summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
Diffstat (limited to 'install')
-rw-r--r--install/share/bootstrap-template.ldif2
-rw-r--r--install/share/default-hbac.ldif4
-rw-r--r--install/share/uuid-ipauniqueid.ldif3
-rw-r--r--install/updates/30-hbacsvc.update16
4 files changed, 14 insertions, 11 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index fda3ae2ac..5e8df7771 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -114,6 +114,7 @@ objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: inetuser
+objectClass: ipaobject
uid: admin
krbPrincipalName: admin@$REALM
cn: Administrator
@@ -124,6 +125,7 @@ homeDirectory: /home/admin
loginShell: /bin/bash
gecos: Administrator
nsAccountLock: False
+ipaUniqueID: autogenerate
dn: cn=radius,$SUFFIX
changetype: add
diff --git a/install/share/default-hbac.ldif b/install/share/default-hbac.ldif
index 29ec88838..b7b6ba284 100644
--- a/install/share/default-hbac.ldif
+++ b/install/share/default-hbac.ldif
@@ -1,5 +1,5 @@
# default HBAC policy that grants permission to all services
-dn: ipauniqueid=$UUID,cn=hbac,$SUFFIX
+dn: ipauniqueid=autogenerate,cn=hbac,$SUFFIX
changetype: add
objectclass: ipaassociation
objectclass: ipahbacrule
@@ -11,5 +11,5 @@ sourcehostcategory: all
servicecategory: all
ipaenabledflag: TRUE
description: Allow all users to access any host from any host
-# ipauniqueid gets added for us by 389-ds
+ipauniqueid: autogenerate
diff --git a/install/share/uuid-ipauniqueid.ldif b/install/share/uuid-ipauniqueid.ldif
index 7041889ba..c8d08cd9b 100644
--- a/install/share/uuid-ipauniqueid.ldif
+++ b/install/share/uuid-ipauniqueid.ldif
@@ -5,6 +5,7 @@ objectclass: top
objectclass: extensibleObject
cn: IPA Unique IDs
ipaUuidAttr: ipaUniqueID
-ipaUuidMagicRegen: 0
+ipaUuidMagicRegen: autogenerate
ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation))
ipaUuidScope: $SUFFIX
+ipaUuidEnforce: TRUE
diff --git a/install/updates/30-hbacsvc.update b/install/updates/30-hbacsvc.update
index 229c0f143..9bbdeacc8 100644
--- a/install/updates/30-hbacsvc.update
+++ b/install/updates/30-hbacsvc.update
@@ -3,49 +3,49 @@ default:objectclass: ipahbacservice
default:objectclass: ipaobject
default:cn: sshd
default:description: sshd
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
dn: cn=ftp,cn=hbacservices,cn=accounts,$SUFFIX
default:objectclass: ipahbacservice
default:objectclass: ipaobject
default:cn: ftp
default:description: ftp
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
dn: cn=su,cn=hbacservices,cn=accounts,$SUFFIX
default:objectclass: ipahbacservice
default:objectclass: ipaobject
default:cn: su
default:description: su
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
dn: cn=login,cn=hbacservices,cn=accounts,$SUFFIX
default:objectclass: ipahbacservice
default:objectclass: ipaobject
default:cn: login
default:description: login
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
dn: cn=su-l,cn=hbacservices,cn=accounts,$SUFFIX
default:objectclass: ipahbacservice
default:objectclass: ipaobject
default:cn: su-l
default:description: su with login shell
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
default:objectclass: ipahbacservice
default:objectclass: ipaobject
default:cn: sudo
default:description: sudo
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
dn: cn=sudo-i,cn=hbacservices,cn=accounts,$SUFFIX
default:objectclass: ipahbacservice
default:objectclass: ipaobject
default:cn: sudo-i
default:description: sudo-i
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
dn: cn=SUDO,cn=hbacservicegroups,cn=accounts,$SUFFIX
default:objectClass: ipaobject
@@ -54,7 +54,7 @@ default:objectClass: nestedGroup
default:objectClass: groupOfNames
default:objectClass: top
default:cn: SUDO
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
default:description: Default group of SUDO related services
default:member: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
default:member: cn=sudo-i,cn=hbacservices,cn=accounts,$SUFFIX