merge from upstream

3 files changed, 19 insertions, 3 deletions

diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install
index eb1c37bb..646512d5 100644
--- a/ipa-server/ipa-install/ipa-server-install
+++ b/ipa-server/ipa-install/ipa-server-install
@@ -226,7 +226,7 @@ def read_dm_password():
     print "Certain directory server operations require an administrative user."
     print "This user is referred to as the Directory Manager and has full access"
     print "to the Directory for system management tasks."
-    print "The password must be at least 8 characters long, and contain no spaces."
+    print "The password must be at least 8 characters long."
     print ""
     #TODO: provide the option of generating a random password
     dm_password = read_password("Directory Manager")
diff --git a/ipa-server/ipa-install/share/60ipaconfig.ldif b/ipa-server/ipa-install/share/60ipaconfig.ldif
index e15d4a41..55212099 100644
--- a/ipa-server/ipa-install/share/60ipaconfig.ldif
+++ b/ipa-server/ipa-install/share/60ipaconfig.ldif
@@ -27,11 +27,15 @@ attributetypes: ( 2.16.840.1.113730.3.8.1.7 NAME 'ipaDefaultLoginShell' EQUALITY
 attributetypes: ( 2.16.840.1.113730.3.8.1.8 NAME 'ipaDefaultPrimaryGroup' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
 ## ipaMaxUsernameLength - maximum username length to allow in the UI
 attributetypes: ( 2.16.840.1.113730.3.8.1.9 NAME 'ipaMaxUsernameLength' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
-## ipaPwdExpAdvNotify - time in days to send out paswwrod expiration notification before passwpord actually expires
+## ipaPwdExpAdvNotify - time in days to send out paswword expiration notification before passwpord actually expires
 attributetypes: ( 2.16.840.1.113730.3.8.1.10 NAME 'ipaPwdExpAdvNotify' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+# ipaUserObjectClasses - required objectclasses for users
+attributetypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+# ipaGroupObjectClasses - required objectclasses for groups
+attributetypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
 ###############################################
 ##
 ## ObjectClasses
 ##
 ## ipaGuiConfig - GUI config parameters objectclass
-objectClasses: ( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $ ipaGroupSearchFields $ ipaSearchTimeLimit $ ipaSearchRecordsLimit $ ipaCustomFields $ ipaHomesRootDir $ ipaDefaultLoginShell $ ipaDefaultPrimaryGroup $ ipaMaxUsernameLength $ ipaPwdExpAdvNotify ) )
+objectClasses: ( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $ ipaGroupSearchFields $ ipaSearchTimeLimit $ ipaSearchRecordsLimit $ ipaCustomFields $ ipaHomesRootDir $ ipaDefaultLoginShell $ ipaDefaultPrimaryGroup $ ipaMaxUsernameLength $ ipaPwdExpAdvNotify $ ipaUserObjectClasses $ ipaGroupObjectClasses) )
diff --git a/ipa-server/ipa-install/share/bootstrap-template.ldif b/ipa-server/ipa-install/share/bootstrap-template.ldif
index fb124a79..3b79dfb6 100644
--- a/ipa-server/ipa-install/share/bootstrap-template.ldif
+++ b/ipa-server/ipa-install/share/bootstrap-template.ldif
@@ -123,6 +123,18 @@ ipaDefaultLoginShell: /bin/sh
 ipaDefaultPrimaryGroup: ipausers
 ipaMaxUsernameLength: 8
 ipaPwdExpAdvNotify: 4
+ipaGroupObjectClasses: top
+ipaGroupObjectClasses: groupofnames
+ipaGroupObjectClasses: posixGroup
+ipaGroupObjectClasses: inetUser
+ipaUserObjectClasses: top
+ipaUserObjectClasses: person
+ipaUserObjectClasses: organizationalPerson
+ipaUserObjectClasses: inetOrgPerson
+ipaUserObjectClasses: inetUser
+ipaUserObjectClasses: posixAccount
+ipaUserObjectClasses: krbPrincipalAux
+ipaUserObjectClasses: radiusprofile
 
 dn: cn=account inactivation,cn=accounts,$SUFFIX
 changetype: add