diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-03-23 15:20:43 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2009-03-25 11:03:07 -0400 |
commit | c00281a9f9c3f79fb88ff8537d941394fee09ca2 (patch) | |
tree | 019c8f72200e78b58699afe327f8f212898d659a | |
parent | d6814f3aae1e3af371eaf9d10ae37bfee464015a (diff) | |
download | freeipa-c00281a9f9c3f79fb88ff8537d941394fee09ca2.tar.gz freeipa-c00281a9f9c3f79fb88ff8537d941394fee09ca2.tar.xz freeipa-c00281a9f9c3f79fb88ff8537d941394fee09ca2.zip |
Name update files so they can be easily sorted.
We want to process some updates in a particular order (schema, structural).
Using an init-inspired ordering mechanism.
-rw-r--r-- | install/updates/10-RFC2307bis.update (renamed from install/updates/RFC2307bis.update) | 8 | ||||
-rw-r--r-- | install/updates/10-RFC4876.update (renamed from install/updates/RFC4876.update) | 16 | ||||
-rw-r--r-- | install/updates/20-dna.update | 3 | ||||
-rw-r--r-- | install/updates/20-indices.update (renamed from install/updates/indices.update) | 0 | ||||
-rw-r--r-- | install/updates/20-nss_ldap.update (renamed from install/updates/nss_ldap.update) | 0 | ||||
-rw-r--r-- | install/updates/20-replication.update (renamed from install/updates/replication.update) | 0 | ||||
-rw-r--r-- | install/updates/20-winsync_index.update (renamed from install/updates/winsync_index.update) | 0 | ||||
-rw-r--r-- | install/updates/30-automount.update (renamed from install/updates/automount.update) | 0 | ||||
-rw-r--r-- | install/updates/30-groupofhosts.update (renamed from install/updates/groupofhosts.update) | 0 | ||||
-rw-r--r-- | install/updates/30-netgroups.update (renamed from install/updates/netgroups.update) | 0 | ||||
-rw-r--r-- | install/updates/30-policy.update (renamed from install/updates/policy.update) | 0 | ||||
-rw-r--r-- | install/updates/30-rolegroup.update (renamed from install/updates/rolegroup.update) | 1 | ||||
-rw-r--r-- | install/updates/30-taskgroup.update (renamed from install/updates/taskgroup.update) | 0 | ||||
-rw-r--r-- | install/updates/40-delegation.update | 124 | ||||
-rw-r--r-- | install/updates/Makefile.am | 26 | ||||
-rw-r--r-- | install/updates/README | 8 |
16 files changed, 162 insertions, 24 deletions
diff --git a/install/updates/RFC2307bis.update b/install/updates/10-RFC2307bis.update index 1ddebc1a2..afb17bbfb 100644 --- a/install/updates/RFC2307bis.update +++ b/install/updates/10-RFC2307bis.update @@ -47,8 +47,8 @@ add:attributeTypes: add:objectClasses: ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' DESC 'nisKeyObject' SUP top - MUST ( cn $ nisPublickey $ nisSecretkey ) - MAY ( uidNumber $ description ) ) + MUST ( cn $$ nisPublickey $$ nisSecretkey ) + MAY ( uidNumber $$ description ) ) add:objectClasses: ( 1.3.1.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'nisDomainObject' SUP top AUXILIARY @@ -57,9 +57,9 @@ add:objectClasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'mailGroup' SUP top MUST ( mail ) - MAY ( cn $ mgrpRFC822MailMember ) ) + MAY ( cn $$ mgrpRFC822MailMember ) ) add:objectClasses: ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId' DESC 'nisNetId' SUP top MUST ( cn ) - MAY ( nisNetIdUser $ nisNetIdGroup $ nisNetIdHost ) ) + MAY ( nisNetIdUser $$ nisNetIdGroup $$ nisNetIdHost ) ) diff --git a/install/updates/RFC4876.update b/install/updates/10-RFC4876.update index 5a372c201..c743b4bc6 100644 --- a/install/updates/RFC4876.update +++ b/install/updates/10-RFC4876.update @@ -135,12 +135,12 @@ add:objectClasses: SUP top STRUCTURAL DESC 'Abstraction of a base configuration for a DUA' MUST ( cn ) - MAY ( defaultServerList $ preferredServerList $ - defaultSearchBase $ defaultSearchScope $ - searchTimeLimit $ bindTimeLimit $ - credentialLevel $ authenticationMethod $ - followReferrals $ dereferenceAliases $ - serviceSearchDescriptor $ serviceCredentialLevel $ - serviceAuthenticationMethod $ objectclassMap $ - attributeMap $ profileTTL ) + MAY ( defaultServerList $$ preferredServerList $$ + defaultSearchBase $$ defaultSearchScope $$ + searchTimeLimit $$ bindTimeLimit $$ + credentialLevel $$ authenticationMethod $$ + followReferrals $$ dereferenceAliases $$ + serviceSearchDescriptor $$ serviceCredentialLevel $$ + serviceAuthenticationMethod $$ objectclassMap $$ + attributeMap $$ profileTTL ) X-ORIGIN 'RFC4876' ) diff --git a/install/updates/20-dna.update b/install/updates/20-dna.update new file mode 100644 index 000000000..b83a3703d --- /dev/null +++ b/install/updates/20-dna.update @@ -0,0 +1,3 @@ +# Enable the DNA plugin +dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config +only:nsslapd-pluginEnabled: on diff --git a/install/updates/indices.update b/install/updates/20-indices.update index 3d0e42af6..3d0e42af6 100644 --- a/install/updates/indices.update +++ b/install/updates/20-indices.update diff --git a/install/updates/nss_ldap.update b/install/updates/20-nss_ldap.update index e8c1e00f7..e8c1e00f7 100644 --- a/install/updates/nss_ldap.update +++ b/install/updates/20-nss_ldap.update diff --git a/install/updates/replication.update b/install/updates/20-replication.update index 29823a6fa..29823a6fa 100644 --- a/install/updates/replication.update +++ b/install/updates/20-replication.update diff --git a/install/updates/winsync_index.update b/install/updates/20-winsync_index.update index f24bdf8bd..f24bdf8bd 100644 --- a/install/updates/winsync_index.update +++ b/install/updates/20-winsync_index.update diff --git a/install/updates/automount.update b/install/updates/30-automount.update index c89d583ae..c89d583ae 100644 --- a/install/updates/automount.update +++ b/install/updates/30-automount.update diff --git a/install/updates/groupofhosts.update b/install/updates/30-groupofhosts.update index fb39c5e25..fb39c5e25 100644 --- a/install/updates/groupofhosts.update +++ b/install/updates/30-groupofhosts.update diff --git a/install/updates/netgroups.update b/install/updates/30-netgroups.update index 0a8609e3e..0a8609e3e 100644 --- a/install/updates/netgroups.update +++ b/install/updates/30-netgroups.update diff --git a/install/updates/policy.update b/install/updates/30-policy.update index c3615d281..c3615d281 100644 --- a/install/updates/policy.update +++ b/install/updates/30-policy.update diff --git a/install/updates/rolegroup.update b/install/updates/30-rolegroup.update index ef8cd7890..1417167de 100644 --- a/install/updates/rolegroup.update +++ b/install/updates/30-rolegroup.update @@ -3,3 +3,4 @@ dn: cn=rolegroups,cn=accounts,$SUFFIX add:objectClass: nsContainer add:cn: rolegroups + diff --git a/install/updates/taskgroup.update b/install/updates/30-taskgroup.update index a98960657..a98960657 100644 --- a/install/updates/taskgroup.update +++ b/install/updates/30-taskgroup.update diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update new file mode 100644 index 000000000..307fb8cd9 --- /dev/null +++ b/install/updates/40-delegation.update @@ -0,0 +1,124 @@ +# Add the default roles + +dn: cn=helpdesk,cn=rolegroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: helpdesk +add:description: Helpdesk + +dn: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: useradmin +add:description: User Administrators + +dn: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: groupadmin +add:description: Group Administrators + +dn: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: hostadmin +add:description: Host Administrators + +dn: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: delegationadmin +add:description: Role administration + +dn: cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: serviceadmin +add:description: Service Administrators + +dn: cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: automountadmin +add:description: Automount Administrators + +dn: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: netgroupadmin +add:description: Netgroups Administrators + +dn: cn=useradmins,cn=rolegroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:objectClass: nestedgroup +add:cn: useradmins +add:description: User Administrators + +# Add the taskgroups referenced by the ACIs for user administration + +dn: cn=taskgroups,cn=accounts,$SUFFIX +add:objectClass: nsContainer +add:objectClass: top +add:cn: taskgroups + +dn: cn=addusers,cn=taskgroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: addusers +add:description: Add Users +add:member:"cn=useradmins,cn=rolegroups,cn=accounts,$SUFFIX" + +dn: cn=change_password,cn=taskgroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: change_password +add:description: Change a user password +add:member:"cn=useradmins,cn=rolegroups,cn=accounts,$SUFFIX" + +dn: cn=add_user_to_default_group,cn=taskgroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: add_user_to_default_group +add:description: Add user to default group +add:member:"cn=useradmins,cn=rolegroups,cn=accounts,$SUFFIX" + +dn: cn=removeusers,cn=taskgroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: removeusers +add:description: Remove Users +add:member:"cn=useradmins,cn=rolegroups,cn=accounts,$SUFFIX" + +dn: cn=modifyusers,cn=taskgroups,cn=accounts,$SUFFIX +add:objectClass: top +add:objectClass: groupofnames +add:cn: modifyusers +add:description: Modify Users +add:member:"cn=useradmins,cn=rolegroups,cn=accounts,$SUFFIX" + +# Add the ACIs that grant these permissions for user administration + +dn: $SUFFIX +add:aci: (target = "ldap:///uid=*,cn=users,cn=accounts,$SUFFIX")(version + 3.0;acl "Add Users";allow (add) groupdn = "ldap:///cn=addusers,cn=taskgroups + ,cn=accounts,$SUFFIX";) +add:aci: (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || samb + aNTPassword || passwordHistory")(version 3.0;acl "change_password";allow (wri + te) groupdn = "ldap:///cn=change_password,cn=taskgroups,cn=accounts,$SUFFIX + ";) +add:aci: (targetattr = "member")(target = "ldap:///cn=ipausers,cn=groups,cn=accoun + ts,$SUFFIX")(version 3.0;acl "Add user to default group";allow (wri + te) groupdn = "ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts + ,$SUFFIX";) +add:aci: (target = "ldap:///uid=*,cn=users,cn=accounts,$SUFFIX")(version + 3.0;acl "Remove Users";allow (delete) groupdn = "ldap:///cn=removeusers,cn=t + askgroups,cn=accounts,$SUFFIX";) +add:aci: (targetattr = "givenName || sn || cn || displayName || title || initials + || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneN + umber || telephoneNumber || street || roomNumber || l || st || postalCode || + manager || secretary || description || carLicense || labeledURI || inetUserHT + TPURL || seeAlso || employeeType || businessCategory || ou")(target = "ldap:/ + //uid=*,cn=users,cn=accounts,$SUFFIX")(version 3.0;acl "Modify User + s";allow (write) groupdn = "ldap:///cn=modifyusers,cn=taskgroups,$SUFFIX";) + diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 68e93b4f6..4b49cb1b0 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -2,18 +2,20 @@ NULL = appdir = $(IPA_DATA_DIR)/updates app_DATA = \ - automount.update \ - groupofhosts.update \ - indices.update \ - nss_ldap.update \ - replication.update \ - RFC2307bis.update \ - RFC4876.update \ - netgroups.update \ - policy.update \ - rolegroup.update \ - taskgroup.update \ - winsync_index.update \ + 10-RFC2307bis.update \ + 10-RFC4876.update \ + 20-dna.update \ + 20-indices.update \ + 20-nss_ldap.update \ + 20-replication.update \ + 20-winsync_index.update \ + 30-automount.update \ + 30-groupofhosts.update \ + 30-netgroups.update \ + 30-policy.update \ + 30-rolegroup.update \ + 30-taskgroup.update \ + 40-delegation.update \ $(NULL) EXTRA_DIST = \ diff --git a/install/updates/README b/install/updates/README new file mode 100644 index 000000000..064c6159f --- /dev/null +++ b/install/updates/README @@ -0,0 +1,8 @@ +The update files are sorted before being processed because there are +cases where order matters (such as getting schema added first, creating +parent entries, etc). + +10 - 20: Schema +20 - 30: FDS Configuration, new indices +30 - 40: Structual elements of the DIT +40 - 50: Pre-loaded data |