summaryrefslogtreecommitdiffstats
path: root/install/share/delegation.ldif
blob: 1539ae1d5c110fd643b48c446746851f4931fada (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348

dn: cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: nsContainer
cn: rolegroups

dn: cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: nsContainer
cn: taskgroups

# Add the default roles
dn: cn=helpdesk,cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: helpdesk
description: Helpdesk

dn: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: useradmin
description: User Administrators

dn: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: groupadmin
description: Group Administrators

dn: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: hostadmin
description: Host Administrators

dn: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: hostgroupadmin
description: Host Group Administrators

dn: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: delegationadmin
description: Role administration

dn: cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: serviceadmin
description: Service Administrators

dn: cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: automountadmin
description: Automount Administrators

dn: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: netgroupadmin
description: Netgroups Administrators

dn: cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: dnsadmin
description: DNS Administrators

dn: cn=dnsserver,cn=rolegroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: dnsserver
description: DNS Servers

dn: cn=addusers,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: addusers
description: Add Users
member: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=change_password,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: change_password
description: Change a user password
member: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=add_user_to_default_group,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: add_user_to_default_group
description: Add user to default group
member: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=removeusers,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: removeusers
description: Remove Users
member: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=modifyusers,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: modifyusers
description: Modify Users
member: cn=useradmin,cn=rolegroups,cn=accounts,$SUFFIX

# Add the taskgroups referenced by the ACIs for group administration
dn: cn=addgroups,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: addgroups
description: Add Groups
member: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=removegroups,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: removegroups
description: Remove Groups
member: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=modifygroups,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: modifygroups
description: Modify Groups
member: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=modifygroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: modifygroupmembership
description: Modify Group membership
member: cn=groupadmin,cn=rolegroups,cn=accounts,$SUFFIX

# Add the taskgroups referenced by the ACIs for host administration
dn: cn=addhosts,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: addhosts
description: Add Hosts
member: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=removehosts,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: removehosts
description: Remove Hosts
member: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=modifyhosts,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: modifyhosts
description: Modify Hosts
member: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX

# Add the taskgroups referenced by the ACIs for hostgroup administration
dn: cn=addhostgroups,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: addhostgroups
description: Add Host Groups
member: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=removehostgroups,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: removehostgroups
description: Remove Host Groups
member: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=modifyhostgroups,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: modifyhostgroups
description: Modify Host Groups
member: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: modifyhostgroupmembership
description: Modify Host Group membership
member: cn=hostgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX

# Add the taskgroups referenced by the ACIs for service administration
dn: cn=addservices,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: addservices
description: Add Services
member: cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=removeservices,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: removeservices
description: Remove Services
member: cn=serviceadmin,cn=rolegroups,cn=accounts,$SUFFIX

# Add the taskgroups referenced by the ACIs for delegation administration
# This just lets one manage taskgroup membership and create and delete roles
dn: cn=addroles,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: addhrole
description: Add Roles
member: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=removeroles,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: removeroles
description: Remove Roles
member: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=modifyroles,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: modifyroles
description: Modify Roles
member: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: modifyrolegroupmembership
description: Modify Role Group membership
member: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: modifytaskgroupmembership
description: Modify Task Group membership
member: cn=delegationadmin,cn=rolegroups,cn=accounts,$SUFFIX

# Add the taskgroups referenced by the ACIs for automount administration
dn: cn=addautomount,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: addautomount
description: Add Automount maps/keys
member: cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=removeautomount,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: removeautomount
description: Remove Automount maps/keys
member: cn=automountadmin,cn=rolegroups,cn=accounts,$SUFFIX

# Add the taskgroups referenced by the ACIs for netgroup administration
dn: cn=addnetgroups,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: addnetgroups
description: Add netgroups
member: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=removenetgroups,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: removenetgroups
description: Remove netgroups
member: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=modifynetgroups,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: modifynetgroups
description: Modify netgroups
member: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX

dn: cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: modifynetgroupmembership
description: Modify netgroup membership
member: cn=netgroupadmin,cn=rolegroups,cn=accounts,$SUFFIX

# Taskgroup for retrieving host keytabs
dn: cn=manage_host_keytab,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: manage_host_keytab
description: Manage host keytab
member: cn=hostadmin,cn=rolegroups,cn=accounts,$SUFFIX

# Taskgroup for updating the DNS entries
dn: cn=update_dns,cn=taskgroups,cn=accounts,$SUFFIX
changetype: add
objectClass: top
objectClass: groupofnames
cn: manage_host_keytab
description: Updates DNS
member: cn=dnsadmin,cn=rolegroups,cn=accounts,$SUFFIX
member: cn=dnsserver,cn=rolegroups,cn=accounts,$SUFFIX
generated by cgit (git 2.34.1) at 2024-05-02 06:33:50 +0000