diff options
| author | Petr Vobornik <pvoborni@redhat.com> | 2014-03-07 17:34:44 +0100 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2014-03-20 10:02:31 +0100 |
| commit | 1ff095333e9c5eb90b160c619d65f823f1f9f0a0 (patch) | |
| tree | 16bed29b7ef94f5936c5210ec993f5eca6773bcb /install/ui/test/data/ipa_init_objects.json | |
| parent | ffab72cc79d31c59d49d40b4f66852e767821fa6 (diff) | |
| download | freeipa-1ff095333e9c5eb90b160c619d65f823f1f9f0a0.tar.gz freeipa-1ff095333e9c5eb90b160c619d65f823f1f9f0a0.tar.xz freeipa-1ff095333e9c5eb90b160c619d65f823f1f9f0a0.zip | |
webui-static: update metadata files
Update JSON metadata files for static presentation of FreeIPA UI and
some tests. This regeneration did not happen for very long time and
an update is needed for upcoming ACI patch.
prerequisite for:
https://fedorahosted.org/freeipa/ticket/4079
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/ui/test/data/ipa_init_objects.json')
| -rw-r--r-- | install/ui/test/data/ipa_init_objects.json | 1409 |
1 files changed, 1210 insertions, 199 deletions
diff --git a/install/ui/test/data/ipa_init_objects.json b/install/ui/test/data/ipa_init_objects.json index 2367cf46c..3c7fbd21f 100644 --- a/install/ui/test/data/ipa_init_objects.json +++ b/install/ui/test/data/ipa_init_objects.json @@ -19,6 +19,7 @@ ], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=automember,cn=etc", "default_attributes": [ "automemberinclusiveregex", @@ -113,6 +114,7 @@ ], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=automount", "default_attributes": [ "automountkey", @@ -215,6 +217,7 @@ ], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=automount", "default_attributes": [ "cn" @@ -288,6 +291,7 @@ ], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=automount", "default_attributes": [ "automountmapname", @@ -367,6 +371,7 @@ "aciattrs": [], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "", "default_attributes": [ "ipamaxusernamelength", @@ -384,7 +389,8 @@ "ipaselinuxusermaporder", "ipaselinuxusermapdefault", "ipaconfigstring", - "ipakrbauthzdata" + "ipakrbauthzdata", + "ipauserauthtype" ], "hidden_attributes": [ "objectclass", @@ -602,20 +608,34 @@ "label": "Default SELinux user", "name": "ipaselinuxusermapdefault", "noextrawhitespace": true, - "required": true, "type": "unicode" }, { "class": "StrEnum", - "doc": "Default types of PAC for new services", + "doc": "Default types of PAC supported for services", "flags": [], - "label": "PAC type", + "label": "Default PAC types", "multivalue": true, "name": "ipakrbauthzdata", "type": "unicode", "values": [ "MS-PAC", - "PAD" + "PAD", + "nfs:NONE" + ] + }, + { + "class": "StrEnum", + "doc": "Default types of supported user authentication", + "flags": [], + "label": "Default user authentication types", + "multivalue": true, + "name": "ipauserauthtype", + "type": "unicode", + "values": [ + "password", + "radius", + "otp" ] } ], @@ -633,11 +653,15 @@ "acctpolicysubentry", "aci", "administratorcontactinfo", + "adminmessages", "adminrole", "adminurl", "afsdbrecord", + "algorithm", + "algorithmid", "aliasedobjectname", "altserver", + "archivedby", "arecord", "associateddomain", "associatedname", @@ -658,6 +682,8 @@ "automountinformation", "automountkey", "automountmapname", + "autorenew", + "beginrange", "bindtimelimit", "bootfile", "bootparameter", @@ -676,6 +702,7 @@ "carlicense", "certificaterevocationlist", "certrecord", + "certstatus", "changelog", "changelogmaximumage", "changelogmaximumconcurrentwrites", @@ -696,7 +723,10 @@ "cirupdateschedule", "cirusepersistentsearch", "cirusessl", + "clientid", + "clone", "cmdcategory", + "cmsusergroup", "cn", "cnamerecord", "co", @@ -712,13 +742,26 @@ "createtimestamp", "creatorsname", "credentiallevel", + "crlcache", + "crlextensions", + "crlname", + "crlnumber", + "crlsize", "crosscertificatepair", + "datatype", + "dateofarchival", + "dateofcreate", + "dateofmodify", + "dateofrecovery", + "dateofrevocation", "dc", "defaultsearchbase", "defaultsearchscope", "defaultserverlist", "deleteoldrdn", + "deltanumber", "deltarevocationlist", + "deltasize", "departmentnumber", "dereferencealiases", "description", @@ -740,6 +783,10 @@ "dnaprefix", "dnarangerequesttimeout", "dnaremainingvalues", + "dnaremotebindcred", + "dnaremotebinddn", + "dnaremotebindmethod", + "dnaremoteconnprotocol", "dnascope", "dnasecureportnum", "dnasharedcfgdn", @@ -755,8 +802,11 @@ "documentpublisher", "documenttitle", "documentversion", + "domainmanager", "drink", + "dsonlymemberuid", "dsrecord", + "duration", "edupersonaffiliation", "edupersonentitlement", "edupersonnickname", @@ -768,15 +818,19 @@ "edupersonscopedaffiliation", "employeenumber", "employeetype", + "endrange", "enhancedsearchguide", "enrolledby", "entrydn", "entryid", "entryusn", + "expiredcerts", + "extension", "externalhost", "externaluser", "facsimiletelephonenumber", "filterinfo", + "firstunsaved", "followreferrals", "fqdn", "ftpdownloadbandwidth", @@ -811,6 +865,7 @@ "idnsforwarders", "idnsforwardpolicy", "idnsname", + "idnspersistentsearch", "idnssoaexpire", "idnssoaminimum", "idnssoamname", @@ -820,6 +875,7 @@ "idnssoaserial", "idnsupdatepolicy", "idnszoneactive", + "idnszonerefresh", "inetdomainbasedn", "inetdomainstatus", "inetsubscriberaccountid", @@ -845,6 +901,7 @@ "ipadefaultloginshell", "ipadefaultprimarygroup", "ipaenabledflag", + "ipaentitlementid", "ipaexternalmember", "ipagroupobjectclasses", "ipagroupsearchfields", @@ -863,6 +920,8 @@ "ipantlogonscript", "ipantprofilepath", "ipantsecurityidentifier", + "ipantsidblacklistincoming", + "ipantsidblacklistoutgoing", "ipantsupportedencryptiontypes", "ipanttrustattributes", "ipanttrustauthincoming", @@ -873,8 +932,17 @@ "ipanttrustpartner", "ipanttrustposixoffset", "ipanttrusttype", + "ipapermbindruletype", + "ipapermdefaultattr", + "ipapermexcludedattr", + "ipapermincludedattr", "ipapermissiontype", + "ipapermlocation", + "ipapermright", + "ipapermtarget", + "ipapermtargetfilter", "ipapwdexpadvnotify", + "iparangetype", "ipasearchrecordslimit", "ipasearchtimelimit", "ipasecondarybaserid", @@ -889,7 +957,29 @@ "ipasudorunasgroup", "ipasudorunasgroupcategory", "ipasudorunasusercategory", + "ipatokendisabled", + "ipatokenhotpcounter", + "ipatokenmodel", + "ipatokennotafter", + "ipatokennotbefore", + "ipatokenotpalgorithm", + "ipatokenotpdigits", + "ipatokenotpkey", + "ipatokenowner", + "ipatokenradiusconfiglink", + "ipatokenradiusretries", + "ipatokenradiussecret", + "ipatokenradiusserver", + "ipatokenradiustimeout", + "ipatokenradiususername", + "ipatokenserial", + "ipatokentotpclockoffset", + "ipatokentotptimestep", + "ipatokenuniqueid", + "ipatokenusermapattribute", + "ipatokenvendor", "ipauniqueid", + "ipauserauthtype", "ipauserobjectclasses", "ipausersearchfields", "iphostnumber", @@ -899,6 +989,9 @@ "ipserviceport", "ipserviceprotocol", "isreplicated", + "issuedby", + "issueinfo", + "issuername", "javaclassname", "javaclassnames", "javacodebase", @@ -908,6 +1001,8 @@ "javaserializeddata", "jpegphoto", "keyrecord", + "keysize", + "keystate", "krbadmservers", "krbcanonicalname", "krbdefaultencsalttypes", @@ -997,6 +1092,7 @@ "mepmappedattr", "meprdnattr", "mepstaticattr", + "metainfo", "mgrpaddheader", "mgrpallowedbroadcaster", "mgrpalloweddomain", @@ -1040,6 +1136,8 @@ "netscapereversiblepassword", "newrdn", "newsuperior", + "nextrange", + "nextupdate", "nisdomain", "nisdomainname", "nismapentry", @@ -1050,6 +1148,8 @@ "nisnetiduser", "nispublickey", "nissecretkey", + "notafter", + "notbefore", "nsaccesslog", "nsaccountlock", "nsadminaccessaddresses", @@ -1091,6 +1191,8 @@ "nsds5replconflict", "nsds5replicaabortcleanruv", "nsds5replicaautoreferral", + "nsds5replicabackoffmax", + "nsds5replicabackoffmin", "nsds5replicabinddn", "nsds5replicabindmethod", "nsds5replicabusywaittime", @@ -1111,6 +1213,7 @@ "nsds5replicalegacyconsumer", "nsds5replicaname", "nsds5replicaport", + "nsds5replicaprotocoltimeout", "nsds5replicapurgedelay", "nsds5replicareferral", "nsds5replicaroot", @@ -1142,6 +1245,7 @@ "nshostlocation", "nsidletimeout", "nsidlistscanlimit", + "nsindexidlistscanlimit", "nsindextype", "nsinstalledlocation", "nsjarfilename", @@ -1171,9 +1275,11 @@ "nsrole", "nsroledn", "nsrolefilter", + "nsrolescopedn", "nsruvreplicalastmodified", "nssaslmapbasedntemplate", "nssaslmapfiltertemplate", + "nssaslmappriority", "nssaslmapregexstring", "nsschemacsn", "nssecureserverport", @@ -1188,6 +1294,7 @@ "nsslapd-changelogsuffix", "nsslapd-ldapiautodnsuffix", "nsslapd-parent-suffix", + "nsslapd-plugin-depends-on-type", "nsslapd-pluginconfigarea", "nsslapd-plugindescription", "nsslapd-pluginenabled", @@ -1198,6 +1305,8 @@ "nsslapd-pluginvendor", "nsslapd-pluginversion", "nsslapd-readonly", + "nsslapd-sasl-mapping-fallback", + "nsslapd-sasl-max-buffer-size", "nsslapd-suffix", "nssnmpcontact", "nssnmpdescription", @@ -1295,6 +1404,8 @@ "organizationalstatus", "ou", "owner", + "ownername", + "p12expiration", "pager", "pamexcludesuffix", "pamfallback", @@ -1307,6 +1418,8 @@ "pamservice", "parentid", "parentorganization", + "password", + "passwordadmindn", "passwordallowchangetime", "passwordchange", "passwordchecksyntax", @@ -1338,6 +1451,7 @@ "passwordresetfailurecount", "passwordretrycount", "passwordstoragescheme", + "passwordtrackupdatetime", "passwordunlock", "passwordwarning", "personaltitle", @@ -1385,8 +1499,13 @@ "printer-stacking-order-supported", "printer-uri", "printer-xri-supported", + "privatekeydata", "profilettl", + "proofofarchival", "ptrrecord", + "publickeydata", + "publickeyformat", + "publishingstatus", "pwdpolicysubentry", "pwdupdatetime", "ref", @@ -1408,9 +1527,31 @@ "replicaupdatereplayed", "replicaupdateschedule", "replicausessl", + "requestagentgroup", + "requesterror", + "requestflag", + "requestid", + "requestinfo", + "requestowner", + "requestresult", + "requestsourceid", + "requeststate", + "requesttype", + "resourceacls", "retrycountresettime", + "revinfo", + "revokedby", + "revokedcerts", + "revokedon", "roleoccupant", "roomnumber", + "rootdn-allow-host", + "rootdn-allow-ip", + "rootdn-close-time", + "rootdn-days-allowed", + "rootdn-deny-host", + "rootdn-deny-ip", + "rootdn-open-time", "rrsigrecord", "sabayonprofilename", "sabayonprofileurl", @@ -1475,7 +1616,12 @@ "searchguide", "searchtimelimit", "secretary", + "secureadminport", + "secureagentport", + "secureeeclientauthport", + "secureport", "seealso", + "serialno", "serialnumber", "serverhostname", "serverproductname", @@ -1485,6 +1631,7 @@ "servicecategory", "servicecredentiallevel", "servicesearchdescriptor", + "sessioncontext", "shadowexpire", "shadowflag", "shadowinactive", @@ -1492,6 +1639,7 @@ "shadowmax", "shadowmin", "shadowwarning", + "signingalgorithmid", "sigrecord", "sn", "sourcehost", @@ -1499,9 +1647,12 @@ "srvrecord", "sshfprecord", "st", + "status", "street", "structuralobjectclass", + "subjectname", "subschemasubentry", + "subsystemname", "subtreeaci", "sudocmd", "sudocommand", @@ -1524,38 +1675,54 @@ "telephonenumber", "teletexterminalidentifier", "telexnumber", + "thisupdate", "title", "tombstonenumsubordinates", + "transid", + "transname", + "transops", + "transstatus", "trustmodel", "ttl", "txtrecord", "uid", "uidnumber", - "unhashed#user#password", "uniqueidentifier", "uniquemember", + "unrevokedcerts", + "unsecureport", "usercategory", "usercertificate", "userclass", + "userdn", + "usermessages", "userpassword", "userpkcs12", "usersmimecertificate", + "userstate", + "usertype", "vacationenddate", "vacationstartdate", "vendorname", "vendorversion", + "version", "vlvbase", "vlvenabled", "vlvfilter", "vlvscope", "vlvsort", "vlvuses", + "winsyncdirectoryfilter", "winsyncinterval", + "winsyncmoveaction", + "winsyncsubtreepair", + "winsyncwindowsfilter", "x121address", "x500uniqueidentifier" ], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=costemplates,cn=accounts", "default_attributes": [ "cn", @@ -1674,7 +1841,7 @@ }, { "class": "Str", - "doc": "Comma-separated list of permissions to grant (read, write). Default is write.", + "doc": "Permissions to grant (read, write). Default is write.", "flags": [], "label": "Permissions", "multivalue": true, @@ -1684,7 +1851,7 @@ }, { "class": "Str", - "doc": "Comma-separated list of attributes", + "doc": "Attributes to which the delegation applies", "flags": [], "label": "Attributes", "multivalue": true, @@ -1719,6 +1886,7 @@ "aciattrs": [], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "", "default_attributes": [ "idnsforwardpolicy", @@ -1767,7 +1935,7 @@ "takes_params": [ { "class": "Str", - "doc": "A list of global forwarders. A custom port can be specified for each forwarder using a standard format \"IP_ADDRESS port PORT\"", + "doc": "Global forwarders. A custom port can be specified for each forwarder using a standard format \"IP_ADDRESS port PORT\"", "flags": [], "label": "Global forwarders", "multivalue": true, @@ -1777,14 +1945,15 @@ }, { "class": "StrEnum", - "doc": "Forward policy", + "doc": "Global forwarding