mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-28 01:41:14 -06:00
ddb3957011
This adds a new LDAP attribute ipaRangeType with OID 2.16.840.1.113730.3.8.11.41 to the LDAP Schema. ObjectClass ipaIDrange has been altered to require ipaRangeType attribute. Part of https://fedorahosted.org/freeipa/ticket/3647
39 lines
3.0 KiB
Plaintext
39 lines
3.0 KiB
Plaintext
dn: cn=schema
|
|
add:attributeTypes: (2.16.840.1.113730.3.8.11.33 NAME 'ipaBaseID' DESC 'First value of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' )
|
|
add:attributeTypes: (2.16.840.1.113730.3.8.11.34 NAME 'ipaIDRangeSize' DESC 'Size of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' )
|
|
add:attributeTypes: (2.16.840.1.113730.3.8.11.35 NAME 'ipaBaseRID' DESC 'First value of a RID range' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' )
|
|
add:attributeTypes: (2.16.840.1.113730.3.8.11.36 NAME 'ipaSecondaryBaseRID' DESC 'First value of a secondary RID range' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' )
|
|
add:attributeTypes: (2.16.840.1.113730.3.8.11.41 NAME 'ipaRangeType' DESC 'Range type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3' )
|
|
add:objectClasses: (2.16.840.1.113730.3.8.12.14 NAME 'ipaIDobject' SUP top AUXILIARY MAY ( uidNumber $$ gidNumber $$ ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' )
|
|
add:objectClasses: (2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $$ ipaBaseID $$ ipaIDRangeSize ) X-ORIGIN 'IPA v3' )
|
|
add:objectClasses: (2.16.840.1.113730.3.8.12.16 NAME 'ipaDomainIDRange' SUP ipaIDrange STRUCTURAL MAY ( ipaBaseRID $$ ipaSecondaryBaseRID ) X-ORIGIN 'IPA v3' )
|
|
add:objectClasses: (2.16.840.1.113730.3.8.12.17 NAME 'ipaTrustedADDomainRange' SUP ipaIDrange STRUCTURAL MUST ( ipaBaseRID $$ ipaNTTrustedDomainSID ) X-ORIGIN 'IPA v3' )
|
|
replace:objectClasses: (2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $$ ipaBaseID $$ ipaIDRangeSize ) X-ORIGIN 'IPA v3' )::(2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $$ ipaBaseID $$ ipaIDRangeSize $$ ipaRangeType ) X-ORIGIN 'IPA v3' )
|
|
|
|
dn: cn=ranges,cn=etc,$SUFFIX
|
|
default: objectClass: top
|
|
default: objectClass: nsContainer
|
|
default: cn: ranges
|
|
|
|
dn: cn=IPA Range-Check,cn=plugins,cn=config
|
|
default: changetype: add
|
|
default: objectclass: top
|
|
default: objectclass: nsSlapdPlugin
|
|
default: objectclass: extensibleObject
|
|
default: cn: IPA Range-Check
|
|
default: nsslapd-pluginpath: libipa_range_check
|
|
default: nsslapd-plugininitfunc: ipa_range_check_init
|
|
default: nsslapd-plugintype: preoperation
|
|
default: nsslapd-pluginenabled: on
|
|
default: nsslapd-pluginid: ipa_range_check_version
|
|
default: nsslapd-pluginversion: 1.0
|
|
default: nsslapd-pluginvendor: Red Hat, Inc.
|
|
default: nsslapd-plugindescription: IPA Range-Check plugin
|
|
default: nsslapd-plugin-depends-on-type: database
|
|
default: nsslapd-basedn: $SUFFIX
|
|
|
|
# Add new ipaIDobject to DNA plugin configuraton
|
|
dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
|
|
replace:dnaFilter:(|(objectclass=posixAccount)(objectClass=posixGroup))::(|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject))
|
|
|