1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
dn: ou=people,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: people
aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous access"; allow (read, search, compare)userdn="ldap:///anyone";)
dn: ou=groups,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: groups
dn: cn=Certificate Manager Agents,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Certificate Manager Agents
description: Agents for Certificate Manager
dn: cn=Registration Manager Agents,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Registration Manager Agents
description: Agents for Registration Manager
dn: cn=Subsystem Group, ou=groups, {rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Subsystem Group
description: Subsystem Group
dn: cn=Trusted Managers,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Trusted Managers
description: Managers trusted by this PKI instance
dn: cn=Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Administrators
description: People who manage the Certificate System
dn: cn=Auditors,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Auditors
description: People who can read the signed audits
dn: cn=ClonedSubsystems,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: ClonedSubsystems
description: People who can clone the master subsystem
dn: cn=Security Domain Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Security Domain Administrators
description: People who are the Security Domain administrators
dn: cn=Enterprise CA Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise CA Administrators
description: People who are the administrators for the security domain for CA
dn: cn=Enterprise KRA Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise KRA Administrators
description: People who are the administrators for the security domain for KRA
dn: cn=Enterprise OCSP Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise OCSP Administrators
description: People who are the administrators for the security domain for OCSP
dn: cn=Enterprise TKS Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise TKS Administrators
description: People who are the administrators for the security domain for TKS
dn: cn=Enterprise RA Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise RA Administrators
description: People who are the administrators for the security domain for RA
dn: cn=Enterprise TPS Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise TPS Administrators
description: People who are the administrators for the security domain for TPS
dn: ou=requests,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: requests
dn: cn=crossCerts,{rootSuffix}
|
