diff options
| author | Simo Sorce <ssorce@redhat.com> | 2011-01-13 16:57:23 -0500 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2011-01-14 14:06:56 -0500 |
| commit | 7ee490e35c00626f5b62778977e6132dbdb86d98 (patch) | |
| tree | 66aca524cd7a9ed6ebb447c289f12537ebe0849d /install/share | |
| parent | da7eb1155ec34941d71ad2449fd7e5de8a648d49 (diff) | |
| download | freeipa-7ee490e35c00626f5b62778977e6132dbdb86d98.tar.gz freeipa-7ee490e35c00626f5b62778977e6132dbdb86d98.tar.xz freeipa-7ee490e35c00626f5b62778977e6132dbdb86d98.zip | |
Remove radius options completely.
This has been completely abandoned since ipa v1 and is not built by default.
Instead of carrying dead weight, let's remove it for now.
Fixes: https://fedorahosted.org/freeipa/ticket/761
Diffstat (limited to 'install/share')
| -rw-r--r-- | install/share/60radius.ldif | 559 | ||||
| -rw-r--r-- | install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | install/share/bootstrap-template.ldif | 24 | ||||
| -rw-r--r-- | install/share/default-aci.ldif | 6 |
4 files changed, 0 insertions, 590 deletions
diff --git a/install/share/60radius.ldif b/install/share/60radius.ldif deleted file mode 100644 index 93a5ba319..000000000 --- a/install/share/60radius.ldif +++ /dev/null @@ -1,559 +0,0 @@ -# This is a LDAPv3 schema for RADIUS attributes. -# Tested on OpenLDAP 2.0.7 -# Posted by Javier Fernandez-Sanguino Pena <jfernandez@sgi.es> -# LDAP v3 version by Jochen Friedrich <jochen@scram.de> -# Updates by Adrian Pavlykevych <pam@polynet.lviv.ua> -# Modified by John Dennis <jdennis@redhat.com> for use with Directory Sever/IPA -# -# Note: These OID's do not seem to be registered, the closest I could find -# was 1.3.6.1.4.1.3317 -# {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) gnome(3317)} -# -############## -dn: cn=schema -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.1 - NAME 'radiusArapFeatures' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.2 - NAME 'radiusArapSecurity' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.3 - NAME 'radiusArapZoneAccess' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.44 - NAME 'radiusAuthType' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.4 - NAME 'radiusCallbackId' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.5 - NAME 'radiusCallbackNumber' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.6 - NAME 'radiusCalledStationId' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.7 - NAME 'radiusCallingStationId' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.8 - NAME 'radiusClass' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.45 - NAME 'radiusClientIPAddress' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.9 - NAME 'radiusFilterId' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.10 - NAME 'radiusFramedAppleTalkLink' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.11 - NAME 'radiusFramedAppleTalkNetwork' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.12 - NAME 'radiusFramedAppleTalkZone' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.13 - NAME 'radiusFramedCompression' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.14 - NAME 'radiusFramedIPAddress' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.15 - NAME 'radiusFramedIPNetmask' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.16 - NAME 'radiusFramedIPXNetwork' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.17 - NAME 'radiusFramedMTU' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.18 - NAME 'radiusFramedProtocol' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.19 - NAME 'radiusFramedRoute' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.20 - NAME 'radiusFramedRouting' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.46 - NAME 'radiusGroupName' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.47 - NAME 'radiusHint' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.48 - NAME 'radiusHuntgroupName' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.21 - NAME 'radiusIdleTimeout' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.22 - NAME 'radiusLoginIPHost' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.23 - NAME 'radiusLoginLATGroup' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.24 - NAME 'radiusLoginLATNode' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.25 - NAME 'radiusLoginLATPort' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.26 - NAME 'radiusLoginLATService' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.27 - NAME 'radiusLoginService' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.28 - NAME 'radiusLoginTCPPort' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.29 - NAME 'radiusPasswordRetry' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.30 - NAME 'radiusPortLimit' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.49 - NAME 'radiusProfileDn' - DESC '' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.31 - NAME 'radiusPrompt' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.50 - NAME 'radiusProxyToRealm' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.51 - NAME 'radiusReplicateToRealm' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.52 - NAME 'radiusRealm' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.32 - NAME 'radiusServiceType' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.33 - NAME 'radiusSessionTimeout' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.34 - NAME 'radiusTerminationAction' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.35 - NAME 'radiusTunnelAssignmentId' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.36 - NAME 'radiusTunnelMediumType' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.37 - NAME 