nsslapd-pluginenabled: on
|
|
nsslapd-pluginid: ipa_enrollment_extop
|
|
nsslapd-pluginversion: 1.0
|
|
nsslapd-pluginvendor: RedHat
|
|
nsslapd-plugindescription: Enroll hosts into the IPA domain
|
|
nsslapd-plugin-depends-on-type: database
|
|
nsslapd-realmTree: $SUFFIX
|