From b32204fccc280714a32d56c15f70f770df82dfbd Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 28 Feb 2012 13:22:49 +0200
Subject: Add separate attribute to store trusted domain SID

We need two attributes in the ipaNTTrustedDomain objectclass to store different
kind of SID. Currently ipaNTSecurityIdentifier is used to store the Domain-SID
of the trusted domain. A second attribute is needed to store the SID for the
trusted domain user. Since it cannot be derived safely from other values and
since it does not make sense to create a separate object for the user a new
attribute is needed.

https://fedorahosted.org/freeipa/ticket/2191
---
 install/share/bootstrap-template.ldif | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'install/share/bootstrap-template.ldif')

diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index 468a43b51..149b6c9b2 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -175,6 +175,7 @@ objectClass: top
 cn: ipa-http-delegation
 memberPrincipal: HTTP/$HOST@$REALM
 ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
+ipaAllowedTarget: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
 
 dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
 changetype: add
@@ -183,6 +184,13 @@ objectClass: top
 cn: ipa-ldap-delegation-targets
 memberPrincipal: ldap/$HOST@$REALM
 
+dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
+changetype: add
+objectClass: groupOfPrincipals
+objectClass: top
+cn: ipa-cifs-delegation-targets
+memberPrincipal: cifs/$HOST@$REALM
+
 dn: uid=admin,cn=users,cn=accounts,$SUFFIX
 changetype: add
 objectClass: top
-- 
cgit