mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
559c76f761
This also adds a new option to the template system. If you include eval(string) in a file that goes through the templater then the string in the eval will be evaluated by the Python interpreter. This is used so one can do $UIDSTART+1. If any errors occur during the evaluation the original string is is returned, eval() and all so it is up to the developer to make sure the evaluation passes. The default value for uid and gid is now a random value between 1,000,000 and (2^31 - 1,000,000)
207 lines
4.6 KiB
Plaintext
207 lines
4.6 KiB
Plaintext
dn: cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
objectClass: krbPwdPolicy
|
|
cn: accounts
|
|
krbMinPwdLife: 3600
|
|
krbPwdMinDiffChars: 0
|
|
krbPwdMinLength: 8
|
|
krbPwdHistoryLength: 0
|
|
krbMaxPwdLife: 7776000
|
|
|
|
dn: cn=users,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: users
|
|
|
|
dn: cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: groups
|
|
|
|
dn: cn=services,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: services
|
|
|
|
dn: cn=computers,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: computers
|
|
|
|
dn: cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: etc
|
|
|
|
dn: cn=sysaccounts,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: sysaccounts
|
|
|
|
dn: cn=ipa,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: ipa
|
|
|
|
dn: cn=masters,cn=ipa,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: masters
|
|
|
|
dn: uid=admin,cn=users,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: posixaccount
|
|
objectClass: krbprincipalaux
|
|
objectClass: inetuser
|
|
uid: admin
|
|
krbPrincipalName: admin@$REALM
|
|
cn: Administrator
|
|
sn: Administrator
|
|
uidNumber: $UIDSTART
|
|
gidNumber: $GIDSTART
|
|
homeDirectory: /home/admin
|
|
loginShell: /bin/bash
|
|
gecos: Administrator
|
|
nsAccountLock: False
|
|
|
|
dn: cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: radius
|
|
|
|
dn: cn=clients,cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: clients
|
|
|
|
dn: cn=profiles,cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: profiles
|
|
|
|
dn: uid=ipa_default, cn=profiles,cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: radiusprofile
|
|
uid: ipa_default
|
|
|
|
dn: cn=admins,cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: groupofnames
|
|
objectClass: posixgroup
|
|
cn: admins
|
|
description: Account administrators group
|
|
gidNumber: $GIDSTART
|
|
member: uid=admin,cn=users,cn=accounts,$SUFFIX
|
|
nsAccountLock: False
|
|
|
|
dn: cn=ipausers,cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: groupofnames
|
|
objectClass: nestedgroup
|
|
objectClass: ipausergroup
|
|
objectClass: posixgroup
|
|
gidNumber: eval($GIDSTART+1)
|
|
description: Default group for all users
|
|
cn: ipausers
|
|
|
|
dn: cn=editors,cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: groupofnames
|
|
objectClass: posixgroup
|
|
gidNumber: eval($GIDSTART+2)
|
|
description: Limited admins who can edit other users
|
|
cn: editors
|
|
|
|
dn: cn=ipaConfig,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
objectClass: ipaGuiConfig
|
|
ipaUserSearchFields: uid,givenname,sn,telephonenumber,ou,title
|
|
ipaGroupSearchFields: cn,description
|
|
ipaSearchTimeLimit: 2
|
|
ipaSearchRecordsLimit: 0
|
|
ipaHomesRootDir: /home
|
|
ipaDefaultLoginShell: /bin/sh
|
|
ipaDefaultPrimaryGroup: ipausers
|
|
ipaMaxUsernameLength: 8
|
|
ipaPwdExpAdvNotify: 4
|
|
ipaGroupObjectClasses: top
|
|
ipaGroupObjectClasses: groupofnames
|
|
ipaGroupObjectClasses: nestedgroup
|
|
ipaGroupObjectClasses: ipausergroup
|
|
ipaGroupObjectClasses: ipaobject
|
|
ipaUserObjectClasses: top
|
|
ipaUserObjectClasses: person
|
|
ipaUserObjectClasses: organizationalperson
|
|
ipaUserObjectClasses: inetorgperson
|
|
ipaUserObjectClasses: inetuser
|
|
ipaUserObjectClasses: posixaccount
|
|
ipaUserObjectClasses: krbprincipalaux
|
|
ipaUserObjectClasses: radiusprofile
|
|
ipaUserObjectClasses: ipaobject
|
|
ipaDefaultEmailDomain: $DOMAIN
|
|
|
|
dn: cn=account inactivation,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
description: Lock accounts based on group membership
|
|
objectClass: top
|
|
objectClass: ldapsubentry
|
|
objectClass: cosSuperDefinition
|
|
objectClass: cosClassicDefinition
|
|
cosTemplateDn: cn=cosTemplates,cn=accounts,$SUFFIX
|
|
cosAttribute: nsAccountLock operational
|
|
cosSpecifier: memberOf
|
|
cn: Account Inactivation
|
|
|
|
dn: cn=cosTemplates,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: top
|
|
objectclass: nsContainer
|
|
cn: cosTemplates
|
|
|
|
dn: cn="cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX", cn=cosTemplates,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: cosTemplate
|
|
objectClass: extensibleobject
|
|
nsAccountLock: true
|
|
cosPriority: 1
|
|
|
|
dn: cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: top
|
|
objectclass: groupofnames
|
|
|
|
dn: cn="cn=activated,cn=account inactivation,cn=accounts,$SUFFIX", cn=cosTemplates,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: cosTemplate
|
|
objectClass: extensibleobject
|
|
nsAccountLock: false
|
|
cosPriority: 0
|
|
|
|
dn: cn=Activated,cn=Account Inactivation,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: top
|
|
objectclass: groupofnames
|