diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-01-03 15:00:35 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-01-04 17:09:56 -0500 |
commit | 4f2a6e0a25cd5d92bdd436d23963f77b86f818ea (patch) | |
tree | c5ff38c20f166253708207285fa274e654160d9d /install/share | |
parent | e7afe1dec202de8064b90c526f0d4a2fdf224824 (diff) | |
download | freeipa.git-4f2a6e0a25cd5d92bdd436d23963f77b86f818ea.tar.gz freeipa.git-4f2a6e0a25cd5d92bdd436d23963f77b86f818ea.tar.xz freeipa.git-4f2a6e0a25cd5d92bdd436d23963f77b86f818ea.zip |
Don't use Class of Service for account activation, use attribute.
To support group-based account disablement we created a Class of Service
where group membership controlled whether an account was active or not.
Since we aren't doing group-based account locking drop that and use
nsaccountlock directly.
ticket 568
Diffstat (limited to 'install/share')
-rw-r--r-- | install/share/bootstrap-template.ldif | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index fdb2cc4f..52f0c97b 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -352,50 +352,12 @@ ipaDefaultEmailDomain: $DOMAIN ipaMigrationEnabled: FALSE ipaConfigString: AllowNThash -dn: cn=account inactivation,cn=accounts,$SUFFIX -changetype: add -description: Lock accounts based on group membership -objectClass: top -objectClass: ldapsubentry -objectClass: cosSuperDefinition -objectClass: cosClassicDefinition -cosTemplateDn: cn=cosTemplates,cn=accounts,$SUFFIX -cosAttribute: nsAccountLock operational -cosSpecifier: memberOf -cn: Account Inactivation - dn: cn=cosTemplates,cn=accounts,$SUFFIX changetype: add objectclass: top objectclass: nsContainer cn: cosTemplates -dn: cn=cn\=inactivated\,cn\=account inactivation\,cn\=accounts\,$ESCAPED_SUFFIX,cn=cosTemplates,cn=accounts,$SUFFIX -changetype: add -objectClass: top -objectClass: cosTemplate -objectClass: extensibleobject -nsAccountLock: True -cosPriority: 1 - -dn: cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX -changetype: add -objectclass: top -objectclass: groupofnames - -dn: cn=cn\=activated\,cn\=account inactivation\,cn\=accounts\,$ESCAPED_SUFFIX,cn=cosTemplates,cn=accounts,$SUFFIX -changetype: add -objectClass: top -objectClass: cosTemplate -objectClass: extensibleobject -nsAccountLock: False -cosPriority: 0 - -dn: cn=Activated,cn=Account Inactivation,cn=accounts,$SUFFIX -changetype: add -objectclass: top -objectclass: groupofnames - # templates for this cos definition are managed by the pwpolicy plugin dn: cn=Password Policy,cn=accounts,$SUFFIX changetype: add |