summaryrefslogtreecommitdiffstats
path: root/install/ui/test/data/ipa_init_objects.json
diff options
context:
space:
mode:
Diffstat (limited to 'install/ui/test/data/ipa_init_objects.json')
-rw-r--r--install/ui/test/data/ipa_init_objects.json1409
1 files changed, 1210 insertions, 199 deletions
diff --git a/install/ui/test/data/ipa_init_objects.json b/install/ui/test/data/ipa_init_objects.json
index 2367cf46c..3c7fbd21f 100644
--- a/install/ui/test/data/ipa_init_objects.json
+++ b/install/ui/test/data/ipa_init_objects.json
@@ -19,6 +19,7 @@
],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=automember,cn=etc",
"default_attributes": [
"automemberinclusiveregex",
@@ -113,6 +114,7 @@
],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=automount",
"default_attributes": [
"automountkey",
@@ -215,6 +217,7 @@
],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=automount",
"default_attributes": [
"cn"
@@ -288,6 +291,7 @@
],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=automount",
"default_attributes": [
"automountmapname",
@@ -367,6 +371,7 @@
"aciattrs": [],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "",
"default_attributes": [
"ipamaxusernamelength",
@@ -384,7 +389,8 @@
"ipaselinuxusermaporder",
"ipaselinuxusermapdefault",
"ipaconfigstring",
- "ipakrbauthzdata"
+ "ipakrbauthzdata",
+ "ipauserauthtype"
],
"hidden_attributes": [
"objectclass",
@@ -602,20 +608,34 @@
"label": "Default SELinux user",
"name": "ipaselinuxusermapdefault",
"noextrawhitespace": true,
- "required": true,
"type": "unicode"
},
{
"class": "StrEnum",
- "doc": "Default types of PAC for new services",
+ "doc": "Default types of PAC supported for services",
"flags": [],
- "label": "PAC type",
+ "label": "Default PAC types",
"multivalue": true,
"name": "ipakrbauthzdata",
"type": "unicode",
"values": [
"MS-PAC",
- "PAD"
+ "PAD",
+ "nfs:NONE"
+ ]
+ },
+ {
+ "class": "StrEnum",
+ "doc": "Default types of supported user authentication",
+ "flags": [],
+ "label": "Default user authentication types",
+ "multivalue": true,
+ "name": "ipauserauthtype",
+ "type": "unicode",
+ "values": [
+ "password",
+ "radius",
+ "otp"
]
}
],
@@ -633,11 +653,15 @@
"acctpolicysubentry",
"aci",
"administratorcontactinfo",
+ "adminmessages",
"adminrole",
"adminurl",
"afsdbrecord",
+ "algorithm",
+ "algorithmid",
"aliasedobjectname",
"altserver",
+ "archivedby",
"arecord",
"associateddomain",
"associatedname",
@@ -658,6 +682,8 @@
"automountinformation",
"automountkey",
"automountmapname",
+ "autorenew",
+ "beginrange",
"bindtimelimit",
"bootfile",
"bootparameter",
@@ -676,6 +702,7 @@
"carlicense",
"certificaterevocationlist",
"certrecord",
+ "certstatus",
"changelog",
"changelogmaximumage",
"changelogmaximumconcurrentwrites",
@@ -696,7 +723,10 @@
"cirupdateschedule",
"cirusepersistentsearch",
"cirusessl",
+ "clientid",
+ "clone",
"cmdcategory",
+ "cmsusergroup",
"cn",
"cnamerecord",
"co",
@@ -712,13 +742,26 @@
"createtimestamp",
"creatorsname",
"credentiallevel",
+ "crlcache",
+ "crlextensions",
+ "crlname",
+ "crlnumber",
+ "crlsize",
"crosscertificatepair",
+ "datatype",
+ "dateofarchival",
+ "dateofcreate",
+ "dateofmodify",
+ "dateofrecovery",
+ "dateofrevocation",
"dc",
"defaultsearchbase",
"defaultsearchscope",
"defaultserverlist",
"deleteoldrdn",
+ "deltanumber",
"deltarevocationlist",
+ "deltasize",
"departmentnumber",
"dereferencealiases",
"description",
@@ -740,6 +783,10 @@
"dnaprefix",
"dnarangerequesttimeout",
"dnaremainingvalues",
+ "dnaremotebindcred",
+ "dnaremotebinddn",
