diff options
| -rw-r--r-- | install/share/60basev3.ldif | 4 | ||||
| -rw-r--r-- | install/share/bootstrap-template.ldif | 2 | ||||
| -rw-r--r-- | install/updates/10-ssh.update | 21 | ||||
| -rw-r--r-- | install/updates/50-ipaconfig.update | 1 | ||||
| -rw-r--r-- | install/updates/Makefile.am | 1 |
5 files changed, 29 insertions, 0 deletions
diff --git a/install/share/60basev3.ldif b/install/share/60basev3.ldif index eec1aea8..40412b5c 100644 --- a/install/share/60basev3.ldif +++ b/install/share/60basev3.ldif @@ -27,6 +27,7 @@ attributeTypes: ( 2.16.840.1.113730.3.8.11.20 NAME 'memberPrincipal' DESC 'Princ attributeTypes: ( 2.16.840.1.113730.3.8.11.21 NAME 'ipaAllowToImpersonate' DESC 'Principals that can be impersonated' SUP distinguishedName X-ORIGIN 'IPA-v3') attributeTypes: ( 2.16.840.1.113730.3.8.11.22 NAME 'ipaAllowedTarget' DESC 'Target principals alowed to get a ticket for' SUP distinguishedName X-ORIGIN 'IPA-v3') attributeTypes: (2.16.840.1.113730.3.8.11.30 NAME 'ipaSELinuxUser' DESC 'An SELinux user' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3') +attributeTypes: (2.16.840.1.113730.3.8.11.31 NAME 'ipaSshPubKey' DESC 'SSH public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $ memberOf $ description $ owner) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.2 NAME 'ipaNTUserAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) MAY ( ipaNTHash $ ipaNTLogonScript $ ipaNTProfilePath $ ipaNTHomeDirectory $ ipaNTHomeDirectoryDrive ) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.3 NAME 'ipaNTGroupAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' ) @@ -35,3 +36,6 @@ objectClasses: (2.16.840.1.113730.3.8.12.5 NAME 'ipaNTTrustedDomain' SUP top STR objectClasses: (2.16.840.1.113730.3.8.12.6 NAME 'groupOfPrincipals' SUP top AUXILIARY MUST ( cn ) MAY ( memberPrincipal ) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.7 NAME 'ipaKrb5DelegationACL' SUP groupOfPrincipals STRUCTURAL MAY ( ipaAllowToImpersonate $ ipaAllowedTarget ) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.10 NAME 'ipaSELinuxUserMap' SUP ipaAssociation STRUCTURAL MUST ipaSELinuxUser MAY ( accessTime $ seeAlso ) X-ORIGIN 'IPA v3') +objectClasses: (2.16.840.1.113730.3.8.12.11 NAME 'ipaSshGroupOfPubKeys' ABSTRACT MAY ipaSshPubKey X-ORIGIN 'IPA v3' ) +objectClasses: (2.16.840.1.113730.3.8.12.12 NAME 'ipaSshUser' SUP ipaSshGroupOfPubKeys AUXILIARY X-ORIGIN 'IPA v3' ) +objectClasses: (2.16.840.1.113730.3.8.12.13 NAME 'ipaSshHost' SUP ipaSshGroupOfPubKeys AUXILIARY X-ORIGIN 'IPA v3' ) diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 4fba730b..b58bfd7e 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -192,6 +192,7 @@ objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: inetuser objectClass: ipaobject +objectClass: ipasshuser uid: admin krbPrincipalName: admin@$REALM cn: Administrator @@ -365,6 +366,7 @@ ipaUserObjectClasses: posixaccount ipaUserObjectClasses: krbprincipalaux ipaUserObjectClasses: krbticketpolicyaux ipaUserObjectClasses: ipaobject +ipaUserObjectClasses: ipasshuser ipaDefaultEmailDomain: $DOMAIN ipaMigrationEnabled: FALSE ipaConfigString: AllowNThash diff --git a/install/updates/10-ssh.update b/install/updates/10-ssh.update new file mode 100644 index 00000000..8e52d59f --- /dev/null +++ b/install/updates/10-ssh.update @@ -0,0 +1,21 @@ +# Add the SSH schema +dn: cn=schema +add:attributeTypes: + ( 2.16.840.1.113730.3.8.11.31 NAME 'ipaSshPubKey' + DESC 'SSH public key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + X-ORIGIN 'IPA v3' ) +add:objectClasses: + ( 2.16.840.1.113730.3.8.12.11 NAME 'ipaSshGroupOfPubKeys' + ABSTRACT + MAY ipaSshPubKey + X-ORIGIN 'IPA v3' ) +add:objectClasses: + ( 2.16.840.1.113730.3.8.12.12 NAME 'ipaSshUser' + SUP ipaSshGroupOfPubKeys AUXILIARY + X-ORIGIN 'IPA v3' ) +add:objectClasses: + ( 2.16.840.1.113730.3.8.12.13 NAME 'ipaSshHost' + SUP ipaSshGroupOfPubKeys AUXILIARY + X-ORIGIN 'IPA v3' ) diff --git a/install/updates/50-ipaconfig.update b/install/updates/50-ipaconfig.update index 9ed24d6f..40ce9335 100644 --- a/install/updates/50-ipaconfig.update +++ b/install/updates/50-ipaconfig.update @@ -2,3 +2,4 @@ dn: cn=ipaConfig,cn=etc,$SUFFIX default:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0-s0:c0.c1023$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 default:ipaSELinuxUserMapDefault: guest_u:s0 +add:ipaUserObjectClasses: ipasshuser diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 20a1ce3a..89d5aa12 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -7,6 +7,7 @@ app_DATA = \ 10-RFC4876.update \ 10-config.update \ 10-sudo.update \ + 10-ssh.update \ 19-managed-entries.update \ 20-aci.update \ 20-dna.update \ |