diff options
| author | Jan Zeleny <jzeleny@redhat.com> | 2011-01-21 03:07:53 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-01-28 10:23:02 -0500 |
| commit | 884f43f0db6da9243dd4315bdb9b481935be2456 (patch) | |
| tree | 957c693ccedd4b2bb4d4a448fff18fcd7c04e740 /install/share/60kerberos.ldif | |
| parent | 7b04b2240b92cc586fc06a8686c3616b020137fe (diff) | |
| download | freeipa-884f43f0db6da9243dd4315bdb9b481935be2456.tar.gz freeipa-884f43f0db6da9243dd4315bdb9b481935be2456.tar.xz freeipa-884f43f0db6da9243dd4315bdb9b481935be2456.zip | |
Add support for account unlocking
This patch adds command ipa user-unlock and some LDAP modifications
which are required by Kerberos for unlocking to work.
Ticket:
https://fedorahosted.org/freeipa/ticket/344
Diffstat (limited to 'install/share/60kerberos.ldif')
| -rw-r--r-- | install/share/60kerberos.ldif | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/install/share/60kerberos.ldif b/install/share/60kerberos.ldif index f08329c48..72800d242 100644 --- a/install/share/60kerberos.ldif +++ b/install/share/60kerberos.ldif @@ -254,6 +254,8 @@ attributetypes: ( 2.16.840.1.113719.1.301.4.52.1 NAME 'krbObjectReferences' EQUA ##### the additional principal objects and stand alone principal ##### objects (krbPrincipal) can be created. attributetypes: ( 2.16.840.1.113719.1.301.4.53.1 NAME 'krbPrincContainerRef' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) +##### The time at which administrator unlocked the account +attributetypes: ( 1.3.6.1.4.1.5322.21.2.5 NAME 'krbLastAdminUnlock' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE) ######################################################################## ######################################################################## # Object Class Definitions # @@ -282,7 +284,7 @@ objectClasses: ( 2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP ( krbSer objectClasses: ( 2.16.840.1.113719.1.301.6.5.1 NAME 'krbPwdService' SUP ( krbService ) ) ###### The principal data auxiliary class. Holds principal information ###### and is used to store principal information for Person, Service objects. -objectClasses: ( 2.16.840.1.113719.1.301.6.8.1 NAME 'krbPrincipalAux' AUXILIARY MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData ) ) +objectClasses: ( 2.16.840.1.113719.1.301.6.8.1 NAME 'krbPrincipalAux' AUXILIARY MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData $ krbLastAdminUnlock ) ) ###### This class is used to create additional principals and stand alone principals. objectClasses: ( 2.16.840.1.113719.1.301.6.9.1 NAME 'krbPrincipal' SUP ( top ) MUST ( krbPrincipalName ) MAY ( krbObjectReferences ) ) ###### The principal references auxiliary class. Holds all principals referred |