+ "dnaremotebindmethod",
+ "dnaremoteconnprotocol",
"dnascope",
"dnasecureportnum",
"dnasharedcfgdn",
@@ -755,8 +802,11 @@
"documentpublisher",
"documenttitle",
"documentversion",
+ "domainmanager",
"drink",
+ "dsonlymemberuid",
"dsrecord",
+ "duration",
"edupersonaffiliation",
"edupersonentitlement",
"edupersonnickname",
@@ -768,15 +818,19 @@
"edupersonscopedaffiliation",
"employeenumber",
"employeetype",
+ "endrange",
"enhancedsearchguide",
"enrolledby",
"entrydn",
"entryid",
"entryusn",
+ "expiredcerts",
+ "extension",
"externalhost",
"externaluser",
"facsimiletelephonenumber",
"filterinfo",
+ "firstunsaved",
"followreferrals",
"fqdn",
"ftpdownloadbandwidth",
@@ -811,6 +865,7 @@
"idnsforwarders",
"idnsforwardpolicy",
"idnsname",
+ "idnspersistentsearch",
"idnssoaexpire",
"idnssoaminimum",
"idnssoamname",
@@ -820,6 +875,7 @@
"idnssoaserial",
"idnsupdatepolicy",
"idnszoneactive",
+ "idnszonerefresh",
"inetdomainbasedn",
"inetdomainstatus",
"inetsubscriberaccountid",
@@ -845,6 +901,7 @@
"ipadefaultloginshell",
"ipadefaultprimarygroup",
"ipaenabledflag",
+ "ipaentitlementid",
"ipaexternalmember",
"ipagroupobjectclasses",
"ipagroupsearchfields",
@@ -863,6 +920,8 @@
"ipantlogonscript",
"ipantprofilepath",
"ipantsecurityidentifier",
+ "ipantsidblacklistincoming",
+ "ipantsidblacklistoutgoing",
"ipantsupportedencryptiontypes",
"ipanttrustattributes",
"ipanttrustauthincoming",
@@ -873,8 +932,17 @@
"ipanttrustpartner",
"ipanttrustposixoffset",
"ipanttrusttype",
+ "ipapermbindruletype",
+ "ipapermdefaultattr",
+ "ipapermexcludedattr",
+ "ipapermincludedattr",
"ipapermissiontype",
+ "ipapermlocation",
+ "ipapermright",
+ "ipapermtarget",
+ "ipapermtargetfilter",
"ipapwdexpadvnotify",
+ "iparangetype",
"ipasearchrecordslimit",
"ipasearchtimelimit",
"ipasecondarybaserid",
@@ -889,7 +957,29 @@
"ipasudorunasgroup",
"ipasudorunasgroupcategory",
"ipasudorunasusercategory",
+ "ipatokendisabled",
+ "ipatokenhotpcounter",
+ "ipatokenmodel",
+ "ipatokennotafter",
+ "ipatokennotbefore",
+ "ipatokenotpalgorithm",
+ "ipatokenotpdigits",
+ "ipatokenotpkey",
+ "ipatokenowner",
+ "ipatokenradiusconfiglink",
+ "ipatokenradiusretries",
+ "ipatokenradiussecret",
+ "ipatokenradiusserver",
+ "ipatokenradiustimeout",
+ "ipatokenradiususername",
+ "ipatokenserial",
+ "ipatokentotpclockoffset",
+ "ipatokentotptimestep",
+ "ipatokenuniqueid",
+ "ipatokenusermapattribute",
+ "ipatokenvendor",
"ipauniqueid",
+ "ipauserauthtype",
"ipauserobjectclasses",
"ipausersearchfields",
"iphostnumber",
@@ -899,6 +989,9 @@
"ipserviceport",
"ipserviceprotocol",
"isreplicated",
+ "issuedby",
+ "issueinfo",
+ "issuername",
"javaclassname",
"javaclassnames",
"javacodebase",
@@ -908,6 +1001,8 @@
"javaserializeddata",
"jpegphoto",
"keyrecord",
+ "keysize",
+ "keystate",
"krbadmservers",
"krbcanonicalname",
"krbdefaultencsalttypes",
@@ -997,6 +1092,7 @@
"mepmappedattr",
"meprdnattr",
"mepstaticattr",
+ "metainfo",
"mgrpaddheader",
"mgrpallowedbroadcaster",
"mgrpalloweddomain",
@@ -1040,6 +1136,8 @@
"netscapereversiblepassword",
"newrdn",
"newsuperior",
+ "nextrange",
+ "nextupdate",
"nisdomain",
"nisdomainname",
"nismapentry",
@@ -1050,6 +1148,8 @@
"nisnetiduser",
"nispublickey",
"nissecretkey",
+ "notafter",
+ "notbefore",
"nsaccesslog",
"nsaccountlock",
"nsadminaccessaddresses",
@@ -1091,6 +1191,8 @@
"nsds5replconflict",
"nsds5replicaabortcleanruv",
"nsds5replicaautoreferral",
+ "nsds5replicabackoffmax",
+ "nsds5replicabackoffmin",
"nsds5replicabinddn",
"nsds5replicabindmethod",
"nsds5replicabusywaittime",
@@ -1111,6 +1213,7 @@
