Install policy schema

4 files changed, 71 insertions, 0 deletions

diff --git a/install/share/60policyv2.ldif b/install/share/60policyv2.ldif
new file mode 100644
index 000000000..47cb8b396
--- /dev/null
+++ b/install/share/60policyv2.ldif
@@ -0,0 +1,25 @@
+dn: cn=schema
+objectClasses: (2.16.840.1.113730.3.8.4.12 NAME 'ipaContainer' SUP nsContainer STRUCTURAL MAY description X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.28 NAME 'ipaPolicyType' DESC 'Type of the policy' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.29 NAME 'ipaSchemaFile' DESC 'Name of the file with schema definition' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.30 NAME 'ipaTrasformFile' DESC 'Name of the policy transformation file' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.4.13 NAME 'ipaPolicyTemplate' SUP top STRUCTURAL MUST ( cn $ ipaUniqueID $ ipaPolicyType $ ipaSchemaFile ) MAY ( ipaTrasformFile $ description ) X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.31 NAME 'ipaOrderedUUIDList' DESC 'Defines order of the entities within some sort of ordered group' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.32 NAME 'ipaLastChangeBy' DESC 'DN of the user who caused the configuration change' SUP owner EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.33 NAME 'ipaLastChanged' DESC 'Last time there was some change to the data' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.34 NAME 'ipaAllowedTemplateRef' DESC 'DN of the allowed policy template' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.4.14 NAME 'ipaOrderedContainer' SUP ipaContainer STRUCTURAL MAY ( ipaOrderedUUIDList $ ipaLastChangeBy $ ipaLastChanged ) X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.4.15 NAME 'ipaPolicyGroup' SUP ipaOrderedContainer STRUCTURAL MUST ( ipaUniqueID $ ipaEnabledFlag ) MAY ipaAllowedTemplateRef X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.35 NAME 'ipaTemplateRef' DESC 'DN of the allowed policy template' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.36 NAME 'ipaPolicyBlob' DESC 'Compressed XML policy data in binary format' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.37 NAME 'ipaPolicyState' DESC 'State of the policy data' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.4.16 NAME 'ipaPolicy' SUP ipaContainer STRUCTURAL MUST ( ipaUniqueID $ ipaEnabledFlag $ ipaTemplateRef ) MAY ( ipaLastChangeBy $ ipaLastChanged ) X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.4.17 NAME 'ipaPolicyData' SUP top STRUCTURAL MUST ( ipaUniqueID $ cn $ ipaPolicyState $ ipaLastChangeBy $ ipaLastChanged ) MAY ( ipaPolicyBlob $ description ) X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.38 NAME 'ipaPolicyGroupRef' DESC 'DN of the member policy group reference' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.4.18 NAME 'ipaPolicyLink' SUP ipaAssociation STRUCTURAL MAY ( ipaPolicyGroupRef $ owner ) X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.39 NAME 'ipaRoleType' DESC 'Type of the role' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2')
+attributeTypes: (2.16.840.1.113730.3.8.3.40 NAME 'ipaRoleOrder' DESC 'List of possible roles in priority order' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2')
+objectClasses: (2.16.840.1.113730.3.8.4.19 NAME 'ipaRelationsContainer' SUP ipaContainer STRUCTURAL MUST ( ipaRoleType $ ipaRoleOrder ) X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.41 NAME 'ipaRoleRef' DESC 'DN of the role definition policy' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.42 NAME 'ipaRoleName' DESC 'Name of the role' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.4.20 NAME 'ipaRelation' SUP ipaAssociation STRUCTURAL MUST ( ipaRoleRef $ ipaRoleName ) X-ORIGIN 'IPA v2' )
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 7cf790157..6ef43ba24 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -8,6 +8,7 @@ app_DATA =				\
 	60radius.ldif			\
 	60ipaconfig.ldif		\
 	60basev2.ldif			\
+	60policyv2.ldif			\
 	bootstrap-template.ldif		\
 	default-aci.ldif		\
 	default-keytypes.ldif		\
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index e11b6bc71..009e2aaef 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -10,6 +10,7 @@ app_DATA =				\
 	RFC2307bis.update		\
 	RFC4876.update			\
 	netgroups.update		\
+	policy.update			\
 	winsync_index.update		\
 	$(NULL)
 
diff --git a/install/updates/policy.update b/install/updates/policy.update
new file mode 100644
index 000000000..c3615d281
--- /dev/null
+++ b/install/updates/policy.update
@@ -0,0 +1,44 @@
+# bootstrap the policy DIT structure
+
+dn: cn=policies,$SUFFIX
+add: objectclass: nsContainer
+add: objectclass: ipaContainer
+add: cn: policies
+add: description: Root of the policy related sub tree
+
+dn: cn=configs,cn=policies,$SUFFIX
+add: objectclass: nsContainer
+add: objectclass: ipaContainer
+add: cn: configs
+add: description: Root of the sub tree that holds configuration policies for different applications
+
+dn: cn=applications,cn=configs,cn=policies,$SUFFIX
+add: objectclass: nsContainer
+add: objectclass: ipaContainer
+add: cn: applications
+add: description: Root of the tree that hold all definitions of the supported applications
+
+dn: cn=Shell Applications,cn=applications,cn=configs,cn=policies,$SUFFIX
+add: objectclass: nsContainer
+add: objectclass: ipaContainer
+add: cn: Shell Applications
+add: description: Shell Applications - special application that holds templates for actions
+
+dn: cn=roles,cn=policies,$SUFFIX
+add: objectclass: nsContainer
+add: objectclass: ipaContainer
+add: cn: roles
+add: description: Root of the sub tree that holds role management data
+
+dn: cn=policygroups,cn=configs,cn=policies,$SUFFIX
+add: objectclass: ipaContainer
+add: objectclass: ipaOrderedContainer
+add: cn: policygroups
+add: description: Sub tree to hold policy groups
+
+dn: cn=policylinks,cn=configs,cn=policies,$SUFFIX
+add: objectclass: ipaContainer
+add: objectclass: ipaOrderedContainer
+add: cn: policylinks
+add: description: Sub tree to hold policy links
+