diff options
Diffstat (limited to 'install/share')
| -rw-r--r-- | install/share/60basev2.ldif | 2 | ||||
| -rw-r--r-- | install/share/delegation.ldif | 49 |
2 files changed, 51 insertions, 0 deletions
diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif index 7eb346b02..f5f7a6563 100644 --- a/install/share/60basev2.ldif +++ b/install/share/60basev2.ldif @@ -13,6 +13,7 @@ attributeTypes: (2.16.840.1.113730.3.8.3.4 NAME 'fqdn' DESC 'FQDN' EQUALITY case attributeTypes: (2.16.840.1.113730.3.8.3.18 NAME 'managedBy' DESC 'DNs of entries allowed to manage' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2') objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.12 NAME 'ipaObject' DESC 'IPA objectclass' AUXILIARY MUST ( ipaUniqueId ) X-ORIGIN 'IPA v2' ) +objectClasses: (2.16.840.1.113730.3.8.4.15 NAME 'ipaPermission' DESC 'IPA Permission objectclass' AUXILIARY MAY ( ipaPermissionType ) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service objectclass' AUXILIARY MAY ( memberOf $ managedBy ) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.3 NAME 'nestedGroup' DESC 'Group that supports nesting' SUP groupOfNames STRUCTURAL MAY memberOf X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.4 NAME 'ipaUserGroup' DESC 'IPA user group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) @@ -23,6 +24,7 @@ attributeTypes: (2.16.840.1.113730.3.8.3.7 NAME 'memberHost' DESC 'Reference to attributeTypes: (2.16.840.1.113730.3.8.3.8 NAME 'hostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.3.19 NAME 'serviceCategory' DESC 'Additional classification for services' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.3.20 NAME 'memberService' DESC 'Reference to the pam service of this operation.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) +attributeTypes: (2.16.840.1.113730.3.8.3.25 NAME 'ipaPermissionType' DESC 'IPA permission flags' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.3.9 NAME 'ipaEnabledFlag' DESC 'The flag to show if the association is active or should be ignored' EQUALITY booleanMatch ORDERING booleanMatch SUBSTR booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.6 NAME 'ipaAssociation' ABSTRACT MUST ( ipaUniqueID $ cn ) MAY ( memberUser $ userCategory $ memberHost $ hostCategory $ ipaEnabledFlag $ description ) X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.3.10 NAME 'sourceHost' DESC 'Link to a host or group of hosts' SUP memberHost SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif index e154f6b00..18d045d8d 100644 --- a/install/share/delegation.ldif +++ b/install/share/delegation.ldif @@ -147,6 +147,7 @@ dn: cn=Add Users,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Add Users member: cn=User Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -154,6 +155,7 @@ dn: cn=Change a user password,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Change a user password member: cn=User Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -161,6 +163,7 @@ dn: cn=Add user to default group,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Add user to default group member: cn=User Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -168,6 +171,7 @@ dn: cn=Unlock user accounts,cn=permissions,cn=pbac,$SUFFIX changetype: add objectclass: top objectclass: groupofnames +objectClass: ipapermission cn: Unlock user accounts member: cn=User Administrators,cn=privileges,cn=pbac,$SUFFIX member: cn=admins,cn=groups,cn=accounts,$SUFFIX @@ -176,6 +180,7 @@ dn: cn=Remove Users,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Remove Users member: cn=User Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -183,6 +188,7 @@ dn: cn=Modify Users,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify Users member: cn=User Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -192,6 +198,7 @@ dn: cn=Add Groups,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Add Groups member: cn=Group Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -199,6 +206,7 @@ dn: cn=Remove Groups,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Remove Groups member: cn=Group Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -206,6 +214,7 @@ dn: cn=Modify Groups,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify Groups member: cn=Group Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -213,6 +222,7 @@ dn: cn=Modify Group membership,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify Group membership member: cn=Group Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -222,6 +232,7 @@ dn: cn=Add Hosts,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Add Hosts member: cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -229,6 +240,7 @@ dn: cn=Remove Hosts,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Remove Hosts member: cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -236,6 +248,7 @@ dn: cn=Modify Hosts,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify Hosts member: cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -245,6 +258,7 @@ dn: cn=Add Hostgroups,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Add Hostgroups member: cn=Host Group Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -252,6 +266,7 @@ dn: cn=Remove Hostgroups,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Remove Hostgroups member: cn=Host Group Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -259,6 +274,7 @@ dn: cn=Modify Hostgroups,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify Hostgroups member: cn=Host Group Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -266,6 +282,7 @@ dn: cn=Modify Hostgroup membership,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify Hostgroup membership member: cn=Host Group Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -275,6 +292,7 @@ dn: cn=Add