From 4f2a6e0a25cd5d92bdd436d23963f77b86f818ea Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 3 Jan 2011 15:00:35 -0500
Subject: Don't use Class of Service for account activation, use attribute.

To support group-based account disablement we created a Class of Service
where group membership controlled whether an account was active or not.

Since we aren't doing group-based account locking drop that and use
nsaccountlock directly.

ticket 568
---
 install/share/bootstrap-template.ldif | 38 -----------------------------------
 1 file changed, 38 deletions(-)

(limited to 'install')

diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index fdb2cc4fe..52f0c97ba 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -352,50 +352,12 @@ ipaDefaultEmailDomain: $DOMAIN
 ipaMigrationEnabled: FALSE
 ipaConfigString: AllowNThash
 
-dn: cn=account inactivation,cn=accounts,$SUFFIX
-changetype: add
-description: Lock accounts based on group membership
-objectClass: top
-objectClass: ldapsubentry
-objectClass: cosSuperDefinition
-objectClass: cosClassicDefinition
-cosTemplateDn: cn=cosTemplates,cn=accounts,$SUFFIX
-cosAttribute: nsAccountLock operational
-cosSpecifier: memberOf
-cn: Account Inactivation
-
 dn: cn=cosTemplates,cn=accounts,$SUFFIX
 changetype: add
 objectclass: top
 objectclass: nsContainer
 cn: cosTemplates
 
-dn: cn=cn\=inactivated\,cn\=account inactivation\,cn\=accounts\,$ESCAPED_SUFFIX,cn=cosTemplates,cn=accounts,$SUFFIX
-changetype: add
-objectClass: top
-objectClass: cosTemplate
-objectClass: extensibleobject
-nsAccountLock: True
-cosPriority: 1
-
-dn: cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX
-changetype: add
-objectclass: top
-objectclass: groupofnames
-
-dn: cn=cn\=activated\,cn\=account inactivation\,cn\=accounts\,$ESCAPED_SUFFIX,cn=cosTemplates,cn=accounts,$SUFFIX
-changetype: add
-objectClass: top
-objectClass: cosTemplate
-objectClass: extensibleobject
-nsAccountLock: False
-cosPriority: 0
-
-dn: cn=Activated,cn=Account Inactivation,cn=accounts,$SUFFIX
-changetype: add
-objectclass: top
-objectclass: groupofnames
-
 # templates for this cos definition are managed by the pwpolicy plugin
 dn: cn=Password Policy,cn=accounts,$SUFFIX
 changetype: add
-- 
cgit