mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-30 10:47:08 -06:00
a39f1cb2cb
It seems that in openldap-2.4.x ldapmodify has gotten somewhat more picky about the ldif it accepts. See here for more details: https://bugzilla.redhat.com/422251 Not sure whether ldapmodify will be fixed, but for now just fix the ldif. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
211 lines
4.5 KiB
Plaintext
211 lines
4.5 KiB
Plaintext
dn: $SUFFIX
|
|
changetype: modify
|
|
add: objectClass
|
|
objectClass: pilotObject
|
|
-
|
|
add: info
|
|
info: IPA V1.0
|
|
|
|
dn: cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
objectClass: krbPwdPolicy
|
|
cn: accounts
|
|
krbMinPwdLife: 3600
|
|
krbPwdMinDiffChars: 0
|
|
krbPwdMinLength: 8
|
|
krbPwdHistoryLength: 0
|
|
krbMaxPwdLife: 7776000
|
|
|
|
dn: cn=users,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: users
|
|
|
|
dn: cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: groups
|
|
|
|
dn: cn=services,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: services
|
|
|
|
dn: cn=computers,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: computers
|
|
|
|
dn: cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: etc
|
|
|
|
dn: cn=sysaccounts,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: sysaccounts
|
|
|
|
dn: cn=ipa,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: ipa
|
|
|
|
dn: cn=masters,cn=ipa,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: masters
|
|
|
|
dn: uid=admin,cn=sysaccounts,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: posixAccount
|
|
objectClass: KrbPrincipalAux
|
|
objectClass: inetUser
|
|
uid: admin
|
|
krbPrincipalName: admin@$REALM
|
|
cn: Administrator
|
|
sn: Administrator
|
|
uidNumber: 999
|
|
gidNumber: 1001
|
|
homeDirectory: /home/admin
|
|
loginShell: /bin/bash
|
|
gecos: Administrator
|
|
nsAccountLock: False
|
|
|
|
dn: cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: radius
|
|
|
|
dn: cn=clients,cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: clients
|
|
|
|
dn: cn=profiles,cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: profiles
|
|
|
|
dn: uid=ipa_default, cn=profiles,cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: radiusprofile
|
|
uid: ipa_default
|
|
|
|
dn: cn=admins,cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: groupofnames
|
|
objectClass: posixGroup
|
|
cn: admins
|
|
description: Account administrators group
|
|
gidNumber: 1001
|
|
member: uid=admin,cn=sysaccounts,cn=etc,$SUFFIX
|
|
nsAccountLock: False
|
|
|
|
dn: cn=ipausers,cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: groupofnames
|
|
objectClass: posixGroup
|
|
gidNumber: 1002
|
|
description: Default group for all users
|
|
cn: ipausers
|
|
|
|
dn: cn=editors,cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: groupofnames
|
|
objectClass: posixGroup
|
|
gidNumber: 1003
|
|
description: Limited admins who can edit other users
|
|
cn: editors
|
|
|
|
dn: cn=ipaConfig,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
objectClass: ipaGuiConfig
|
|
ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title
|
|
ipaGroupSearchFields: cn,description
|
|
ipaSearchTimeLimit: 2
|
|
ipaSearchRecordsLimit: 0
|
|
ipaHomesRootDir: /home
|
|
ipaDefaultLoginShell: /bin/sh
|
|
ipaDefaultPrimaryGroup: ipausers
|
|
ipaMaxUsernameLength: 8
|
|
ipaPwdExpAdvNotify: 4
|
|
ipaGroupObjectClasses: top
|
|
ipaGroupObjectClasses: groupofnames
|
|
ipaGroupObjectClasses: posixGroup
|
|
ipaGroupObjectClasses: inetUser
|
|
ipaUserObjectClasses: top
|
|
ipaUserObjectClasses: person
|
|
ipaUserObjectClasses: organizationalPerson
|
|
ipaUserObjectClasses: inetOrgPerson
|
|
ipaUserObjectClasses: inetUser
|
|
ipaUserObjectClasses: posixAccount
|
|
ipaUserObjectClasses: krbPrincipalAux
|
|
ipaUserObjectClasses: radiusprofile
|
|
ipaDefaultEmailDomain: $DOMAIN
|
|
|
|
dn: cn=account inactivation,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
description: Lock accounts based on group membership
|
|
objectClass: top
|
|
objectClass: ldapsubentry
|
|
objectClass: cosSuperDefinition
|
|
objectClass: cosClassicDefinition
|
|
cosTemplateDn: cn=cosTemplates,cn=accounts,$SUFFIX
|
|
cosAttribute: nsAccountLock operational
|
|
cosSpecifier: memberOf
|
|
cn: Account Inactivation
|
|
|
|
dn: cn=cosTemplates,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: top
|
|
objectclass: nsContainer
|
|
cn: cosTemplates
|
|
|
|
dn: cn="cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX", cn=cosTemplates,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: cosTemplate
|
|
objectClass: extensibleobject
|
|
nsAccountLock: true
|
|
cosPriority: 1
|
|
|
|
dn: cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: top
|
|
objectclass: groupofnames
|
|
|
|
dn: cn="cn=activated,cn=account inactivation,cn=accounts,$SUFFIX", cn=cosTemplates,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: cosTemplate
|
|
objectClass: extensibleobject
|
|
nsAccountLock: false
|
|
cosPriority: 0
|
|
|
|
dn: cn=Activated,cn=Account Inactivation,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: top
|
|
objectclass: groupofnames
|