"nsds5replicalegacyconsumer",
"nsds5replicaname",
"nsds5replicaport",
+ "nsds5replicaprotocoltimeout",
"nsds5replicapurgedelay",
"nsds5replicareferral",
"nsds5replicaroot",
@@ -1142,6 +1245,7 @@
"nshostlocation",
"nsidletimeout",
"nsidlistscanlimit",
+ "nsindexidlistscanlimit",
"nsindextype",
"nsinstalledlocation",
"nsjarfilename",
@@ -1171,9 +1275,11 @@
"nsrole",
"nsroledn",
"nsrolefilter",
+ "nsrolescopedn",
"nsruvreplicalastmodified",
"nssaslmapbasedntemplate",
"nssaslmapfiltertemplate",
+ "nssaslmappriority",
"nssaslmapregexstring",
"nsschemacsn",
"nssecureserverport",
@@ -1188,6 +1294,7 @@
"nsslapd-changelogsuffix",
"nsslapd-ldapiautodnsuffix",
"nsslapd-parent-suffix",
+ "nsslapd-plugin-depends-on-type",
"nsslapd-pluginconfigarea",
"nsslapd-plugindescription",
"nsslapd-pluginenabled",
@@ -1198,6 +1305,8 @@
"nsslapd-pluginvendor",
"nsslapd-pluginversion",
"nsslapd-readonly",
+ "nsslapd-sasl-mapping-fallback",
+ "nsslapd-sasl-max-buffer-size",
"nsslapd-suffix",
"nssnmpcontact",
"nssnmpdescription",
@@ -1295,6 +1404,8 @@
"organizationalstatus",
"ou",
"owner",
+ "ownername",
+ "p12expiration",
"pager",
"pamexcludesuffix",
"pamfallback",
@@ -1307,6 +1418,8 @@
"pamservice",
"parentid",
"parentorganization",
+ "password",
+ "passwordadmindn",
"passwordallowchangetime",
"passwordchange",
"passwordchecksyntax",
@@ -1338,6 +1451,7 @@
"passwordresetfailurecount",
"passwordretrycount",
"passwordstoragescheme",
+ "passwordtrackupdatetime",
"passwordunlock",
"passwordwarning",
"personaltitle",
@@ -1385,8 +1499,13 @@
"printer-stacking-order-supported",
"printer-uri",
"printer-xri-supported",
+ "privatekeydata",
"profilettl",
+ "proofofarchival",
"ptrrecord",
+ "publickeydata",
+ "publickeyformat",
+ "publishingstatus",
"pwdpolicysubentry",
"pwdupdatetime",
"ref",
@@ -1408,9 +1527,31 @@
"replicaupdatereplayed",
"replicaupdateschedule",
"replicausessl",
+ "requestagentgroup",
+ "requesterror",
+ "requestflag",
+ "requestid",
+ "requestinfo",
+ "requestowner",
+ "requestresult",
+ "requestsourceid",
+ "requeststate",
+ "requesttype",
+ "resourceacls",
"retrycountresettime",
+ "revinfo",
+ "revokedby",
+ "revokedcerts",
+ "revokedon",
"roleoccupant",
"roomnumber",
+ "rootdn-allow-host",
+ "rootdn-allow-ip",
+ "rootdn-close-time",
+ "rootdn-days-allowed",
+ "rootdn-deny-host",
+ "rootdn-deny-ip",
+ "rootdn-open-time",
"rrsigrecord",
"sabayonprofilename",
"sabayonprofileurl",
@@ -1475,7 +1616,12 @@
"searchguide",
"searchtimelimit",
"secretary",
+ "secureadminport",
+ "secureagentport",
+ "secureeeclientauthport",
+ "secureport",
"seealso",
+ "serialno",
"serialnumber",
"serverhostname",
"serverproductname",
@@ -1485,6 +1631,7 @@
"servicecategory",
"servicecredentiallevel",
"servicesearchdescriptor",
+ "sessioncontext",
"shadowexpire",
"shadowflag",
"shadowinactive",
@@ -1492,6 +1639,7 @@
"shadowmax",
"shadowmin",
"shadowwarning",
+ "signingalgorithmid",
"sigrecord",
"sn",
"sourcehost",
@@ -1499,9 +1647,12 @@
"srvrecord",
"sshfprecord",
"st",
+ "status",
"street",
"structuralobjectclass",
+ "subjectname",
"subschemasubentry",
+ "subsystemname",
"subtreeaci",
"sudocmd",
"sudocommand",
@@ -1524,38 +1675,54 @@
"telephonenumber",
"teletexterminalidentifier",
"telexnumber",
+ "thisupdate",
"title",
"tombstonenumsubordinates",
+ "transid",
+ "transname",
+ "transops",
+ "transstatus",
"trustmodel",
"ttl",
"txtrecord",
"uid",
"uidnumber",
- "unhashed#user#password",
"uniqueidentifier",
"uniquemember",
+ "unrevokedcerts",
+ "unsecureport",
"usercategory",
"usercertificate",