Services,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Add Services member: cn=Service Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -282,6 +300,7 @@ dn: cn=Remove Services,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Remove Services member: cn=Service Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -289,6 +308,7 @@ dn: cn=Modify Services,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify Services member: cn=Service Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -298,6 +318,7 @@ dn: cn=Add Roles,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Add Roles member: cn=Delegation Administrator,cn=privileges,cn=pbac,$SUFFIX @@ -305,6 +326,7 @@ dn: cn=Remove Roles,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Remove Roles member: cn=Delegation Administrator,cn=privileges,cn=pbac,$SUFFIX @@ -312,6 +334,7 @@ dn: cn=Modify Roles,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify Roles member: cn=Delegation Administrator,cn=privileges,cn=pbac,$SUFFIX @@ -319,6 +342,7 @@ dn: cn=Modify Role membership,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify Role membership member: cn=Delegation Administrator,cn=privileges,cn=pbac,$SUFFIX @@ -326,6 +350,7 @@ dn: cn=Modify privilege membership,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify privilege membership member: cn=Delegation Administrator,cn=privileges,cn=pbac,$SUFFIX @@ -335,6 +360,7 @@ dn: cn=Add Automount maps,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Add Automount maps member: cn=Automount Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -342,6 +368,7 @@ dn: cn=Remove Automount maps,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Remove Automount maps member: cn=Automount Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -349,6 +376,7 @@ dn: cn=Add Automount keys,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Add Automount keys member: cn=Automount Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -356,6 +384,7 @@ dn: cn=Remove Automount keys,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Remove Automount keys member: cn=Automount Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -365,6 +394,7 @@ dn: cn=Add netgroups,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Add netgroups member: cn=Netgroups Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -372,6 +402,7 @@ dn: cn=Remove netgroups,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Remove netgroups member: cn=Netgroups Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -379,6 +410,7 @@ dn: cn=Modify netgroups,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify netgroups member: cn=Netgroups Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -386,6 +418,7 @@ dn: cn=Modify netgroup membership,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify netgroup membership member: cn=Netgroups Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -395,6 +428,7 @@ dn: cn=Manage host keytab,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Manage host keytab member: cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX member: cn=Host Enrollment,cn=privileges,cn=pbac,$SUFFIX @@ -403,6 +437,7 @@ dn: cn=Manage service keytab,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Manage service keytab member: cn=Service Administrators,cn=privileges,cn=pbac,$SUFFIX member: cn=admins,cn=groups,cn=accounts,$SUFFIX @@ -415,6 +450,7 @@ dn: cn=Enroll a host,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Enroll a host member: cn=Host Administrators,cn=privileges,cn=pbac,$SUFFIX member: cn=Host Enrollment,cn=privileges,cn=pbac,$SUFFIX @@ -425,21 +461,27 @@ dn: cn=Add Replication Agreements,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Add Replication Agreements +ipapermissiontype: SYSTEM member: cn=Replication Administrators,cn=privileges,cn=pbac,$SUFFIX dn: cn=Modify Replication Agreements,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Modify Replication Agreements +ipapermissiontype: SYSTEM member: cn=Replication Administrators,cn=privileges,cn=pbac,$SUFFIX dn: cn=Remove Replication Agreements,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Remove Replication Agreements +ipapermissiontype: SYSTEM member: cn=Replication Administrators,cn=privileges,cn=pbac,$SUFFIX # Entitlement management @@ -448,6 +490,7 @@ dn: cn=addentitlements,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: addentitlements description: Add Entitlements member: cn=entitlementadmin,cn=privileges,cn=pbac,$SUFFIX @@ -619,6 +662,7 @@ dn: cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Retrieve Certificates from the CA member: cn=Certificate Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -638,6 +682,7 @@ dn: cn=Request Certificate,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Request Certificate member: cn=Certificate Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -657,6 +702,7 @@ dn: cn=Request Certificates from a different host,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Request Certificates from a different host member: cn=Certificate Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -676,6 +722,7 @@ dn: cn=Get Certificates status from the CA,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Get Certificates status from the CA member: cn=Certificate Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -695,6 +742,7 @@ dn: cn=Revoke Certificate,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Revoke Certificate member: cn=Certificate Administrators,cn=privileges,cn=pbac,$SUFFIX @@ -714,6 +762,7 @@ dn: cn=Certificate Remove Hold,cn=permissions,cn=pbac,$SUFFIX changetype: add objectClass: top objectClass: groupofnames +objectClass: ipapermission cn: Certificate Remove Hold member: cn=Certificate Administrators,cn=privileges,cn=pbac,$SUFFIX |