diff options
author | rcritten@redhat.com <rcritten@redhat.com> | 2007-09-20 09:01:23 -0400 |
---|---|---|
committer | rcritten@redhat.com <rcritten@redhat.com> | 2007-09-20 09:01:23 -0400 |
commit | 370500ab1a1a3c3fe2d3a09f61186d9787c406f2 (patch) | |
tree | add5faa5a29e65bd374b9d4f582aa175ebd627f0 /ipa-server | |
parent | e16e215cddffc28c69a1c55bea408f108027eeac (diff) | |
download | freeipa-370500ab1a1a3c3fe2d3a09f61186d9787c406f2.tar.gz freeipa-370500ab1a1a3c3fe2d3a09f61186d9787c406f2.tar.xz freeipa-370500ab1a1a3c3fe2d3a09f61186d9787c406f2.zip |
Remove support for LDAP proxy connections
Diffstat (limited to 'ipa-server')
-rw-r--r-- | ipa-server/ipa-install/ipa-server-setupssl | 12 | ||||
-rw-r--r-- | ipa-server/ipa-install/share/bootstrap-template.ldif | 6 | ||||
-rw-r--r-- | ipa-server/ipa-install/share/default-aci.ldif | 1 |
3 files changed, 0 insertions, 19 deletions
diff --git a/ipa-server/ipa-install/ipa-server-setupssl b/ipa-server/ipa-install/ipa-server-setupssl index 5bcce52c1..37e10583e 100644 --- a/ipa-server/ipa-install/ipa-server-setupssl +++ b/ipa-server/ipa-install/ipa-server-setupssl @@ -112,18 +112,6 @@ if test -n "$needServerCert" ; then certutil -S $prefixarg -n "Server-Cert" -s "cn=$myhost,ou=Fedora Directory Server" -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d $secdir -z $secdir/noise.txt -f $secdir/pwdfile.txt fi -# 8. Generate the web service client certificate: - echo -e "0\n2\n9\nn\n0\n9\nn\n" | certutil -S $prefixarg -n webservice -s "uid=webservice, CN=Web Service, OU=Fedora Directory Server" -c "CA certificate" -t u,pu,u -m 1002 -v 120 -d $secdir -z $secdir/noise.txt -f $secdir/pwdfile.txt -1 -5 - - pk12util -d $secdir $prefixarg -o $secdir/webservice.p12 -n "webservice" -w $secdir/pwdfile.txt -k $secdir/pwdfile.txt - - openssl pkcs12 -in $secdir/webservice.p12 -clcerts -nokeys -out /usr/share/ipa/cert.pem -passin file:$secdir/pwdfile.txt - openssl pkcs12 -in $secdir/webservice.p12 -nocerts -nodes -out /usr/share/ipa/key.pem -passin file:$secdir/pwdfile.txt - - cp -p $secdir/cacert.asc /usr/share/ipa - chown apache:apache /usr/share/ipa/cert.pem /usr/share/ipa/key.pem /usr/share/ipa/cacert.asc - chmod 600 /usr/share/ipa/cert.pem /usr/share/ipa/key.pem - # create the pin file if [ ! -f $secdir/pin.txt ] ; then pinfile=$secdir/pin.txt diff --git a/ipa-server/ipa-install/share/bootstrap-template.ldif b/ipa-server/ipa-install/share/bootstrap-template.ldif index 0284caa8c..b697c579e 100644 --- a/ipa-server/ipa-install/share/bootstrap-template.ldif +++ b/ipa-server/ipa-install/share/bootstrap-template.ldif @@ -39,12 +39,6 @@ objectClass: nsContainer objectClass: top cn: sysaccounts -dn: uid=webservice,cn=sysaccounts,cn=etc,$SUFFIX -changetype: add -objectClass: top -objectClass: account -uid: webservice - dn: uid=admin,cn=sysaccounts,cn=etc,$SUFFIX changetype: add objectClass: top diff --git a/ipa-server/ipa-install/share/default-aci.ldif b/ipa-server/ipa-install/share/default-aci.ldif index 9ed65a43c..edb5b87f6 100644 --- a/ipa-server/ipa-install/share/default-aci.ldif +++ b/ipa-server/ipa-install/share/default-aci.ldif @@ -7,5 +7,4 @@ aci: (targetattr=*)(version 3.0; acl "Admin can manage any entry"; allow (all) u aci: (targetattr="krbPrincipalName || krbUPEnabled || krbPrincipalKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData")(version 3.0; acl "KDC System Account"; allow (read, search, compare) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) aci: (targetattr="krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "KDC System Account"; allow (read, search, compare, write) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";) aci: (targetattr="userPassword || krbPrincipalKey ||sambaLMPassword || sambaNTPassword || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange")(version 3.0; acl "Kpasswd access to passowrd hashes for passowrd changes"; allow (read, write) userdn="ldap:///krbprincipalname=kadmin/changepw@$REALM,cn=$REALM,cn=kerberos,$SUFFIX";) -aci: (targetfilter="(&(objectClass=krbPrincipalAux)(|(objectClass=person)(objectClass=posixAccount)))")(targetattr="*")(version 3.0; acl "allowproxy-webservice"; allow (proxy) userdn="ldap:///uid=webservice,cn=sysaccounts,cn=etc,$SUFFIX";) aci: (targetfilter="(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfUniqueNames)(objectClass=posixGroup))")(targetattr="*")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add,delete,read,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) |