"userclass",
+ "userdn",
+ "usermessages",
"userpassword",
"userpkcs12",
"usersmimecertificate",
+ "userstate",
+ "usertype",
"vacationenddate",
"vacationstartdate",
"vendorname",
"vendorversion",
+ "version",
"vlvbase",
"vlvenabled",
"vlvfilter",
"vlvscope",
"vlvsort",
"vlvuses",
+ "winsyncdirectoryfilter",
"winsyncinterval",
+ "winsyncmoveaction",
+ "winsyncsubtreepair",
+ "winsyncwindowsfilter",
"x121address",
"x500uniqueidentifier"
],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=costemplates,cn=accounts",
"default_attributes": [
"cn",
@@ -1674,7 +1841,7 @@
},
{
"class": "Str",
- "doc": "Comma-separated list of permissions to grant (read, write). Default is write.",
+ "doc": "Permissions to grant (read, write). Default is write.",
"flags": [],
"label": "Permissions",
"multivalue": true,
@@ -1684,7 +1851,7 @@
},
{
"class": "Str",
- "doc": "Comma-separated list of attributes",
+ "doc": "Attributes to which the delegation applies",
"flags": [],
"label": "Attributes",
"multivalue": true,
@@ -1719,6 +1886,7 @@
"aciattrs": [],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "",
"default_attributes": [
"idnsforwardpolicy",
@@ -1767,7 +1935,7 @@
"takes_params": [
{
"class": "Str",
- "doc": "A list of global forwarders. A custom port can be specified for each forwarder using a standard format \"IP_ADDRESS port PORT\"",
+ "doc": "Global forwarders. A custom port can be specified for each forwarder using a standard format \"IP_ADDRESS port PORT\"",
"flags": [],
"label": "Global forwarders",
"multivalue": true,
@@ -1777,14 +1945,15 @@
},
{
"class": "StrEnum",
- "doc": "Forward policy",
+ "doc": "Global forwarding policy. Set to \"none\" to disable any configured global forwarders.",
"flags": [],
"label": "Forward policy",
"name": "idnsforwardpolicy",
"type": "unicode",
"values": [
"only",
- "first"
+ "first",
+ "none"
]
},
{
@@ -1794,6 +1963,17 @@
"label": "Allow PTR sync",
"name": "idnsallowsyncptr",
"type": "bool"
+ },
+ {
+ "class": "DeprecatedParam",
+ "deprecate": true,
+ "doc": "Zone refresh interval",
+ "flags": [
+ "no_option"
+ ],
+ "label": "Zone refresh interval",
+ "name": "idnszonerefresh",
+ "type": "object"
}
],
"uuid_attribute": ""
@@ -1805,7 +1985,6 @@
"afsdbrecord",
"arecord",
"certrecord",
- "cn",
"cnamerecord",
"dnamerecord",
"dnsclass",
@@ -1834,6 +2013,7 @@
],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": true,
"container_dn": "cn=dns",
"default_attributes": [
"idnsname",
@@ -1995,7 +2175,7 @@
},
{
"class": "ARecord",
- "doc": "Comma-separated list of raw A records",
+ "doc": "Raw A records",
"flags": [],
"label": "A record",
"multivalue": true,
@@ -2036,7 +2216,7 @@
},
{
"class": "AAAARecord",
- "doc": "Comma-separated list of raw AAAA records",
+ "doc": "Raw AAAA records",
"flags": [],
"label": "AAAA record",
"multivalue": true,
@@ -2077,7 +2257,7 @@
},
{
"class": "A6Record",
- "doc": "Comma-separated list of raw A6 records",
+ "doc": "Raw A6 records",
"flags": [],
"label": "A6 record",
"multivalue": true,
@@ -2104,7 +2284,7 @@
},
{
"class": "AFSDBRecord",
- "doc": "Comma-separated list of raw AFSDB records",
+ "doc": "Raw AFSDB records",
"flags": [],
"label": "AFSDB record",
"multivalue": true,
@@ -2147,7 +2327,7 @@
},
{
"class": "APLRecord",
- "doc": "Comma-separated list of raw APL records",
+ "doc": "Raw APL records",
"flags": [
"no_option"
],
@@ -2162,7 +2342,7 @@
},
{
"class": "CERTRecord",
- "doc": "Comma-separated list of raw CERT records",
+ "doc": "Raw CERT records",
"flags": [],
"label": "CERT record",
"multivalue": true,
