diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-10-02 09:30:16 -0400 |
|---|---|---|
| committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-10-05 13:29:55 -0600 |
| commit | dac224c25a2ff8a1400d0a746f600f81cfad6901 (patch) | |
| tree | bbdb2882717b5f47e39810b8e5d2c504f08f0e6e /install/share/bootstrap-template.ldif | |
| parent | 97dfa586dea42d44ad8e1d9148547fd805abd046 (diff) | |
| download | freeipa-dac224c25a2ff8a1400d0a746f600f81cfad6901.tar.gz freeipa-dac224c25a2ff8a1400d0a746f600f81cfad6901.tar.xz freeipa-dac224c25a2ff8a1400d0a746f600f81cfad6901.zip | |
Add support for per-group kerberos password policy.
Use a Class of Service template to do per-group password policy. The
design calls for non-overlapping groups but with cospriority we can
still make sense of things.
The password policy entries stored under the REALM are keyed only on
the group name because the MIT ldap plugin can't handle quotes in the
DN. It also can't handle spaces between elements in the DN.
Diffstat (limited to 'install/share/bootstrap-template.ldif')
| -rw-r--r-- | install/share/bootstrap-template.ldif | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index e98c73b0..4c6e5575 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -204,3 +204,16 @@ dn: cn=Activated,cn=Account Inactivation,cn=accounts,$SUFFIX changetype: add objectclass: top objectclass: groupofnames + +# templates for this cos definition are managed by the pwpolicy plugin +dn: cn=Password Policy,cn=accounts,$SUFFIX +changetype: add +description: Password Policy based on group membership +objectClass: top +objectClass: ldapsubentry +objectClass: cosSuperDefinition +objectClass: cosClassicDefinition +cosTemplateDn: cn=cosTemplates,cn=accounts,$SUFFIX +cosAttribute: krbPwdPolicyReference +cosSpecifier: memberOf + |