diff options
author | Endi S. Dewata <edewata@redhat.com> | 2014-10-17 12:05:34 -0400 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-07-08 06:30:23 +0000 |
commit | bf6df3df9b388753a52a0040d9c15b1eabce41ca (patch) | |
tree | 9fa7083c38dc5b0a80ffda26cbb36c7463a18163 /install/share/60basev3.ldif | |
parent | 5017726ebaf6eea3dedb1325efe00c0d6c4b6187 (diff) | |
download | freeipa-bf6df3df9b388753a52a0040d9c15b1eabce41ca.tar.gz freeipa-bf6df3df9b388753a52a0040d9c15b1eabce41ca.tar.xz freeipa-bf6df3df9b388753a52a0040d9c15b1eabce41ca.zip |
Added vault access control.
New LDAP ACIs have been added to allow vault owners to manage the
vaults and to allow members to access the vaults. New CLIs have
been added to manage the owner and member list. The LDAP schema
has been updated as well.
https://fedorahosted.org/freeipa/ticket/3872
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'install/share/60basev3.ldif')
-rw-r--r-- | install/share/60basev3.ldif | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/install/share/60basev3.ldif b/install/share/60basev3.ldif index 5491f99f5..16d7c21d9 100644 --- a/install/share/60basev3.ldif +++ b/install/share/60basev3.ldif @@ -82,4 +82,5 @@ objectClasses: (2.16.840.1.113730.3.8.12.24 NAME 'ipaPublicKeyObject' DESC 'Wrap objectClasses: (2.16.840.1.113730.3.8.12.25 NAME 'ipaPrivateKeyObject' DESC 'Wrapped private keys' SUP top AUXILIARY MUST ( ipaPrivateKey $ ipaWrappingKey $ ipaWrappingMech ) X-ORIGIN 'IPA v4.1' ) objectClasses: (2.16.840.1.113730.3.8.12.26 NAME 'ipaSecretKeyObject' DESC 'Wrapped secret keys' SUP top AUXILIARY MUST ( ipaSecretKey $ ipaWrappingKey $ ipaWrappingMech ) X-ORIGIN 'IPA v4.1' ) objectClasses: (2.16.840.1.113730.3.8.12.34 NAME 'ipaSecretKeyRefObject' DESC 'Indirect storage for encoded key material' SUP top AUXILIARY MUST ( ipaSecretKeyRef ) X-ORIGIN 'IPA v4.1' ) -objectClasses: (2.16.840.1.113730.3.8.18.1.1 NAME 'ipaVault' DESC 'IPA vault' SUP top STRUCTURAL MUST ( cn ) MAY ( description $ ipaVaultType $ ipaVaultSalt $ ipaVaultPublicKey ) X-ORIGIN 'IPA v4.2' ) +objectClasses: (2.16.840.1.113730.3.8.18.1.1 NAME 'ipaVault' DESC 'IPA vault' SUP top STRUCTURAL MUST ( cn ) MAY ( description $ ipaVaultType $ ipaVaultSalt $ ipaVaultPublicKey $ owner $ member ) X-ORIGIN 'IPA v4.2' ) +objectClasses: (2.16.840.1.113730.3.8.18.1.2 NAME 'ipaVaultContainer' DESC 'IPA vault container' SUP top STRUCTURAL MUST ( cn ) MAY ( description $ owner ) X-ORIGIN 'IPA v4.2' ) |