@@ -2234,7 +2414,7 @@
},
{
"class": "CNAMERecord",
- "doc": "Comma-separated list of raw CNAME records",
+ "doc": "Raw CNAME records",
"flags": [],
"label": "CNAME record",
"multivalue": true,
@@ -2261,7 +2441,7 @@
},
{
"class": "DHCIDRecord",
- "doc": "Comma-separated list of raw DHCID records",
+ "doc": "Raw DHCID records",
"flags": [
"no_option"
],
@@ -2276,7 +2456,7 @@
},
{
"class": "DLVRecord",
- "doc": "Comma-separated list of raw DLV records",
+ "doc": "Raw DLV records",
"flags": [
"no_option"
],
@@ -2291,7 +2471,7 @@
},
{
"class": "DNAMERecord",
- "doc": "Comma-separated list of raw DNAME records",
+ "doc": "Raw DNAME records",
"flags": [],
"label": "DNAME record",
"multivalue": true,
@@ -2318,7 +2498,7 @@
},
{
"class": "DNSKEYRecord",
- "doc": "Comma-separated list of raw DNSKEY records",
+ "doc": "Raw DNSKEY records",
"flags": [
"no_option"
],
@@ -2333,7 +2513,7 @@
},
{
"class": "DSRecord",
- "doc": "Comma-separated list of raw DS records",
+ "doc": "Raw DS records",
"flags": [],
"label": "DS record",
"multivalue": true,
@@ -2405,7 +2585,7 @@
},
{
"class": "HIPRecord",
- "doc": "Comma-separated list of raw HIP records",
+ "doc": "Raw HIP records",
"flags": [
"no_option"
],
@@ -2420,7 +2600,7 @@
},
{
"class": "IPSECKEYRecord",
- "doc": "Comma-separated list of raw IPSECKEY records",
+ "doc": "Raw IPSECKEY records",
"flags": [
"no_option"
],
@@ -2435,7 +2615,7 @@
},
{
"class": "KEYRecord",
- "doc": "Comma-separated list of raw KEY records",
+ "doc": "Raw KEY records",
"flags": [],
"label": "KEY record",
"multivalue": true,
@@ -2507,7 +2687,7 @@
},
{
"class": "KXRecord",
- "doc": "Comma-separated list of raw KX records",
+ "doc": "Raw KX records",
"flags": [],
"label": "KX record",
"multivalue": true,
@@ -2549,7 +2729,7 @@
},
{
"class": "LOCRecord",
- "doc": "Comma-separated list of raw LOC records",
+ "doc": "Raw LOC records",
"flags": [],
"label": "LOC record",
"multivalue": true,
@@ -2789,7 +2969,7 @@
},
{
"class": "MXRecord",
- "doc": "Comma-separated list of raw MX records",
+ "doc": "Raw MX records",
"flags": [],
"label": "MX record",
"multivalue": true,
@@ -2831,7 +3011,7 @@
},
{
"class": "NAPTRRecord",
- "doc": "Comma-separated list of raw NAPTR records",
+ "doc": "Raw NAPTR records",
"flags": [],
"label": "NAPTR record",
"multivalue": true,
@@ -2930,7 +3110,7 @@
},
{
"class": "NSRecord",
- "doc": "Comma-separated list of raw NS records",
+ "doc": "Raw NS records",
"flags": [],
"label": "NS record",
"multivalue": true,
@@ -2957,7 +3137,7 @@
},
{
"class": "NSECRecord",
- "doc": "Comma-separated list of raw NSEC records",
+ "doc": "Raw NSEC records",
"flags": [],
"label": "NSEC record",
"multivalue": true,
@@ -3035,7 +3215,7 @@
},
{
"class": "NSEC3Record",
- "doc": "Comma-separated list of raw NSEC3 records",
+ "doc": "Raw NSEC3 records",
"flags": [
"no_option"
],
@@ -3050,7 +3230,7 @@
},
{
"class": "NSEC3PARAMRecord",
- "doc": "Comma-separated list of raw NSEC3PARAM records",
+ "doc": "Raw NSEC3PARAM records",
"flags": [
"no_option"
],
@@ -3065,7 +3245,7 @@
},
{
"class": "PTRRecord",
- "doc": "Comma-separated list of raw PTR records",
+ "doc": "Raw PTR records",
"flags": [],
"label": "PTR record",
"multivalue": true,
@@ -3092,7 +3272,7 @@
},
{
"class": "RRSIGRecord",
- "doc": "Comma-separated list of raw RRSIG records",
+ "doc": "Raw RRSIG records",
"flags": [],
"label": "RRSIG record",
"multivalue": true,
@@ -3270,7 +3450,7 @@
},
{
"class": "RPRecord",
- "doc": "Comma-separated list of raw RP records",
+ "doc": "Raw RP records",
"flags": [
