IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-26 00:41:25 -06:00
Code Issues Packages Projects Releases Wiki Activity
c64eaa49c4
freeipa/install/updates/10-uniqueness.update
Christian Heimes c78d1341ad Redesign subid feature 
Subordinate ids are now handled by a new plugin class and stored in
separate entries in the cn=subids,cn=accounts subtree.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-07-09 09:47:30 -04:00

131 lines
5.6 KiB
Plaintext
Raw Blame History

dn: cn=sudorule name uniqueness,cn=plugins,cn=config
default:objectClass: top
default:objectClass: nsSlapdPlugin
default:objectClass: extensibleObject
default:cn: sudorule name uniqueness
default:nsslapd-pluginDescription: Enforce unique attribute values
default:nsslapd-pluginPath: libattr-unique-plugin
default:nsslapd-pluginInitfunc: NSUniqueAttr_Init
default:nsslapd-pluginType: preoperation
default:nsslapd-pluginEnabled: on
default:uniqueness-attribute-name: cn
default:uniqueness-subtrees: cn=sudorules,cn=sudo,$SUFFIX
default:nsslapd-plugin-depends-on-type: database
default:nsslapd-pluginId: NSUniqueAttr
default:nsslapd-pluginVersion: 1.1.0
default:nsslapd-pluginVendor: Fedora Project
dn: cn=certificate store subject uniqueness,cn=plugins,cn=config
default:objectClass: top
default:objectClass: nsSlapdPlugin
default:objectClass: extensibleObject
default:cn: certificate store subject uniqueness
default:nsslapd-pluginDescription: Enforce unique attribute values
default:nsslapd-pluginPath: libattr-unique-plugin
default:nsslapd-pluginInitfunc: NSUniqueAttr_Init
default:nsslapd-pluginType: preoperation
default:nsslapd-pluginEnabled: on
default:uniqueness-attribute-name: ipaCertSubject
default:uniqueness-subtrees: cn=certificates,cn=ipa,cn=etc,$SUFFIX
default:nsslapd-plugin-depends-on-type: database
default:nsslapd-pluginId: NSUniqueAttr
default:nsslapd-pluginVersion: 1.1.0
default:nsslapd-pluginVendor: Fedora Project
dn: cn=certificate store issuer/serial uniqueness,cn=plugins,cn=config
default:objectClass: top
default:objectClass: nsSlapdPlugin
default:objectClass: extensibleObject
default:cn: certificate store issuer/serial uniqueness
default:nsslapd-pluginDescription: Enforce unique attribute values
default:nsslapd-pluginPath: libattr-unique-plugin
default:nsslapd-pluginInitfunc: NSUniqueAttr_Init
default:nsslapd-pluginType: preoperation
default:nsslapd-pluginEnabled: on
default:uniqueness-attribute-name: ipaCertIssuerSerial
default:uniqueness-subtrees: cn=certificates,cn=ipa,cn=etc,$SUFFIX
default:nsslapd-plugin-depends-on-type: database
default:nsslapd-pluginId: NSUniqueAttr
default:nsslapd-pluginVersion: 1.1.0
default:nsslapd-pluginVendor: Fedora Project
dn: cn=uid uniqueness,cn=plugins,cn=config
default:objectClass: top
default:objectClass: nsSlapdPlugin
default:objectClass: extensibleObject
default:cn: uid uniqueness
default:nsslapd-pluginPath: libattr-unique-plugin
default:nsslapd-pluginInitfunc: NSUniqueAttr_Init
default:nsslapd-pluginType: preoperation
default:nsslapd-pluginEnabled: on
default:uniqueness-attribute-name: uid
default:uniqueness-subtrees: $SUFFIX
default:uniqueness-exclude-subtrees: cn=compat,$SUFFIX
default:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
default:uniqueness-across-all-subtrees: on
default:uniqueness-subtree-entries-oc: posixAccount
default:nsslapd-plugin-depends-on-type: database
default:nsslapd-pluginId: NSUniqueAttr
default:nsslapd-pluginVersion: 1.1.0
default:nsslapd-pluginVendor: Fedora Project
default:nsslapd-pluginDescription: Enforce unique attribute values
# uid uniqueness scopes Active/Delete containers
dn: cn=uid uniqueness,cn=plugins,cn=config
add:uniqueness-exclude-subtrees: cn=compat,$SUFFIX
add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
remove:uniqueness-across-all-subtrees: off
add:uniqueness-across-all-subtrees: on
add:uniqueness-subtree-entries-oc: posixAccount
# krbPrincipalName uniqueness scopes Active/Delete containers
dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config
add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
add:uniqueness-across-all-subtrees: on
# krbCanonicalName uniqueness scopes Active/Delete containers
dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config
add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
add:uniqueness-across-all-subtrees: on
# ipaUniqueID uniqueness scopes Active/Delete containers
dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config
add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX
add:uniqueness-across-all-subtrees: on
dn: cn=caacl name uniqueness,cn=plugins,cn=config
default:objectClass: top
default:objectClass: nsSlapdPlugin
default:objectClass: extensibleObject
default:cn: caacl name uniqueness
default:nsslapd-pluginDescription: Enforce unique attribute values
default:nsslapd-pluginPath: libattr-unique-plugin
default:nsslapd-pluginInitfunc: NSUniqueAttr_Init
default:nsslapd-pluginType: preoperation
default:nsslapd-pluginEnabled: on
default:uniqueness-attribute-name: cn
default:uniqueness-subtrees: cn=caacls,cn=ca,$SUFFIX
default:nsslapd-plugin-depends-on-type: database
default:nsslapd-pluginId: NSUniqueAttr
default:nsslapd-pluginVersion: 1.1.0
default:nsslapd-pluginVendor: Fedora Project
dn: cn=ipaSubordinateIdEntry ipaOwner uniqueness,cn=plugins,cn=config
default:objectClass: top
default:objectClass: nsSlapdPlugin
default:objectClass: extensibleObject
default:cn: ipaSubordinateIdEntry ipaOwner uniqueness
default:nsslapd-pluginDescription: Enforce unique attribute values of ipaOwner
default:nsslapd-pluginPath: libattr-unique-plugin
default:nsslapd-pluginInitfunc: NSUniqueAttr_Init
default:nsslapd-pluginType: preoperation
default:nsslapd-pluginEnabled: on
default:uniqueness-attribute-name: ipaOwner
default:uniqueness-subtrees: cn=subids,cn=accounts,$SUFFIX
default:uniqueness-across-all-subtrees: on
default:uniqueness-subtree-entries-oc: ipaSubordinateIdEntry
default:nsslapd-plugin-depends-on-type: database
default:nsslapd-pluginId: NSUniqueAttr
default:nsslapd-pluginVersion: 1.1.0
default:nsslapd-pluginVendor: Fedora Project
Reference in New Issue View Git Blame Copy Permalink