Finalize DIT, this is waht we are probably going to have in the end,

or something very close to this one
Add default groups and admin user

TODO: need to discuss more in deep uid/gid generation, this will
      probably change as soon as the DNA plugin is activated

1 files changed, 20 insertions, 11 deletions

diff --git a/ipa-server/ipa-install/share/kerberos.ldif b/ipa-server/ipa-install/share/kerberos.ldif
index ae4564f6f..0ffc2bba0 100644
--- a/ipa-server/ipa-install/share/kerberos.ldif
+++ b/ipa-server/ipa-install/share/kerberos.ldif
@@ -1,26 +1,35 @@
-#kerberos base object
-dn: cn=kerberos,$SUFFIX
-changetype: add
-objectClass: krbContainer
-objectClass: top
-cn: kerberos
-aci: (targetattr="*")(version 3.0; acl "KDC System Account"; allow(all)userdn= "ldap:///uid=kdc,cn=kerberos,$SUFFIX";)
-
 #kerberos user
-dn: uid=kdc,cn=kerberos,$SUFFIX
+dn: uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX
 changetype: add
 objectclass: account
 objectclass: simplesecurityobject
 uid: kdc
 userPassword: $PASSWORD
 
+#kerberos base object
+dn: cn=kerberos,$SUFFIX
+changetype: add
+objectClass: krbContainer
+objectClass: top
+cn: kerberos
+aci: (targetattr="*")(version 3.0; acl "KDC System Account"; allow (all) userdn= "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)
+
 #sasl mapping
-dn: cn=kerberos,cn=mapping,cn=sasl,cn=config
+dn: cn=fullprinc,cn=mapping,cn=sasl,cn=config
 changetype: add
 objectclass: top
 objectclass: nsSaslMapping
-cn: kerberos
+cn: fullprinc
 nsSaslMapRegexString: \(.*\)@\(.*\)
 nsSaslMapBaseDNTemplate: $SUFFIX
 nsSaslMapFilterTemplate: (krbPrincipalName=\1@\2)
 
+dn: cn=justname,cn=mapping,cn=sasl,cn=config
+changetype: add
+objectclass: top
+objectclass: nsSaslMapping
+cn: justname
+nsSaslMapRegexString: \(.*\)
+nsSaslMapBaseDNTemplate: $SUFFIX
+nsSaslMapFilterTemplate: (krbPrincipalName=\1@$REALM)
+