"no_option"
],
@@ -3285,7 +3465,7 @@
},
{
"class": "SIGRecord",
- "doc": "Comma-separated list of raw SIG records",
+ "doc": "Raw SIG records",
"flags": [],
"label": "SIG record",
"multivalue": true,
@@ -3463,7 +3643,7 @@
},
{
"class": "SPFRecord",
- "doc": "Comma-separated list of raw SPF records",
+ "doc": "Raw SPF records",
"flags": [
"no_option"
],
@@ -3478,7 +3658,7 @@
},
{
"class": "SRVRecord",
- "doc": "Comma-separated list of raw SRV records",
+ "doc": "Raw SRV records",
"flags": [],
"label": "SRV record",
"multivalue": true,
@@ -3550,7 +3730,7 @@
},
{
"class": "SSHFPRecord",
- "doc": "Comma-separated list of raw SSHFP records",
+ "doc": "Raw SSHFP records",
"flags": [],
"label": "SSHFP record",
"multivalue": true,
@@ -3607,7 +3787,7 @@
},
{
"class": "TARecord",
- "doc": "Comma-separated list of raw TA records",
+ "doc": "Raw TA records",
"flags": [
"no_option"
],
@@ -3622,7 +3802,7 @@
},
{
"class": "TKEYRecord",
- "doc": "Comma-separated list of raw TKEY records",
+ "doc": "Raw TKEY records",
"flags": [
"no_option"
],
@@ -3637,7 +3817,7 @@
},
{
"class": "TSIGRecord",
- "doc": "Comma-separated list of raw TSIG records",
+ "doc": "Raw TSIG records",
"flags": [
"no_option"
],
@@ -3652,7 +3832,7 @@
},
{
"class": "TXTRecord",
- "doc": "Comma-separated list of raw TXT records",
+ "doc": "Raw TXT records",
"flags": [],
"label": "TXT record",
"multivalue": true,
@@ -3687,7 +3867,6 @@
"afsdbrecord",
"arecord",
"certrecord",
- "cn",
"cnamerecord",
"dnamerecord",
"dnsclass",
@@ -3731,6 +3910,7 @@
],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=dns",
"default_attributes": [
"idnsname",
@@ -3880,7 +4060,7 @@
"doc": "SOA record serial number",
"flags": [],
"label": "SOA serial",
- "maxvalue": 2147483647,
+ "maxvalue": 4294967295,
"minvalue": 1,
"name": "idnssoaserial",
"required": true,
@@ -3928,7 +4108,7 @@
"doc": "How long should negative responses be cached",
"flags": [],
"label": "SOA minimum",
- "maxvalue": 10800,
+ "maxvalue": 2147483647,
"minvalue": 0,
"name": "idnssoaminimum",
"required": true,
@@ -3940,7 +4120,7 @@
"flags": [],
"label": "SOA time to live",
"maxvalue": 2147483647,
- "minvalue": -2147483648,
+ "minvalue": 0,
"name": "dnsttl",
"type": "int"
},
@@ -4010,7 +4190,7 @@
},
{
"class": "Str",
- "doc": "A list of per-zone forwarders. A custom port can be specified for each forwarder using a standard format \"IP_ADDRESS port PORT\"",
+ "doc": "Per-zone forwarders. A custom port can be specified for each forwarder using a standard format \"IP_ADDRESS port PORT\"",
"flags": [],
"label": "Zone forwarders",
"multivalue": true,
@@ -4020,14 +4200,15 @@
},
{
"class": "StrEnum",
- "doc": "Forward policy",
+ "doc": "Per-zone conditional forwarding policy. Set to \"none\" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.",
"flags": [],
"label": "Forward policy",
"name": "idnsforwardpolicy",
"type": "unicode",
"values": [
"only",
- "first"
+ "first",
+ "none"
]
},
{
@@ -4085,6 +4266,7 @@
]
},
"bindable": false,
+ "can_have_permissions": true,
"container_dn": "cn=groups,cn=accounts",
"default_attributes": [
"cn",
@@ -4219,6 +4401,7 @@
]
},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=hbac",
"default_attributes": [
"cn",
@@ -4226,7 +4409,6 @@
"description",
"usercategory",
"hostcategory",
- "sourcehostcategory",
"servicecategory",
"ipaenabledflag",
"memberuser",
@@ -4347,15 +4529,15 @@
]
},
{
- "class": "StrEnum",
- "doc": "Source host category the rule applies to",
- "flags": [],
- "label": "Source host category",
+ "class": "DeprecatedParam",
