# default HBAC policy that grants permission to all services
dn: ipauniqueid=$UUID,cn=hbac,$SUFFIX
changetype: add
objectclass: ipaassociation
objectclass: ipahbacrule
cn: allow_all
accessruletype: allow
usercategory: all
hostcategory: all
sourcehostcategory: all
servicecategory: all
ipaenabledflag: TRUE
description: Allow all users to access any host from any host
# ipauniqueid gets added for us by 389-ds

dn: cn=sshd,cn=hbacservices,cn=accounts,$SUFFIX
changetype: add
objectclass: ipahbacservice
cn: sshd
description: sshd

dn: cn=ftp,cn=hbacservices,cn=accounts,$SUFFIX
changetype: add
objectclass: ipahbacservice
cn: ftp
description: ftp

dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
changetype: add
objectclass: ipahbacservice
cn: sudo
description: sudo

dn: cn=su,cn=hbacservices,cn=accounts,$SUFFIX
changetype: add
objectclass: ipahbacservice
cn: su
description: su

dn: cn=login,cn=hbacservices,cn=accounts,$SUFFIX
changetype: add
objectclass: ipahbacservice
cn: login
description: login