policy. Set to \"none\" to disable any configured global forwarders.", "flags": [], "label": "Forward policy", "name": "idnsforwardpolicy", "type": "unicode", "values": [ "only", - "first" + "first", + "none" ] }, { @@ -1794,6 +1963,17 @@ "label": "Allow PTR sync", "name": "idnsallowsyncptr", "type": "bool" + }, + { + "class": "DeprecatedParam", + "deprecate": true, + "doc": "Zone refresh interval", + "flags": [ + "no_option" + ], + "label": "Zone refresh interval", + "name": "idnszonerefresh", + "type": "object" } ], "uuid_attribute": "" @@ -1805,7 +1985,6 @@ "afsdbrecord", "arecord", "certrecord", - "cn", "cnamerecord", "dnamerecord", "dnsclass", @@ -1834,6 +2013,7 @@ ], "attribute_members": {}, "bindable": false, + "can_have_permissions": true, "container_dn": "cn=dns", "default_attributes": [ "idnsname", @@ -1995,7 +2175,7 @@ }, { "class": "ARecord", - "doc": "Comma-separated list of raw A records", + "doc": "Raw A records", "flags": [], "label": "A record", "multivalue": true, @@ -2036,7 +2216,7 @@ }, { "class": "AAAARecord", - "doc": "Comma-separated list of raw AAAA records", + "doc": "Raw AAAA records", "flags": [], "label": "AAAA record", "multivalue": true, @@ -2077,7 +2257,7 @@ }, { "class": "A6Record", - "doc": "Comma-separated list of raw A6 records", + "doc": "Raw A6 records", "flags": [], "label": "A6 record", "multivalue": true, @@ -2104,7 +2284,7 @@ }, { "class": "AFSDBRecord", - "doc": "Comma-separated list of raw AFSDB records", + "doc": "Raw AFSDB records", "flags": [], "label": "AFSDB record", "multivalue": true, @@ -2147,7 +2327,7 @@ }, { "class": "APLRecord", - "doc": "Comma-separated list of raw APL records", + "doc": "Raw APL records", "flags": [ "no_option" ], @@ -2162,7 +2342,7 @@ }, { "class": "CERTRecord", - "doc": "Comma-separated list of raw CERT records", + "doc": "Raw CERT records", "flags": [], "label": "CERT record", "multivalue": true, @@ -2234,7 +2414,7 @@ }, { "class": "CNAMERecord", - "doc": "Comma-separated list of raw CNAME records", + "doc": "Raw CNAME records", "flags": [], "label": "CNAME record", "multivalue": true, @@ -2261,7 +2441,7 @@ }, { "class": "DHCIDRecord", - "doc": "Comma-separated list of raw DHCID records", + "doc": "Raw DHCID records", "flags": [ "no_option" ], @@ -2276,7 +2456,7 @@ }, { "class": "DLVRecord", - "doc": "Comma-separated list of raw DLV records", + "doc": "Raw DLV records", "flags": [ "no_option" ], @@ -2291,7 +2471,7 @@ }, { "class": "DNAMERecord", - "doc": "Comma-separated list of raw DNAME records", + "doc": "Raw DNAME records", "flags": [], "label": "DNAME record", "multivalue": true, @@ -2318,7 +2498,7 @@ }, { "class": "DNSKEYRecord", - "doc": "Comma-separated list of raw DNSKEY records", + "doc": "Raw DNSKEY records", "flags": [ "no_option" ], @@ -2333,7 +2513,7 @@ }, { "class": "DSRecord", - "doc": "Comma-separated list of raw DS records", + "doc": "Raw DS records", "flags": [], "label": "DS record", "multivalue": true, @@ -2405,7 +2585,7 @@ }, { "class": "HIPRecord", - "doc": "Comma-separated list of raw HIP records", + "doc": "Raw HIP records", "flags": [ "no_option" ], @@ -2420,7 +2600,7 @@ }, { "class": "IPSECKEYRecord", - "doc": "Comma-separated list of raw IPSECKEY records", + "doc": "Raw IPSECKEY records", "flags": [ "no_option" ], @@ -2435,7 +2615,7 @@ }, { "class": "KEYRecord", - "doc": "Comma-separated list of raw KEY records", + "doc": "Raw KEY records", "flags": [], "label": "KEY record", "multivalue": true, @@ -2507,7 +2687,7 @@ }, { "class": "KXRecord", - "doc": "Comma-separated list of raw KX records", + "doc": "Raw KX records", "flags": [], "label": "KX record", "multivalue": true, @@ -2549,7 +2729,7 @@ }, { "class": "LOCRecord", - "doc": "Comma-separated list of raw LOC records", + "doc": "Raw LOC records", "flags": [], "label": "LOC record", "multivalue": true, @@ -2789,7 +2969,7 @@ }, { "class": "MXRecord", - "doc": "Comma-separated list of raw MX records", + "doc": "Raw MX records", "flags": [], "label": "MX record", "multivalue": true, @@ -2831,7 +3011,7 @@ }, { "class": "NAPTRRecord", - "doc": "Comma-separated list of raw NAPTR records", + "doc": "Raw NAPTR records", "flags": [], "label": "NAPTR record", "multivalue": true, @@ -2930,7 +3110,7 @@ }, { "class": "NSRecord", - "doc": "Comma-separated list of raw NS records", + "doc": "Raw NS records", "flags": [], "label": "NS record", "multivalue": true, @@ -2957,7 +3137,7 @@ }, { "class": "NSECRecord", - "doc": "Comma-separated list of raw NSEC records", + "doc": "Raw NSEC records", "flags": [], "label": "NSEC record", "multivalue": true, @@ -3035,7 +3215,7 @@ }, { "class": "NSEC3Record", - "doc": "Comma-separated list of raw NSEC3 records", + "doc": "Raw NSEC3 records", "flags": [ "no_option" ], @@ -3050,7 +3230,7 @@ }, { "class": "NSEC3PARAMRecord", - "doc": "Comma-separated list of raw NSEC3PARAM records", + "doc": "Raw NSEC3PARAM records", "flags": [ "no_option" ], @@ -3065,7 +3245,7 @@ }, { "class": "PTRRecord", - "doc": "Comma-separated list of raw PTR records", + "doc": "Raw PTR records", "flags": [], "label": "PTR record", "multivalue": true, @@ -3092,7 +3272,7 @@ }, { "class": "RRSIGRecord", - "doc": "Comma-separated list of raw RRSIG records", + "doc": "Raw RRSIG records", "flags": [], "label": "RRSIG record", "multivalue": true, @@ -3270,7 +3450,7 @@ }, { "class": "RPRecord", - "doc": "Comma-separated list of raw RP records", + "doc": "Raw RP records", "flags": [ "no_option" ], @@ -3285,7 +3465,7 @@ }, { "class": "SIGRecord", - "doc": "Comma-separated list of raw SIG records", + "doc": "Raw SIG records", "flags": [], "label": "SIG record", "multivalue": true, @@ -3463,7 +3643,7 @@ }, { "class": "SPFRecord", - "doc": "Comma-separated list of raw SPF records", + "doc": "Raw SPF records", "flags": [ "no_option" ], @@ -3478,7 +3658,7 @@ }, { "class": "SRVRecord", - "doc": "Comma-separated list of raw SRV records", + "doc": "Raw SRV records", "flags": [], "label": "SRV record", "multivalue": true, @@ -3550,7 +3730,7 @@ }, { "class": "SSHFPRecord", - "doc": "Comma-separated list of raw SSHFP records", + "doc": "Raw SSHFP records", "flags": [], "label": "SSHFP record", "multivalue": true, @@ -3607,7 +3787,7 @@ }, { "class": "TARecord", - "doc": "Comma-separated list of raw TA records", + "doc": "Raw TA records", "flags": [ "no_option" ], @@ -3622,7 +3802,7 @@ }, { "class": "TKEYRecord", - "doc": "Comma-separated list of raw TKEY records", + "doc": "Raw TKEY records", "flags": [ "no_option" ], @@ -3637,7 +3817,7 @@ }, { "class": "TSIGRecord", - "doc": "Comma-separated list of raw TSIG records", + "doc": "Raw TSIG records", "flags": [ "no_option" ], @@ -3652,7 +3832,7 @@ }, { "class": "TXTRecord", - "doc": "Comma-separated list of raw TXT records", + "doc": "Raw TXT records", "flags": [], "label": "TXT record", "multivalue": true, @@ -3687,7 +3867,6 @@ "afsdbrecord", "arecord", "certrecord", - "cn", "cnamerecord", "dnamerecord", "dnsclass", @@ -3731,6 +3910,7 @@ ], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=dns", "default_attributes": [ "idnsname", @@ -3880,7 +4060,7 @@ "doc": "SOA record serial number", "flags": [], "label": "SOA serial", - "maxvalue": 2147483647, + "maxvalue": 4294967295, "minvalue": 1, "name": "idnssoaserial", "required": true, @@ -3928,7 +4108,7 @@ "doc": "How long should negative responses be cached", "flags": [], "label": "SOA minimum", - "maxvalue": 10800, + "maxvalue": 2147483647, "minvalue": 0, "name": "idnssoaminimum", "required": true, @@ -3940,7 +4120,7 @@ "flags": [], "label": "SOA time to live", "maxvalue": 2147483647, - "minvalue": -2147483648, + "minvalue": 0, "name": "dnsttl", "type": "int" }, @@ -4010,7 +4190,7 @@ }, { "class": "Str", - "doc": "A list of per-zone forwarders. A custom port can be specified for each forwarder using a standard format \"IP_ADDRESS port PORT\"", + "doc": "Per-zone forwarders. A custom port can be specified for each forwarder using a standard format \"IP_ADDRESS port PORT\"", "flags": [], "label": "Zone forwarders", "multivalue": true, @@ -4020,14 +4200,15 @@ }, { "class": "StrEnum", - "doc": "Forward policy", + "doc": "Per-zone conditional forwarding policy. Set to \"none\" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.", "flags": [], "label": "Forward policy", "name": "idnsforwardpolicy", "type": "unicode", "values": [ "only", - "first" + "first", + "none" ] }, { @@ -4085,6 +4266,7 @@ ] }, "bindable": false, + "can_have_permissions": true, "container_dn": "cn=groups,cn=accounts", "default_attributes": [ "cn", @@ -4219,6 +4401,7 @@ ] }, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=hbac", "default_attributes": [ "cn", @@ -4226,7 +4409,6 @@ "description", "usercategory", "hostcategory", - "sourcehostcategory", "servicecategory", "ipaenabledflag", "memberuser", @@ -4347,15 +4529,15 @@ ] }, { - "class": "StrEnum", - "doc": "Source host category the rule applies to", - "flags": [], - "label": "Source host category", + "class": "DeprecatedParam", + "deprecate": true, + "doc": "<sourcehostcategory>", + "flags": [ + "no_option" + ], + "label": "<sourcehostcategory>", "name": "sourcehostcategory", - "type": "unicode", - "values": [ - "all" - ] + "type": "object" }, { "class": "StrEnum", @@ -4440,30 +4622,26 @@ "type": "unicode" }, { - "class": "Str", - "doc": "Source Hosts", + "class": "DeprecatedParam", + "deprecate": true, + "doc": "<sourcehost_host>", "flags": [ - "no_update", - "no_create", - "no_search" + "no_option" ], - "label": "Source Hosts", + "label": "<sourcehost_host>", "name": "sourcehost_host", - "noextrawhitespace": true, - "type": "unicode" + "type": "object" }, { - "class": "Str", - "doc": "Source Host Groups", + "class": "DeprecatedParam", + "deprecate": true, + "doc": "<sourcehost_hostgroup>", "flags": [ - "no_update", - "no_create", - "no_search" + "no_option" ], - "label": "Source Host Groups", + "label": "<sourcehost_hostgroup>", "name": "sourcehost_hostgroup", - "noextrawhitespace": true, - "type": "unicode" + "type": "object" }, { "class": "Str", @@ -4520,6 +4698,7 @@ ] }, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=hbacservices,cn=hbac", "default_attributes": [ "cn", @@ -4615,6 +4794,7 @@ ] }, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=hbacservicegroups,cn=hbac", "default_attributes": [ "cn", @@ -4712,6 +4892,7 @@ "objectclass", "serverhostname", "usercertificate", + "userclass", "userpassword" ], "attribute_members": { @@ -4740,6 +4921,7 @@ ] }, "bindable": true, + "can_have_permissions": true, "container_dn": "cn=computers,cn=accounts", "default_attributes": [ "fqdn", @@ -4754,7 +4936,8 @@ "managedby", "memberindirect", "memberofindirect", - "macaddress" + "macaddress", + "userclass" ], "hidden_attributes": [ "objectclass", @@ -4945,6 +5128,27 @@ "type": "unicode" }, { + "class": "Str", + "doc": "Host category (semantics placed on this attribute are for local interpretation)", + "flags": [], + "label": "Class", + "multivalue": true, + "name": "userclass", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Bool", + "doc": "Pre-authentication is required for the service", + "flags": [ + "virtual_attribute", + "no_search" + ], + "label": "Requires pre-authentication", + "name": "ipakrbrequirespreauth", + "type": "bool" + }, + { "class": "Bool", "doc": "Client credentials may be delegated to the service", "flags": [ @@ -4994,6 +5198,7 @@ ] }, "bindable": false, + "can_have_permissions": true, "container_dn": "cn=hostgroups,cn=accounts", "default_attributes": [ "cn", @@ -5078,10 +5283,177 @@ ], "uuid_attribute": "ipauniqueid" }, + "idrange": { + "aciattrs": [ + "cn", + "ipabaseid", + "ipabaserid", + "ipaidrangesize", + "ipanttrusteddomainsid", + "iparangetype", + "ipasecondarybaserid" + ], + "attribute_members": {}, + "bindable": false, + "can_have_permissions": false, + "container_dn": "cn=ranges,cn=etc", + "default_attributes": [ + "cn", + "ipabaseid", + "ipaidrangesize", + "ipabaserid", + "ipasecondarybaserid", + "ipanttrusteddomainsid", + "iparangetype" + ], + "hidden_attributes": [ + "objectclass", + "aci" + ], + "label": "ID Ranges", + "label_singular": "ID Range", + "methods": [ + "add", + "del", + "find", + "mod", + "show" + ], + "name": "idrange", + "object_class": [ + "ipaIDrange" + ], + "object_class_config": null, + "object_name": "range", + "object_name_plural": "ranges", + "parent_object": "", + "primary_key": "cn", + "rdn_attribute": "", + "relationships": { + "member": [ + "Member", + "", + "no_" + ], + "memberindirect": [ + "Indirect Member", + null, + "no_indirect_" + ], + "memberof": [ + "Member Of", + "in_", + "not_in_" + ], + "memberofindirect": [ + "Indirect Member Of", + null, + "not_in_indirect_" + ] + }, + "takes_params": [ + { + "class": "Str", + "doc": "Range name", + "flags": [], + "label": "Range name", + "name": "cn", + "noextrawhitespace": true, + "primary_key": true, + "required": true, + "type": "unicode" + }, + { + "class": "Int", + "doc": "First Posix ID of the range", + "flags": [], + "label": "First Posix ID of the