mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 08:41:55 -06:00
c781e8a57d
ipaObject is defined as an auxiliary objectclass so it is up to the plugin author to ensure that the objectclass is included an a UUID generated. ipaUniqueId is a MUST attribute so if you include the objectclass you must ensure that the uuid is generated. This also fixes up some unrelated unit test failures.
207 lines
4.6 KiB
Plaintext
207 lines
4.6 KiB
Plaintext
dn: cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
objectClass: krbPwdPolicy
|
|
cn: accounts
|
|
krbMinPwdLife: 3600
|
|
krbPwdMinDiffChars: 0
|
|
krbPwdMinLength: 8
|
|
krbPwdHistoryLength: 0
|
|
krbMaxPwdLife: 7776000
|
|
|
|
dn: cn=users,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: users
|
|
|
|
dn: cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: groups
|
|
|
|
dn: cn=services,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: services
|
|
|
|
dn: cn=computers,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: nsContainer
|
|
cn: computers
|
|
|
|
dn: cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: etc
|
|
|
|
dn: cn=sysaccounts,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: sysaccounts
|
|
|
|
dn: cn=ipa,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: ipa
|
|
|
|
dn: cn=masters,cn=ipa,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: masters
|
|
|
|
dn: uid=admin,cn=users,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: posixaccount
|
|
objectClass: krbprincipalaux
|
|
objectClass: inetuser
|
|
uid: admin
|
|
krbPrincipalName: admin@$REALM
|
|
cn: Administrator
|
|
sn: Administrator
|
|
uidNumber: 999
|
|
gidNumber: 1001
|
|
homeDirectory: /home/admin
|
|
loginShell: /bin/bash
|
|
gecos: Administrator
|
|
nsAccountLock: False
|
|
|
|
dn: cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: radius
|
|
|
|
dn: cn=clients,cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: clients
|
|
|
|
dn: cn=profiles,cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
cn: profiles
|
|
|
|
dn: uid=ipa_default, cn=profiles,cn=radius,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: radiusprofile
|
|
uid: ipa_default
|
|
|
|
dn: cn=admins,cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: groupofnames
|
|
objectClass: posixgroup
|
|
cn: admins
|
|
description: Account administrators group
|
|
gidNumber: 1001
|
|
member: uid=admin,cn=users,cn=accounts,$SUFFIX
|
|
nsAccountLock: False
|
|
|
|
dn: cn=ipausers,cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: groupofnames
|
|
objectClass: nestedgroup
|
|
objectClass: ipausergroup
|
|
objectClass: posixgroup
|
|
gidNumber: 1002
|
|
description: Default group for all users
|
|
cn: ipausers
|
|
|
|
dn: cn=editors,cn=groups,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: groupofnames
|
|
objectClass: posixgroup
|
|
gidNumber: 1003
|
|
description: Limited admins who can edit other users
|
|
cn: editors
|
|
|
|
dn: cn=ipaConfig,cn=etc,$SUFFIX
|
|
changetype: add
|
|
objectClass: nsContainer
|
|
objectClass: top
|
|
objectClass: ipaGuiConfig
|
|
ipaUserSearchFields: uid,givenname,sn,telephonenumber,ou,title
|
|
ipaGroupSearchFields: cn,description
|
|
ipaSearchTimeLimit: 2
|
|
ipaSearchRecordsLimit: 0
|
|
ipaHomesRootDir: /home
|
|
ipaDefaultLoginShell: /bin/sh
|
|
ipaDefaultPrimaryGroup: ipausers
|
|
ipaMaxUsernameLength: 8
|
|
ipaPwdExpAdvNotify: 4
|
|
ipaGroupObjectClasses: top
|
|
ipaGroupObjectClasses: groupofnames
|
|
ipaGroupObjectClasses: nestedgroup
|
|
ipaGroupObjectClasses: ipausergroup
|
|
ipaGroupObjectClasses: ipaobject
|
|
ipaUserObjectClasses: top
|
|
ipaUserObjectClasses: person
|
|
ipaUserObjectClasses: organizationalperson
|
|
ipaUserObjectClasses: inetorgperson
|
|
ipaUserObjectClasses: inetuser
|
|
ipaUserObjectClasses: posixaccount
|
|
ipaUserObjectClasses: krbprincipalaux
|
|
ipaUserObjectClasses: radiusprofile
|
|
ipaUserObjectClasses: ipaobject
|
|
ipaDefaultEmailDomain: $DOMAIN
|
|
|
|
dn: cn=account inactivation,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
description: Lock accounts based on group membership
|
|
objectClass: top
|
|
objectClass: ldapsubentry
|
|
objectClass: cosSuperDefinition
|
|
objectClass: cosClassicDefinition
|
|
cosTemplateDn: cn=cosTemplates,cn=accounts,$SUFFIX
|
|
cosAttribute: nsAccountLock operational
|
|
cosSpecifier: memberOf
|
|
cn: Account Inactivation
|
|
|
|
dn: cn=cosTemplates,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: top
|
|
objectclass: nsContainer
|
|
cn: cosTemplates
|
|
|
|
dn: cn="cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX", cn=cosTemplates,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: cosTemplate
|
|
objectClass: extensibleobject
|
|
nsAccountLock: true
|
|
cosPriority: 1
|
|
|
|
dn: cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: top
|
|
objectclass: groupofnames
|
|
|
|
dn: cn="cn=activated,cn=account inactivation,cn=accounts,$SUFFIX", cn=cosTemplates,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: cosTemplate
|
|
objectClass: extensibleobject
|
|
nsAccountLock: false
|
|
cosPriority: 0
|
|
|
|
dn: cn=Activated,cn=Account Inactivation,cn=accounts,$SUFFIX
|
|
changetype: add
|
|
objectclass: top
|
|
objectclass: groupofnames
|