mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 08:41:55 -06:00
5783d0c832
CSV values are not supported in upgrade files anymore Instead of add:attribute: 'first, part', second please use add:attribute: firts, part add:attribute: second Required for ticket: https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
62 lines
4.6 KiB
Plaintext
62 lines
4.6 KiB
Plaintext
dn: cn=otp,$SUFFIX
|
|
default: objectClass: nsContainer
|
|
default: objectClass: top
|
|
default: cn: otp
|
|
|
|
dn: cn=otp,cn=etc,$SUFFIX
|
|
default: objectClass: ipatokenOTPConfig
|
|
default: objectClass: top
|
|
default: cn: otp
|
|
default: ipatokenTOTPauthWindow: 300
|
|
default: ipatokenTOTPsyncWindow: 86400
|
|
default: ipatokenHOTPauthWindow: 10
|
|
default: ipatokenHOTPsyncWindow: 100
|
|
|
|
dn: $SUFFIX
|
|
remove: aci:(target = "ldap:///ipatokenuniqueid=*,cn=otp,$SUFFIX")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create and delete tokens"; allow (add, delete) userattr = "ipatokenOwner#SELFDN";)
|
|
remove: aci:(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN";)
|
|
remove: aci:(targetfilter = "(objectClass=ipaToken)")(targetattrs = "ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can write basic token info"; allow (write) userattr = "ipatokenOwner#USERDN";)
|
|
remove: aci:(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPclockOffset || ipatokenTOTPtimeStep")(version 3.0; acl "Users can add TOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)
|
|
remove: aci:(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenHOTPcounter")(version 3.0; acl "Users can add HOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)
|
|
add: aci:(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
|
|
add: aci:(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
|
|
add: aci:(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
|
|
add: aci:(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)
|
|
add: aci:(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)
|
|
add: aci:(target = "ldap:///ipatokenuniqueid=*,cn=otp,$SUFFIX")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)
|
|
|
|
dn: cn=radiusproxy,$SUFFIX
|
|
default: objectClass: nsContainer
|
|
default: objectClass: top
|
|
default: cn: radiusproxy
|
|
|
|
dn: cn=IPA OTP Last Token,cn=plugins,cn=config
|
|
default:objectclass: top
|
|
default:objectclass: nsSlapdPlugin
|
|
default:objectclass: extensibleObject
|
|
default:cn: IPA OTP Last Token
|
|
default:nsslapd-pluginpath: libipa_otp_lasttoken
|
|
default:nsslapd-plugininitfunc: ipa_otp_lasttoken_init
|
|
default:nsslapd-plugintype: preoperation
|
|
default:nsslapd-pluginenabled: on
|
|
default:nsslapd-pluginid: ipa-otp-lasttoken
|
|
default:nsslapd-pluginversion: 1.0
|
|
default:nsslapd-pluginvendor: Red Hat, Inc.
|
|
default:nsslapd-plugindescription: IPA OTP Last Token plugin
|
|
default:nsslapd-plugin-depends-on-type: database
|
|
|
|
dn: cn=IPA OTP Counter,cn=plugins,cn=config
|
|
default:objectclass: top
|
|
default:objectclass: nsSlapdPlugin
|
|
default:objectclass: extensibleObject
|
|
default:cn: IPA OTP Counter
|
|
default:nsslapd-pluginpath: libipa_otp_counter
|
|
default:nsslapd-plugininitfunc: ipa_otp_counter_init
|
|
default:nsslapd-plugintype: preoperation
|
|
default:nsslapd-pluginenabled: on
|
|
default:nsslapd-pluginid: ipa-otp-counter
|
|
default:nsslapd-pluginversion: 1.0
|
|
default:nsslapd-pluginvendor: Red Hat, Inc.
|
|
default:nsslapd-plugindescription: IPA OTP Counter plugin
|
|
default:nsslapd-plugin-depends-on-type: database
|