range", + "maxvalue": 2147483647, + "minvalue": -2147483648, + "name": "ipabaseid", + "required": true, + "type": "int" + }, + { + "class": "Int", + "doc": "Number of IDs in the range", + "flags": [], + "label": "Number of IDs in the range", + "maxvalue": 2147483647, + "minvalue": -2147483648, + "name": "ipaidrangesize", + "required": true, + "type": "int" + }, + { + "class": "Int", + "doc": "First RID of the corresponding RID range", + "flags": [], + "label": "First RID of the corresponding RID range", + "maxvalue": 2147483647, + "minvalue": -2147483648, + "name": "ipabaserid", + "type": "int" + }, + { + "class": "Int", + "doc": "First RID of the secondary RID range", + "flags": [], + "label": "First RID of the secondary RID range", + "maxvalue": 2147483647, + "minvalue": -2147483648, + "name": "ipasecondarybaserid", + "type": "int" + }, + { + "class": "Str", + "doc": "Domain SID of the trusted domain", + "flags": [ + "no_update" + ], + "label": "Domain SID of the trusted domain", + "name": "ipanttrusteddomainsid", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Name of the trusted domain", + "flags": [ + "no_update", + "no_search", + "virtual_attribute" + ], + "label": "Name of the trusted domain", + "name": "ipanttrusteddomainname", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "StrEnum", + "doc": "ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local, ipa-ad-winsync, ipa-ipa-trust", + "flags": [ + "no_update" + ], + "label": "Range type", + "name": "iparangetype", + "type": "unicode", + "values": [ + "ipa-ad-trust-posix", + "ipa-ad-trust", + "ipa-local", + "ipa-ad-winsync", + "ipa-ipa-trust" + ] + } + ], + "uuid_attribute": "" + }, "krbtpolicy": { "aciattrs": [], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=EXAMPLE.COM,cn=kerberos", "default_attributes": [ "krbmaxticketlife", @@ -5197,6 +5569,7 @@ ] }, "bindable": false, + "can_have_permissions": true, "container_dn": "cn=ng,cn=alt", "default_attributes": [ "cn", @@ -5349,12 +5722,288 @@ ], "uuid_attribute": "ipauniqueid" }, + "otptoken": { + "aciattrs": [ + "description", + "ipatokendisabled", + "ipatokenhotpcounter", + "ipatokenmodel", + "ipatokennotafter", + "ipatokennotbefore", + "ipatokenotpalgorithm", + "ipatokenotpdigits", + "ipatokenotpkey", + "ipatokenowner", + "ipatokenserial", + "ipatokentotpclockoffset", + "ipatokentotptimestep", + "ipatokenuniqueid", + "ipatokenvendor", + "objectclass" + ], + "attribute_members": {}, + "bindable": false, + "can_have_permissions": false, + "container_dn": "cn=otp", + "default_attributes": [ + "ipatokenuniqueid", + "description", + "ipatokenowner", + "ipatokendisabled", + "ipatokennotbefore", + "ipatokennotafter", + "ipatokenvendor", + "ipatokenmodel", + "ipatokenserial" + ], + "hidden_attributes": [ + "objectclass", + "aci" + ], + "label": "OTP Tokens", + "label_singular": "OTP Token", + "methods": [ + "add", + "del", + "find", + "mod", + "show" + ], + "name": "otptoken", + "object_class": [ + "ipatoken" + ], + "object_class_config": null, + "object_name": "OTP token", + "object_name_plural": "OTP tokens", + "parent_object": "", + "primary_key": "ipatokenuniqueid", + "rdn_attribute": "", + "relationships": { + "member": [ + "Member", + "", + "no_" + ], + "memberindirect": [ + "Indirect Member", + null, + "no_indirect_" + ], + "memberof": [ + "Member Of", + "in_", + "not_in_" + ], + "memberofindirect": [ + "Indirect Member Of", + null, + "not_in_indirect_" + ] + }, + "takes_params": [ + { + "class": "Str", + "doc": "Unique ID", + "flags": [ + "optional_create" + ], + "label": "Unique ID", + "name": "ipatokenuniqueid", + "noextrawhitespace": true, + "primary_key": true, + "required": true, + "type": "unicode" + }, + { + "class": "StrEnum", + "default": "totp", + "doc": "Type", + "flags": [ + "no_update", + "virtual_attribute" + ], + "label": "Type", + "name": "type", + "type": "unicode", + "values": [ + "totp", + "hotp" + ] + }, + { + "class": "Str", + "doc": "Description", + "flags": [], + "label": "Description", + "name": "description", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Owner", + "flags": [], + "label": "Owner", + "name": "ipatokenowner", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Bool", + "doc": "Disabled state", + "flags": [], + "label": "Disabled state", + "name": "ipatokendisabled", + "type": "bool" + }, + { + "class": "Str", + "doc": "Validity start", + "flags": [], + "label": "Validity start", + "name": "ipatokennotbefore", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Validity end", + "flags": [], + "label": "Validity end", + "name": "ipatokennotafter", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "default": "FreeIPA", + "doc": "Vendor", + "flags": [], + "label": "Vendor", + "name": "ipatokenvendor", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Model", + "flags": [], + "label": "Model", + "name": "ipatokenmodel", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Serial", + "flags": [], + "label": "Serial", + "name": "ipatokenserial", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "OTPTokenKey", + "confirm": true, + "doc": "Key", + "flags": [ + "no_display", + "no_update", + "no_search" + ], + "label": "Key", + "name": "ipatokenotpkey", + "type": "str" + }, + { + "class": "StrEnum", + "default": "sha1", + "doc": "Algorithm", + "flags": [ + "no_update" + ], + "label": "Algorithm", + "name": "ipatokenotpalgorithm", + "type": "unicode", + "values": [ + "sha1", + "sha256", + "sha384", + "sha512" + ] + }, + { + "class": "IntEnum", + "default": 6, + "doc": "Display length", + "flags": [ + "no_update" + ], + "label": "Display length", + "name": "ipatokenotpdigits", + "type": "int", + "values": [ + 6, + 8 + ] + }, + { + "class": "Int", + "default": 0, + "doc": "Clock offset", + "flags": [ + "no_update" + ], + "label": "Clock offset", + "maxvalue": 2147483647, + "minvalue": -2147483648, + "name": "ipatokentotpclockoffset", + "type": "int" + }, + { + "class": "Int", + "default": 30, + "doc": "Clock interval", + "flags": [ + "no_update" + ], + "label": "Clock interval", + "maxvalue": 2147483647, + "minvalue": 5, + "name": "ipatokentotptimestep", + "type": "int" + }, + { + "class": "Int", + "default": 0, + "doc": "Counter", + "flags": [ + "no_update" + ], + "label": "Counter", + "maxvalue": 2147483647, + "minvalue": 0, + "name": "ipatokenhotpcounter", + "type": "int" + } + ], + "uuid_attribute": "" + }, "permission": { "aciattrs": [ "businesscategory", "cn", "description", + "ipapermbindruletype", + "ipapermdefaultattr", + "ipapermexcludedattr", + "ipapermincludedattr", "ipapermissiontype", + "ipapermlocation", + "ipapermright", + "ipapermtarget", + "ipapermtargetfilter", "member", "o", "objectclass", @@ -5365,16 +6014,29 @@ "attribute_members": { "member": [ "privilege" + ], + "memberindirect": [ + "role" ] }, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=permissions,cn=pbac", "default_attributes": [ "cn", "member", "memberof", "memberindirect", - "ipapermissiontype" + "ipapermissiontype", + "objectclass", + "ipapermdefaultattr", + "ipapermincludedattr", + "ipapermexcludedattr", + "ipapermbindruletype", + "ipapermlocation", + "ipapermright", + "ipapermtargetfilter", + "ipapermtarget" ], "hidden_attributes": [ "objectclass", @@ -5395,7 +6057,8 @@ "name": "permission", "object_class": [ "groupofnames", - "ipapermission" + "ipapermission", + "ipapermissionv2" ], "object_class_config": null, "object_name": "permission", @@ -5433,95 +6096,214 @@ "label": "Permission name", "name": "cn", "noextrawhitespace": true, - "pattern": "^[-_ a-zA-Z0-9]+$", - "pattern_errmsg": "May only contain letters, numbers, -, _, and space", + "pattern": "^[-_ a-zA-Z0-9.]+$", + "pattern_errmsg": "May only contain letters, numbers, -, _, ., and space", "primary_key": true, "required": true, "type": "unicode" }, { - "class": "Str", - "doc": "Comma-separated list of permissions to grant (read, write, add, delete, all)", + "class": "StrEnum", + "doc": "Rights to grant (read, search, compare, write, add, delete, all)", "flags": [], "label": "Permissions", "multivalue": true, - "name": "permissions", + "name": "ipapermright", + "type": "unicode", + "values": [ + "read", + "search", + "compare", + "write", + "add", + "delete", + "all" + ] + }, + { + "class": "Str", + "doc": "All attributes to which the permission applies", + "flags": [ + "virtual_attribute", + "allow_mod_for_managed_permission" + ], + "label": "Effective attributes", + "multivalue": true, + "name": "attrs", "noextrawhitespace": true, - "required": true, "type": "unicode" }, { "class": "Str", - "doc": "Comma-separated list of attributes", + "doc": "User-specified attributes to which the permission applies", "flags": [ - "ask_create" + "no_create", + "allow_mod_for_managed_permission" ], - "label": "Attributes", + "label": "Included attributes", "multivalue": true, - "name": "attrs", + "name": "ipapermincludedattr", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "User-specified attributes to which the permission explicitly does not apply", + "flags": [ + "no_create", + "allow_mod_for_managed_permission" + ], + "label": "Excluded attributes", + "multivalue": true, + "name": "ipapermexcludedattr", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Attributes to which the permission applies by default", + "flags": [ + "no_update", + "no_create" + ], + "label": "Default attributes", + "multivalue": true, + "name": "ipapermdefaultattr", "noextrawhitespace": true, "type": "unicode" }, { "class": "StrEnum", - "doc": "Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)", + "default": "permission", + "doc": "Bind rule type", "flags": [ - "ask_create" + "allow_mod_for_managed_permission" ], - "label": "Type", - "name": "type", + "label": "Bind rule type", + "name": "ipapermbindruletype", + "required": true, "type": "unicode", "values": [ - "user", - "group", - "host", - "service", - "hostgroup", - "netgroup", - "dnsrecord" + "permission", + "all", + "anonymous" ] }, { - "class": "Str", - "doc": "Target members of a group", + "class": "DNOrURL", + "doc": "Subtree to apply permissions to", "flags": [ "ask_create" ], + "label": "Subtree", + "name": "ipapermlocation", + "type": "DN" + }, + { + "class": "Str", + "doc": "Extra target filter", + "flags": [ + "virtual_attribute" + ], + "label": "Extra target filter", + "multivalue": true, + "name": "extratargetfilter", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "All target filters, including those implied by type and memberof", + "flags": [], + "label": "Raw target filter", + "multivalue": true, + "name": "ipapermtargetfilter", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "DNParam", + "doc": "ACI target DN", + "flags": [ + "no_option" + ], + "label": "ACI target DN", + "name": "ipapermtarget", + "type": "DN" + }, + { + "class": "Str", + "doc": "Target members of a group (sets memberOf targetfilter)", + "flags": [ + "ask_create", + "virtual_attribute" + ], "label": "Member of group", + "multivalue": true, "name": "memberof", "noextrawhitespace": true, "type": "unicode" }, { "class": "Str", - "doc": "Legal LDAP filter (e.g. ou=Engineering)", + "doc": "User group to apply permissions to (sets target)", "flags": [ - "ask_create" + "ask_create", + "virtual_attribute" + ], + "label": "Target group", + "name": "targetgroup", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Type of IPA object (sets subtree and objectClass targetfilter)", + "flags": [ + "ask_create", + "virtual_attribute" + ], + "label": "Type", + "name": "type", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Deprecated; use extratargetfilter", + "flags": [ + "no_option", + "virtual_attribute" ], - "label": "Filter", + "label": "<filter>", + "multivalue": true, "name": "filter", "noextrawhitespace": true, "type": "unicode" }, { "class": "Str", - "doc": "Subtree to apply permissions to", + "doc": "Deprecated; use ipapermlocation", "flags": [ - "ask_create" + "no_option", + "virtual_attribute" ], - "label": "Subtree", + "label": "<subtree>", + "multivalue": true, "name": "subtree", "noextrawhitespace": true, "type": "unicode" }, { "class": "Str", - "doc": "User group to apply permissions to", + "doc": "Deprecated; use ipapermright", "flags": [ - "ask_create" + "no_option", + "virtual_attribute" ], - "label": "Target group", - "name": "targetgroup", + "label": "<permissions>", + "multivalue": true, + "name": "permissions", "noextrawhitespace": true, "type": "unicode" } @@ -5553,6 +6335,7 @@ ] }, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=privileges,cn=pbac", "default_attributes": [ "cn", @@ -5650,6 +6433,7 @@ ], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=EXAMPLE.COM,cn=kerberos", "default_attributes": [ "cn", @@ -5726,7 +6510,7 @@ "doc": "Maximum password lifetime (in days)", "flags": [], "label": "Max lifetime (days)", - "maxvalue": 2147483647, + "maxvalue": 20000, "minvalue": 0, "name": "krbmaxpwdlife", "type": "int" @@ -5817,33 +6601,35 @@ ], "uuid_attribute": "" }, - "idrange": { + "radiusproxy": { "aciattrs": [ "cn", - "ipabaseid", - "ipabaserid", - "ipaidrangesize", - "ipanttrusteddomainsid", - "ipasecondarybaserid" + "description", + "ipatokenradiusretries", + "ipatokenradiussecret", + "ipatokenradiusserver", + "ipatokenradiustimeout", + "ipatokenusermapattribute", + "objectclass" ], "attribute_members": {}, "bindable": false, - "container_dn": "cn=ranges,cn=etc", + "can_have_permissions": false, + "container_dn": "cn=radiusproxy", "default_attributes": [ "cn", - "ipabaseid", - "ipaidrangesize", - "ipabaserid", - "ipasecondarybaserid", - "ipanttrusteddomainsid", - "iparangetype" + "description", + "ipatokenradiusserver", + "ipatokenradiustimeout", + "ipatokenradiusretries", + "ipatokenusermapattribute" ], "hidden_attributes": [ "objectclass", "aci" ], - "label": "Ranges", - "label_singular": "Range", + "label": "RADIUS Servers", + "label_singular": "RADIUS Server", "methods": [ "add", "del", @@ -5851,13 +6637,13 @@ "mod", "show" ], - "name": "range", + "name": "radiusproxy", "object_class": [ - "ipaIDrange" + "ipatokenradiusconfiguration" ], "object_class_config": null, - "object_name": "range", - "object_name_plural": "ranges", + "object_name": "RADIUS proxy server", + "object_name_plural": "RADIUS proxy servers", "parent_object": "", "primary_key": "cn", "rdn_attribute": "", @@ -5886,9 +6672,9 @@ "takes_params": [ { "class": "Str", - "doc": "Range name", + "doc": "RADIUS proxy server name", "flags": [], - "label": "Range name", + "label": "RADIUS proxy server name", "name": "cn", "noextrawhitespace": true, "primary_key": true, @@ -5896,65 +6682,64 @@ "type": "unicode" }, { - "class": "Int", - "doc": "First Posix ID of the range", + "class": "Str", + "doc": "A description of this RADIUS proxy server", "flags": [], - "label": "First Posix ID of the range", - "maxvalue": 2147483647, - "minvalue": -2147483648, - "name": "ipabaseid", - "required": true, - "type": "int" + "label": "Description", + "name": "description", + "noextrawhitespace": true, + "type": "unicode" }, { - "class": "Int", - "doc": "Number of IDs in the range", + "class": "Str", + "doc": "The hostname or IP (with or without port)", "flags": [], - "label": "Number of IDs in the range", - "maxvalue": 2147483647, - "minvalue": -2147483648, - "name": "ipaidrangesize", + "label": "Server", + "multivalue": true, + "name": "ipatokenradiusserver", + "noextrawhitespace": true, "required": true, - "type": "int" + "type": "unicode" }, { - "class": "Int", - "doc": "First RID of the corresponding RID range", - "flags": [], - "label": "First RID of the corresponding RID range", - "maxvalue": 2147483647, - "minvalue": -2147483648, - "name": "ipabaserid", + "class": "Password", + "confirm": true, + "doc": "The secret used to encrypt data", + "flags": [ + "no_option" + ], + "label": "Secret", + "name": "ipatokenradiussecret", + "noextrawhitespace": true, "required": true, - "type": "int" + "type": "unicode" }, { "class": "Int", - "doc": "First RID of the secondary RID range", + "doc": "The total timeout across all retries (in seconds)", "flags": [], - "label": "First RID of the secondary RID range", + "label": "Timeout", "maxvalue": 2147483647, - "minvalue": -2147483648, - "name": "ipasecondarybaserid", + "minvalue": 1, + "name": "ipatokenradiustimeout", "type": "int" }, { - "class": "Str", - "doc": "Domain SID of the trusted domain", + "class": "Int", + "doc": "The number of times to retry authentication", "flags": [], - "label": "Domain SID of the trusted domain", - "name": "ipanttrusteddomainsid", - "noextrawhitespace": true, - "type": "unicode" + "label": "Retries", + "maxvalue": 10, + "minvalue": 0, + "name": "ipatokenradiusretries", + "type": "int" }, { "class": "Str", - "doc": "Range type", - "flags": [ - "no_option" - ], - "label": "Range type", - "name": "iparangetype", + "doc": "The username attribute on the user object", + "flags": [], + "label": "User attribute", + "name": "ipatokenusermapattribute", "noextrawhitespace": true, "type": "unicode" } @@ -5965,8 +6750,11 @@ "aciattrs": [], "attribute_members": {}, "bindable": false, - "container_dn": "", - "default_attributes": ["associateddomain"], + "can_have_permissions": false, + "container_dn": "cn=Realm Domains,cn=ipa,cn=etc", + "default_attributes": [ + "associateddomain" + ], "hidden_attributes": [ "objectclass", "aci" @@ -5978,27 +6766,63 @@ "show" ], "name": "realmdomains", - "object_class": [ - "domainrelatedobject", - "top", - "nscontainter" - ], + "object_class": [], "object_class_config": null, - "object_name": "realmdomains", - "object_name_plural": "realmdomains", + "object_name": "Realm domains", + "object_name_plural": "entries", "parent_object": "", "rdn_attribute": "", - "relationships": {}, + "relationships": { + "member": [ + "Member", + "", + "no_" + ], + "memberindirect": [ + "Indirect Member", + null, + "no_indirect_" + ], + "memberof": [ + "Member Of", + "in_", + "not_in_" + ], + "memberofindirect": [ + "Indirect Member Of", + null, + "not_in_indirect_" + ] + }, "takes_params": [ { "class": "Str", "doc": "Domain", "flags": [], "label": "Domain", + "multivalue": true, "name": "associateddomain", + "noextrawhitespace": true, "required": true, - "type": "unicode", - "multivalued": true + "type": "unicode" + }, + { + "class": "Str", + "doc": "Add domain", + "flags": [], + "label": "Add domain", + "name": "add_domain", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Delete domain", + "flags": [], + "label": "Delete domain", + "name": "del_domain", + "noextrawhitespace": true, + "type": "unicode" } ], "uuid_attribute": "" @@ -6028,6 +6852,7 @@ ] }, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=roles,cn=accounts", "default_attributes": [ "cn", @@ -6143,7 +6968,7 @@ }, { "class": "Str", - "doc": "Comma-separated list of permissions to grant (read, write). Default is write.", + "doc": "Permissions to grant (read, write). Default is write.", "flags": [], "label": "Permissions", "multivalue": true, @@ -6153,7 +6978,7 @@ }, { "class": "Str", - "doc": "Comma-separated list of attributes", + "doc": "Attributes to which the permission applies.", "flags": [], "label": "Attributes", "multivalue": true, @@ -6189,6 +7014,7 @@ ] }, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=usermap,cn=selinux", "default_attributes": [ "cn", @@ -6419,6 +7245,7 @@ ] }, "bindable": true, + "can_have_permissions": true, "container_dn": "cn=services,cn=accounts", "default_attributes": [ "krbprincipalname", @@ -6449,8 +7276,7 @@ "krbticketpolicyaux", "ipaobject", "ipaservice", - "pkiuser", - "ipakrbprincipal" + "pkiuser" ], "object_class_config": null, "object_name": "service", @@ -6489,7 +7315,7 @@ }, { "class": "StrEnum", - "doc": "Types of PAC this service supports", + "doc": "Override default list of supported PAC types. Use 'NONE' to disable PAC support for this service, e.g. this might be necessary for NFS services.", "flags": [], "label": "PAC type", "multivalue": true, @@ -6503,6 +7329,17 @@ }, { "class": "Bool", + "doc": "Pre-authentication is required for the service", + "flags": [ + "virtual_attribute", + "no_search" + ], + "label": "Requires pre-authentication", + "name": "ipakrbrequirespreauth", + "type": "bool" + }, + { + "class": "Bool", "doc": "Client credentials may be delegated to the service", "flags": [ "virtual_attribute", @@ -6529,6 +7366,7 @@ ] }, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=sudocmds,cn=sudo", "default_attributes": [ "sudocmd", @@ -6558,7 +7396,7 @@ "object_name_plural": "sudo commands", "parent_object": "", "primary_key": "sudocmd", - "rdn_attribute": "", + "rdn_attribute": "ipauniqueid", "relationships": { "member": [ "Member", @@ -6624,6 +7462,7 @@ ] }, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=sudocmdgroups,cn=sudo", "default_attributes": [ "cn", @@ -6782,6 +7621,7 @@ ] }, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=sudorules,cn=sudo", "default_attributes": [ "cn", @@ -7163,6 +8003,8 @@ "aciattrs": [ "cn", "ipantflatname", + "ipantsidblacklistincoming", + "ipantsidblacklistoutgoing", "ipantsupportedencryptiontypes", "ipanttrustattributes", "ipanttrustauthincoming", @@ -7177,6 +8019,7 @@ ], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "cn=trusts", "default_attributes": [ "cn", @@ -7201,6 +8044,7 @@ "methods": [ "add", "del", + "fetch_domains", "find", "mod", "show" @@ -7306,6 +8150,7 @@ "aciattrs": [], "attribute_members": {}, "bindable": false, + "can_have_permissions": false, "container_dn": "", "default_attributes": [ "cn", @@ -7415,6 +8260,125 @@ ], "uuid_attribute": "" }, + "trustdomain": { + "aciattrs": [ + "cn", + "ipantflatname", + "ipantsidblacklistincoming", + "ipantsidblacklistoutgoing", + "ipantsupportedencryptiontypes", + "ipanttrustattributes", + "ipanttrustauthincoming", + "ipanttrustauthoutgoing", + "ipanttrustdirection", + "ipanttrusteddomainsid", + "ipanttrustforesttrustinfo", + "ipanttrustpartner", + "ipanttrustposixoffset", + "ipanttrusttype", + "objectclass" + ], + "attribute_members": {}, + "bindable": false, + "can_have_permissions": false, + "container_dn": "", + "default_attributes": [ + "cn", + "ipantflatname", + "ipanttrusteddomainsid", + "ipanttrustpartner" + ], + "hidden_attributes": [ + "objectclass", + "aci" + ], + "label": "Trusted domains", + "label_singular": "Trusted domain", + "methods": [ + "add", + "del", + "disable", + "enable", + "find", + "mod" + ], + "name": "trustdomain", + "object_class": [ + "ipaNTTrustedDomain" + ], + "object_class_config": null, + "object_name": "trust domain", + "object_name_plural": "trust domains", + "parent_object": "trust", + "primary_key": "cn", + "rdn_attribute": "", + "relationships": { + "member": [ + "Member", + "", + "no_" + ], + "memberindirect": [ + "Indirect Member", + null, + "no_indirect_" + ], + "memberof": [ + "Member Of", + "in_", + "not_in_" + ], + "memberofindirect": [ + "Indirect Member Of", + null, + "not_in_indirect_" + ] + }, + "takes_params": [ + { + "class": "Str", + "doc": "Domain name", + "flags": [], + "label": "Domain name", + "name": "cn", + "noextrawhitespace": true, + "primary_key": true, + "required": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Domain NetBIOS name", + "flags": [], + "label": "Domain NetBIOS name", + "name": "ipantflatname", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Domain Security Identifier", + "flags": [], + "label": "Domain Security Identifier", + "name": "ipanttrusteddomainsid", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "Trusted domain partner", + "flags": [ + "no_display", + "no_option" + ], + "label": "Trusted domain partner", + "name": "ipanttrustpartner", + "noextrawhitespace": true, + "type": "unicode" + } + ], + "uuid_attribute": "" + }, "user": { "aciattrs": [ "audio", @@ -7439,7 +8403,10 @@ "initials", "internationalisdnnumber", "ipasshpubkey", + "ipatokenradiusconfiglink", + "ipatokenradiususername", "ipauniqueid", + "ipauserauthtype", "jpegphoto", "krbcanonicalname", "krbextradata", @@ -7494,6 +8461,7 @@ "uid", "uidnumber", "usercertificate", + "userclass", "userpassword", "userpkcs12", "usersmimecertificate", @@ -7517,6 +8485,7 @@ ] }, "bindable": true, + "can_have_permissions": true, "container_dn": "cn=users,cn=accounts", "default_attributes": [ "uid", @@ -7532,7 +8501,11 @@ "title", "memberof", "nsaccountlock", - "memberofindirect" + "memberofindirect", + "ipauserauthtype", + "userclass", + "ipatokenradiusconfiglink", + "ipatokenradiususername" ], "hidden_attributes": [ "objectclass", @@ -7734,26 +8707,22 @@ }, { "class": "Int", - "default": 999, "doc": "User ID Number (system will assign one if not provided)", "flags": [], "label": "UID", "maxvalue": 2147483647, "minvalue": 1, "name": "uidnumber", - "required": true, "type": "int" }, { "class": "Int", - "default": 999, "doc": "Group ID Number", "flags": [], "label": "GID", "maxvalue": 2147483647, "minvalue": 1, "name": "gidnumber", - "required": true, "type": "int" }, { @@ -7889,10 +8858,52 @@ "name": "ipasshpubkey", "noextrawhitespace": true, "type": "unicode" + }, + { + "class": "StrEnum", + "doc": "Types of supported user authentication", + "flags": [], + "label": "User authentication types", + "multivalue": true, + "name": "ipauserauthtype", + "type": "unicode", + "values": [ + "password", + "radius", + "otp" + ] + }, + { + "class": "Str", + "doc": "User category (semantics placed on this attribute are for local interpretation)", + "flags": [], + "label": "Class", + "multivalue": true, + "name": "userclass", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "RADIUS proxy configuration", + "flags": [], + "label": "RADIUS proxy configuration", + "name": "ipatokenradiusconfiglink", + "noextrawhitespace": true, + "type": "unicode" + }, + { + "class": "Str", + "doc": "RADIUS proxy username", + "flags": [], + "label": "RADIUS proxy username", + "name": "ipatokenradiususername", + "noextrawhitespace": true, + "type": "unicode" } ], "uuid_attribute": "ipauniqueid" } } } -} +}
\ No newline at end of file |