'radiusTunnelPassword' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.38 - NAME 'radiusTunnelPreference' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.39 - NAME 'radiusTunnelPrivateGroupId' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.40 - NAME 'radiusTunnelServerEndpoint' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.41 - NAME 'radiusTunnelType' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.42 - NAME 'radiusVSA' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.43 - NAME 'radiusTunnelClientEndpoint' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -#need to change asn1.id -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.53 - NAME 'radiusSimultaneousUse' - DESC '' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.54 - NAME 'radiusLoginTime' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.55 - NAME 'radiusUserCategory' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.56 - NAME 'radiusStripUserName' - DESC '' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.57 - NAME 'dialupAccess' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.58 - NAME 'radiusExpiration' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.59 - NAME 'radiusCheckItem' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.60 - NAME 'radiusReplyItem' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.61 - NAME 'radiusNASIpAddress' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.62 - NAME 'radiusReplyMessage' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -objectClasses: - ( 1.3.6.1.4.1.3317.4.3.2.1 - NAME 'radiusprofile' - SUP top AUXILIARY - DESC '' - MUST uid - MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ - radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ - radiusCalledStationId $ radiusCallingStationId $ radiusClass $ - radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ - radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ - radiusFramedCompression $ radiusFramedIPAddress $ - radiusFramedIPNetmask $ radiusFramedIPXNetwork $ - radiusFramedMTU $ radiusFramedProtocol $ - radiusCheckItem $ radiusReplyItem $ - radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ - radiusGroupName $ radiusHint $ radiusHuntgroupName $ - radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ - radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ - radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ - radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ - radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ - radiusSessionTimeout $ radiusStripUserName $ - radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDn $ - radiusSimultaneousUse $ radiusTunnelAssignmentId $ - radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ - radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ - radiusTunnelType $ radiusUserCategory $ radiusVSA $ - radiusExpiration $ dialupAccess $ radiusNASIpAddress $ - radiusReplyMessage ) - ) -objectClasses: - ( 1.3.6.1.4.1.3317.4.3.2.2 - NAME 'radiusObjectProfile' - SUP top STRUCTURAL - DESC 'A Container Objectclass to be used for creating radius profile object' - MUST cn - MAY ( uid $ userPassword $ description ) - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.64 - NAME 'radiusClientSecret' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.65 - NAME 'radiusClientNASType' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE - ) -attributeTypes: - ( 1.3.6.1.4.1.3317.4.3.1.66 - NAME 'radiusClientShortName' - DESC '' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - ) -objectClasses: - ( 1.3.6.1.4.1.3317.4.3.2.3 - NAME 'radiusClientProfile' - SUP top STRUCTURAL - DESC 'A Container Objectclass to be used for describing radius clients' - MUST (radiusClientIPAddress $ radiusClientSecret) - MAY ( radiusClientNASType $ radiusClientShortName $ description ) - ) diff --git a/install/share/Makefile.am b/install/share/Makefile.am index b3673180d..0fb5c8961 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -5,7 +5,6 @@ app_DATA = \ 05rfc2247.ldif \ 60kerberos.ldif \ 60samba.ldif \ - 60radius.ldif \ 60ipaconfig.ldif \ 60basev2.ldif \ 60ipasudo.ldif \ diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 52f0c97ba..afff807fb 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -169,30 +169,6 @@ gecos: Administrator nsAccountLock: False ipaUniqueID: autogenerate -dn: cn=radius,$SUFFIX -changetype: add -objectClass: nsContainer -objectClass: top -cn: radius - -dn: cn=clients,cn=radius,$SUFFIX -changetype: add -objectClass: nsContainer -objectClass: top -cn: clients - -dn: cn=profiles,cn=radius,$SUFFIX -changetype: add -objectClass: nsContainer -objectClass: top -cn: profiles - -dn: uid=ipa_default, cn=profiles,cn=radius,$SUFFIX -changetype: add -objectClass: top -objectClass: radiusprofile -uid: ipa_default - dn: cn=admins,cn=groups,cn=accounts,$SUFFIX changetype: add objectClass: top diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif index 306652d59..ff0e5aec0 100644 --- a/install/share/default-aci.ldif +++ b/install/share/default-aci.ldif @@ -34,12 +34,6 @@ add: aci aci: (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) aci: (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) -dn: cn=radius,$SUFFIX -changetype: modify -add: aci -aci: (targetattr = "*")(version 3.0; acl "Only radius and admin can access radius service data"; deny (all) userdn!="ldap:///uid=admin,cn=users,cn=accounts,$SUFFIX || ldap:///krbprincipalname=radius/$FQDN@$REALM,cn=$REALM,cn=kerberos,$SUFFIX";) -aci: (targetfilter = "(objectClass=radiusprofile)")(targetattr != "aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add, delete, read, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) - dn: cn=services,cn=accounts,$SUFFIX changetype: modify add: aci |