mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-28 01:41:14 -06:00
e466bed545
Move the netgroup compat configuration from the nis configuration to the existing compat configuration. Add a 'status' option to the ipa-copmat-manage tool. ticket 91
70 lines
3.5 KiB
Plaintext
70 lines
3.5 KiB
Plaintext
#
|
|
# Enable the Schema Compatibility plugin provided by slapi-nis.
|
|
#
|
|
# http://slapi-nis.fedorahosted.org/
|
|
#
|
|
dn: cn=Schema Compatibility, cn=plugins, cn=config
|
|
default:objectclass: top
|
|
default:objectclass: nsSlapdPlugin
|
|
default:objectclass: extensibleObject
|
|
default:cn: Schema Compatibility
|
|
default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/schemacompat-plugin.so
|
|
default:nsslapd-plugininitfunc: schema_compat_plugin_init
|
|
default:nsslapd-plugintype: object
|
|
default:nsslapd-pluginenabled: on
|
|
default:nsslapd-pluginid: schema-compat-plugin
|
|
default:nsslapd-pluginversion: 0.8
|
|
default:nsslapd-pluginvendor: redhat.com
|
|
default:nsslapd-plugindescription: Schema Compatibility Plugin
|
|
|
|
dn: cn=users, cn=Schema Compatibility, cn=plugins, cn=config
|
|
default:objectClass: top
|
|
default:objectClass: extensibleObject
|
|
default:cn: users
|
|
default:schema-compat-container-group: cn=compat, $SUFFIX
|
|
default:schema-compat-container-rdn: cn=users
|
|
default:schema-compat-search-base: cn=users, cn=accounts, $SUFFIX
|
|
default:schema-compat-search-filter: objectclass=posixAccount
|
|
default:schema-compat-entry-rdn: uid=%{uid}
|
|
default:schema-compat-entry-attribute: objectclass=posixAccount
|
|
default:schema-compat-entry-attribute: gecos=%{cn}
|
|
default:schema-compat-entry-attribute: cn=%{cn}
|
|
default:schema-compat-entry-attribute: uidNumber=%{uidNumber}
|
|
default:schema-compat-entry-attribute: gidNumber=%{gidNumber}
|
|
default:schema-compat-entry-attribute: loginShell=%{loginShell}
|
|
default:schema-compat-entry-attribute: homeDirectory=%{homeDirectory}
|
|
|
|
dn: cn=groups, cn=Schema Compatibility, cn=plugins, cn=config
|
|
default:objectClass: top
|
|
default:objectClass: extensibleObject
|
|
default:cn: groups
|
|
default:schema-compat-container-group: cn=compat, $SUFFIX
|
|
default:schema-compat-container-rdn: cn=groups
|
|
default:schema-compat-search-base: cn=groups, cn=accounts, $SUFFIX
|
|
default:schema-compat-search-filter: objectclass=posixGroup
|
|
default:schema-compat-entry-rdn: cn=%{cn}
|
|
default:schema-compat-entry-attribute: objectclass=posixGroup
|
|
default:schema-compat-entry-attribute: gidNumber=%{gidNumber}
|
|
default:schema-compat-entry-attribute: memberUid=%{memberUid}
|
|
default:schema-compat-entry-attribute: memberUid=%deref("member","uid")
|
|
default:schema-compat-entry-attribute: memberUid=%referred("cn=users","memberOf","uid")
|
|
|
|
dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
|
|
add:objectClass: top
|
|
add:objectClass: extensibleObject
|
|
add:cn: ng
|
|
add:schema-compat-container-group: 'cn=compat, $SUFFIX'
|
|
add:schema-compat-container-rdn: cn=ng
|
|
add:schema-compat-check-access: yes
|
|
add:schema-compat-search-base: 'cn=ng,cn=alt,$SUFFIX'
|
|
add:schema-compat-search-filter: !(cn=ng)
|
|
add:schema-compat-entry-rdn: cn=%{cn}
|
|
add:schema-compat-entry-attribute: objectclass=nisNetgroup
|
|
add:schema-compat-entry-attribute: 'memberNisNetgroup=%deref_r("member","cn")'
|
|
add:schema-compat-entry-attribute: 'memberNisNetgroup=%referred_r("cn=ng","memberOf","cn")'
|
|
add:schema-compat-entry-attribute: 'nisNetgroupTriple=(%link("%collect(\"%{externalHost}\",\"%deref(\\\"memberHost\\\",\\\"fqdn\\\")\",\"%deref_r(\\\"member\\\",\\\"fqdn\\\")\",\"%deref_r(\\\"memberHost\\\",\\\"member\\\",\\\"fqdn\\\")\")","-",",","%collect(\"%deref(\\\"memberUser\\\",\\\"uid\\\")\",\"%deref_r(\\\"member\\\",\\\"uid\\\")\",\"%deref_r(\\\"memberUser\\\",\\\"member\\\",\\\"uid\\\")\")","-"),%{nisDomainName:-})'
|
|
|
|
# Enable anonymous VLV browsing for Solaris
|
|
dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
|
|
only:aci: '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'
|