+ "deprecate": true,
+ "doc": "<sourcehostcategory>",
+ "flags": [
+ "no_option"
+ ],
+ "label": "<sourcehostcategory>",
"name": "sourcehostcategory",
- "type": "unicode",
- "values": [
- "all"
- ]
+ "type": "object"
},
{
"class": "StrEnum",
@@ -4440,30 +4622,26 @@
"type": "unicode"
},
{
- "class": "Str",
- "doc": "Source Hosts",
+ "class": "DeprecatedParam",
+ "deprecate": true,
+ "doc": "<sourcehost_host>",
"flags": [
- "no_update",
- "no_create",
- "no_search"
+ "no_option"
],
- "label": "Source Hosts",
+ "label": "<sourcehost_host>",
"name": "sourcehost_host",
- "noextrawhitespace": true,
- "type": "unicode"
+ "type": "object"
},
{
- "class": "Str",
- "doc": "Source Host Groups",
+ "class": "DeprecatedParam",
+ "deprecate": true,
+ "doc": "<sourcehost_hostgroup>",
"flags": [
- "no_update",
- "no_create",
- "no_search"
+ "no_option"
],
- "label": "Source Host Groups",
+ "label": "<sourcehost_hostgroup>",
"name": "sourcehost_hostgroup",
- "noextrawhitespace": true,
- "type": "unicode"
+ "type": "object"
},
{
"class": "Str",
@@ -4520,6 +4698,7 @@
]
},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=hbacservices,cn=hbac",
"default_attributes": [
"cn",
@@ -4615,6 +4794,7 @@
]
},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=hbacservicegroups,cn=hbac",
"default_attributes": [
"cn",
@@ -4712,6 +4892,7 @@
"objectclass",
"serverhostname",
"usercertificate",
+ "userclass",
"userpassword"
],
"attribute_members": {
@@ -4740,6 +4921,7 @@
]
},
"bindable": true,
+ "can_have_permissions": true,
"container_dn": "cn=computers,cn=accounts",
"default_attributes": [
"fqdn",
@@ -4754,7 +4936,8 @@
"managedby",
"memberindirect",
"memberofindirect",
- "macaddress"
+ "macaddress",
+ "userclass"
],
"hidden_attributes": [
"objectclass",
@@ -4945,6 +5128,27 @@
"type": "unicode"
},
{
+ "class": "Str",
+ "doc": "Host category (semantics placed on this attribute are for local interpretation)",
+ "flags": [],
+ "label": "Class",
+ "multivalue": true,
+ "name": "userclass",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Bool",
+ "doc": "Pre-authentication is required for the service",
+ "flags": [
+ "virtual_attribute",
+ "no_search"
+ ],
+ "label": "Requires pre-authentication",
+ "name": "ipakrbrequirespreauth",
+ "type": "bool"
+ },
+ {
"class": "Bool",
"doc": "Client credentials may be delegated to the service",
"flags": [
@@ -4994,6 +5198,7 @@
]
},
"bindable": false,
+ "can_have_permissions": true,
"container_dn": "cn=hostgroups,cn=accounts",
"default_attributes": [
"cn",
@@ -5078,10 +5283,177 @@
],
"uuid_attribute": "ipauniqueid"
},
+ "idrange": {
+ "aciattrs": [
+ "cn",
+ "ipabaseid",
+ "ipabaserid",
+ "ipaidrangesize",
+ "ipanttrusteddomainsid",
+ "iparangetype",
+ "ipasecondarybaserid"
+ ],
+ "attribute_members": {},
+ "bindable": false,
+ "can_have_permissions": false,
+ "container_dn": "cn=ranges,cn=etc",
+ "default_attributes": [
+ "cn",
+ "ipabaseid",
+ "ipaidrangesize",
+ "ipabaserid",
+ "ipasecondarybaserid",
+ "ipanttrusteddomainsid",
+ "iparangetype"
+ ],
+ "hidden_attributes": [
+ "objectclass",
+ "aci"
+ ],
+ "label": "ID Ranges",
+ "label_singular": "ID Range",
+ "methods": [
+ "add",
+ "del",
+ "find",
+ "mod",
+ "show"
+ ],
+ "name": "idrange",
+ "object_class": [
+ "ipaIDrange"
+ ],
+ "object_class_config": null,
+ "object_name": "range",
+ "object_name_plural": "ranges",
+ "parent_object": "",
+ "primary_key": "cn",
+ "rdn_attribute": "",
+ "relationships": {
+ "member": [
+ "Member",
+ "",
+ "no_"
+ ],
+ "memberindirect": [
+ "Indirect Member",
