Basic changes to get a default principal for DNS

Also moves delagation layout installation in dsinstance. This is needed to allow us to set default membership in other modules like bindinstance. Signed-off-by: Martin Nagy <mnagy@redhat.com>
author: Simo Sorce <ssorce@redhat.com> 2009-06-04 15:33:49 -0400
committer: Simo Sorce <ssorce@redhat.com> 2009-07-10 09:42:22 -0400
commit: 9fe707a3f2e9a25e908cc9279c46a0f0c5acb15f (patch)
tree: 36113340606e99d69a3c204cb79f4e968f4c7b2b /install/share/delegation.ldif
parent: 24089821fbc738b22f524d4d107d9de458484291 (diff)
download: freeipa-9fe707a3f2e9a25e908cc9279c46a0f0c5acb15f.tar.gz
freeipa-9fe707a3f2e9a25e908cc9279c46a0f0c5acb15f.tar.xz
freeipa-9fe707a3f2e9a25e908cc9279c46a0f0c5acb15f.zip
1 files changed, 348 insertions, 0 deletions
diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif
new file mode 100644
index 000000000..1539ae1d5
--- /dev/null
+++ b/install/share/delegation.ldif
@@ -0,0 +1,348 @@
+dn: cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: nsContainer
+cn: rolegroups
+
+dn: cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: nsContainer
+cn: taskgroups
+
+# Add the default roles
+dn: cn=helpdesk,cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: helpdesk
+description: Helpdesk
+
+dn: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: useradmin
+description: User Administrators
+
+dn: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: groupadmin
+description: Group Administrators
+
+dn: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: hostadmin
+description: Host Administrators
+
+dn: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: hostgroupadmin
+description: Host Group Administrators
+
+dn: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: delegationadmin
+description: Role administration
+
+dn: cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: serviceadmin
+description: Service Administrators
+
+dn: cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: automountadmin
+description: Automount Administrators
+
+dn: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: netgroupadmin
+description: Netgroups Administrators
+
+dn: cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: dnsadmin
+description: DNS Administrators
+
+dn: cn=dnsserver,cn=rolegroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: dnsserver
+description: DNS Servers
+
+dn: cn=addusers,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: addusers
+description: Add Users
+member: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=change_password,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: change_password
+description: Change a user password
+member: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=add_user_to_default_group,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: add_user_to_default_group
+description: Add user to default group
+member: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=removeusers,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: removeusers
+description: Remove Users
+member: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=modifyusers,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: modifyusers
+description: Modify Users
+member: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+# Add the taskgroups referenced by the ACIs for group administration
+dn: cn=addgroups,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: addgroups
+description: Add Groups
+member: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=removegroups,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: removegroups
+description: Remove Groups
+member: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=modifygroups,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: modifygroups
+description: Modify Groups
+member: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=modifygroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: modifygroupmembership
+description: Modify Group membership
+member: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+# Add the taskgroups referenced by the ACIs for host administration
+dn: cn=addhosts,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: addhosts
+description: Add Hosts
+member: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=removehosts,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: removehosts
+description: Remove Hosts
+member: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=modifyhosts,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: modifyhosts
+description: Modify Hosts
+member: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+# Add the taskgroups referenced by the ACIs for hostgroup administration
+dn: cn=addhostgroups,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: addhostgroups
+description: Add Host Groups
+member: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=removehostgroups,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: removehostgroups
+description: Remove Host Groups
+member: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=modifyhostgroups,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: modifyhostgroups
+description: Modify Host Groups
+member: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: modifyhostgroupmembership
+description: Modify Host Group membership
+member: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+# Add the taskgroups referenced by the ACIs for service administration
+dn: cn=addservices,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: addservices
+description: Add Services
+member: cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=removeservices,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: removeservices
+description: Remove Services
+member: cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+# Add the taskgroups referenced by the ACIs for delegation administration
+# This just lets one manage taskgroup membership and create and delete roles
+dn: cn=addroles,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: addhrole
+description: Add Roles
+member: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=removeroles,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: removeroles
+description: Remove Roles
+member: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=modifyroles,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: modifyroles
+description: Modify Roles
+member: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: modifyrolegroupmembership
+description: Modify Role Group membership
+member: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: modifytaskgroupmembership
+description: Modify Task Group membership
+member: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+# Add the taskgroups referenced by the ACIs for automount administration
+dn: cn=addautomount,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: addautomount
+description: Add Automount maps/keys
+member: cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=removeautomount,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: removeautomount
+description: Remove Automount maps/keys
+member: cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+# Add the taskgroups referenced by the ACIs for netgroup administration
+dn: cn=addnetgroups,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: addnetgroups
+description: Add netgroups
+member: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=removenetgroups,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: removenetgroups
+description: Remove netgroups
+member: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=modifynetgroups,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: modifynetgroups
+description: Modify netgroups
+member: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+dn: cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: modifynetgroupmembership
+description: Modify netgroup membership
+member: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+# Taskgroup for retrieving host keytabs
+dn: cn=manage_host_keytab,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: manage_host_keytab
+description: Manage host keytab
+member: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX
+
+# Taskgroup for updating the DNS entries
+dn: cn=update_dns,cn=taskgroups,cn=accounts,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: groupofnames
+cn: manage_host_keytab
+description: Updates DNS
+member: cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX
+member: cn=dnsserver,cn=rolegroups,cn=accounts,$SUFFIX
author	Simo Sorce <ssorce@redhat.com>	2009-06-04 15:33:49 -0400
committer	Simo Sorce <ssorce@redhat.com>	2009-07-10 09:42:22 -0400
commit	9fe707a3f2e9a25e908cc9279c46a0f0c5acb15f (patch)
tree	36113340606e99d69a3c204cb79f4e968f4c7b2b /install/share/delegation.ldif
parent	24089821fbc738b22f524d4d107d9de458484291 (diff)
download	freeipa-9fe707a3f2e9a25e908cc9279c46a0f0c5acb15f.tar.gz freeipa-9fe707a3f2e9a25e908cc9279c46a0f0c5acb15f.tar.xz freeipa-9fe707a3f2e9a25e908cc9279c46a0f0c5acb15f.zip