diff options
Diffstat (limited to 'install')
-rw-r--r-- | install/share/70ipaotp.ldif | 2 | ||||
-rw-r--r-- | install/updates/20-indices.update | 7 | ||||
-rw-r--r-- | install/updates/25-referint.update | 1 | ||||
-rw-r--r-- | install/updates/40-otp.update | 5 |
4 files changed, 14 insertions, 1 deletions
diff --git a/install/share/70ipaotp.ldif b/install/share/70ipaotp.ldif index 824be6e9d..d257a46c3 100644 --- a/install/share/70ipaotp.ldif +++ b/install/share/70ipaotp.ldif @@ -24,5 +24,5 @@ attributeTypes: (2.16.840.1.113730.3.8.16.1.19 NAME 'ipatokenRadiusRetries' DESC attributeTypes: (2.16.840.1.113730.3.8.16.1.20 NAME 'ipatokenUserMapAttribute' DESC 'Attribute to map from the user entry for RADIUS server authentication' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA OTP') objectClasses: (2.16.840.1.113730.3.8.16.2.1 NAME 'ipaToken' SUP top ABSTRACT DESC 'Abstract token class for tokens' MUST (ipatokenUniqueID) MAY (description $ ipatokenOwner $ ipatokenDisabled $ ipatokenNotBefore $ ipatokenNotAfter $ ipatokenVendor $ ipatokenModel $ ipatokenSerial) X-ORIGIN 'IPA OTP') objectClasses: (2.16.840.1.113730.3.8.16.2.2 NAME 'ipatokenTOTP' SUP ipaToken STRUCTURAL DESC 'TOTP Token Type' MAY (ipatokenOTPkey $ ipatokenOTPalgorithm $ ipatokenOTPdigits $ ipatokenTOTPclockOffset $ ipatokenTOTPtimeStep) X-ORIGIN 'IPA OTP') -objectClasses: (2.16.840.1.113730.3.8.16.2.3 NAME 'ipatokenRadiusProxyUser' SUP top AUXILIARY DESC 'Radius Proxy User' MUST (ipatokenRadiusConfigLink) MAY (ipatokenRadiusUserName) X-ORIGIN 'IPA OTP') +objectClasses: (2.16.840.1.113730.3.8.16.2.3 NAME 'ipatokenRadiusProxyUser' SUP top AUXILIARY DESC 'Radius Proxy User' MAY (ipatokenRadiusConfigLink $ ipatokenRadiusUserName) X-ORIGIN 'IPA OTP') objectClasses: (2.16.840.1.113730.3.8.16.2.4 NAME 'ipatokenRadiusConfiguration' SUP top STRUCTURAL DESC 'Proxy Radius Configuration' MUST (cn $ ipatokenRadiusServer $ ipatokenRadiusSecret) MAY (description $ ipatokenRadiusTimeout $ ipatokenRadiusRetries $ ipatokenUserMapAttribute) X-ORIGIN 'IPA OTP') diff --git a/install/updates/20-indices.update b/install/updates/20-indices.update index b966a4f7c..5ff6d713d 100644 --- a/install/updates/20-indices.update +++ b/install/updates/20-indices.update @@ -136,3 +136,10 @@ default:ObjectClass: top default:ObjectClass: nsIndex default:nsSystemIndex: false default:nsIndexType: eq + +dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +default:cn: ipatokenradiusconfiglink +default:ObjectClass: top +default:ObjectClass: nsIndex +default:nsSystemIndex: false +only:nsIndexType: eq,pres,sub diff --git a/install/updates/25-referint.update b/install/updates/25-referint.update index 54f3492fa..65af05128 100644 --- a/install/updates/25-referint.update +++ b/install/updates/25-referint.update @@ -11,3 +11,4 @@ add: nsslapd-pluginArg14: memberallowcmd add: nsslapd-pluginArg15: memberdenycmd add: nsslapd-pluginArg16: ipasudorunas add: nsslapd-pluginArg17: ipasudorunasgroup +add: nsslapd-pluginArg18: ipatokenradiusconfiglink diff --git a/install/updates/40-otp.update b/install/updates/40-otp.update index ff36c87a6..83dfab7c0 100644 --- a/install/updates/40-otp.update +++ b/install/updates/40-otp.update @@ -7,3 +7,8 @@ dn: $SUFFIX add: aci:'(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN";)' add: aci:'(targetfilter = "(objectClass=ipaToken)")(targetattrs = "ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can write basic token info"; allow (write) userattr = "ipatokenOwner#USERDN";)' add: aci:'(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPclockOffset || ipatokenTOTPtimeStep")(version 3.0; acl "Users can add TOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)' + +dn: cn=radiusproxy,$SUFFIX +default: objectClass: nsContainer +default: objectClass: top +default: cn: radiusproxy |