summaryrefslogtreecommitdiffstats
path: root/install/share/bootstrap-template.ldif
diff options
context:
space:
mode:
authorFraser Tweedale <ftweedal@redhat.com>2015-05-25 08:39:07 -0400
committerJan Cholasta <jcholast@redhat.com>2015-06-11 10:50:31 +0000
commitbc0c60688505968daf6851e3e179aab20e23af7d (patch)
treeea8cb740dfcd50ab46d73a350686502d80a902ec /install/share/bootstrap-template.ldif
parentae56ca422d1897569717fa44a5d483b10e490f6a (diff)
downloadfreeipa-bc0c60688505968daf6851e3e179aab20e23af7d.tar.gz
freeipa-bc0c60688505968daf6851e3e179aab20e23af7d.tar.xz
freeipa-bc0c60688505968daf6851e3e179aab20e23af7d.zip
Add CA ACL plugin
Implement the caacl commands, which are used to indicate which principals may be issued certificates from which (sub-)CAs, using which profiles. At this commit, and until sub-CAs are implemented, all rules refer to the top-level CA (represented as ".") and no ca-ref argument is exposed. Also, during install and upgrade add a default CA ACL that permits certificate issuance for all hosts and services using the profile 'caIPAserviceCert' on the top-level CA. Part of: https://fedorahosted.org/freeipa/ticket/57 Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'install/share/bootstrap-template.ldif')
-rw-r--r--install/share/bootstrap-template.ldif6
1 files changed, 6 insertions, 0 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index c5d4bad8b..2387f220f 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -441,3 +441,9 @@ changetype: add
objectClass: nsContainer
objectClass: top
cn: certprofiles
+
+dn: cn=caacls,cn=ca,$SUFFIX
+changetype: add
+objectClass: nsContainer
+objectClass: top
+cn: caacls
generated by cgit (git 2.34.1) at 2024-06-09 21:10:28 +0000