+ null,
+ "no_indirect_"
+ ],
+ "memberof": [
+ "Member Of",
+ "in_",
+ "not_in_"
+ ],
+ "memberofindirect": [
+ "Indirect Member Of",
+ null,
+ "not_in_indirect_"
+ ]
+ },
+ "takes_params": [
+ {
+ "class": "Str",
+ "doc": "Range name",
+ "flags": [],
+ "label": "Range name",
+ "name": "cn",
+ "noextrawhitespace": true,
+ "primary_key": true,
+ "required": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Int",
+ "doc": "First Posix ID of the range",
+ "flags": [],
+ "label": "First Posix ID of the range",
+ "maxvalue": 2147483647,
+ "minvalue": -2147483648,
+ "name": "ipabaseid",
+ "required": true,
+ "type": "int"
+ },
+ {
+ "class": "Int",
+ "doc": "Number of IDs in the range",
+ "flags": [],
+ "label": "Number of IDs in the range",
+ "maxvalue": 2147483647,
+ "minvalue": -2147483648,
+ "name": "ipaidrangesize",
+ "required": true,
+ "type": "int"
+ },
+ {
+ "class": "Int",
+ "doc": "First RID of the corresponding RID range",
+ "flags": [],
+ "label": "First RID of the corresponding RID range",
+ "maxvalue": 2147483647,
+ "minvalue": -2147483648,
+ "name": "ipabaserid",
+ "type": "int"
+ },
+ {
+ "class": "Int",
+ "doc": "First RID of the secondary RID range",
+ "flags": [],
+ "label": "First RID of the secondary RID range",
+ "maxvalue": 2147483647,
+ "minvalue": -2147483648,
+ "name": "ipasecondarybaserid",
+ "type": "int"
+ },
+ {
+ "class": "Str",
+ "doc": "Domain SID of the trusted domain",
+ "flags": [
+ "no_update"
+ ],
+ "label": "Domain SID of the trusted domain",
+ "name": "ipanttrusteddomainsid",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Name of the trusted domain",
+ "flags": [
+ "no_update",
+ "no_search",
+ "virtual_attribute"
+ ],
+ "label": "Name of the trusted domain",
+ "name": "ipanttrusteddomainname",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "StrEnum",
+ "doc": "ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local, ipa-ad-winsync, ipa-ipa-trust",
+ "flags": [
+ "no_update"
+ ],
+ "label": "Range type",
+ "name": "iparangetype",
+ "type": "unicode",
+ "values": [
+ "ipa-ad-trust-posix",
+ "ipa-ad-trust",
+ "ipa-local",
+ "ipa-ad-winsync",
+ "ipa-ipa-trust"
+ ]
+ }
+ ],
+ "uuid_attribute": ""
+ },
"krbtpolicy": {
"aciattrs": [],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=EXAMPLE.COM,cn=kerberos",
"default_attributes": [
"krbmaxticketlife",
@@ -5197,6 +5569,7 @@
]
},
"bindable": false,
+ "can_have_permissions": true,
"container_dn": "cn=ng,cn=alt",
"default_attributes": [
"cn",
@@ -5349,12 +5722,288 @@
],
"uuid_attribute": "ipauniqueid"
},
+ "otptoken": {
+ "aciattrs": [
+ "description",
+ "ipatokendisabled",
+ "ipatokenhotpcounter",
+ "ipatokenmodel",
+ "ipatokennotafter",
+ "ipatokennotbefore",
+ "ipatokenotpalgorithm",
+ "ipatokenotpdigits",
+ "ipatokenotpkey",
+ "ipatokenowner",
+ "ipatokenserial",
+ "ipatokentotpclockoffset",
+ "ipatokentotptimestep",
+ "ipatokenuniqueid",
+ "ipatokenvendor",
+ "objectclass"
+ ],
+ "attribute_members": {},
+ "bindable": false,
+ "can_have_permissions": false,
+ "container_dn": "cn=otp",
+ "default_attributes": [
+ "ipatokenuniqueid",
+ "description",
+ "ipatokenowner",
+ "ipatokendisabled",
+ "ipatokennotbefore",
+ "ipatokennotafter",
+ "ipatokenvendor",
+ "ipatokenmodel",
+ "ipatokenserial"
+ ],
+ "hidden_attributes": [
+ "objectclass",
+ "aci"
+ ],
+ "label": "OTP Tokens",
+ "label_singular": "OTP Token",
+ "methods": [
+ "add",
+ "del",
+ "find",
+ "mod",
+ "show"
+ ],
+ "name": "otptoken",
+ "object_class": [
+ "ipatoken"
+ ],
+ "object_class_config": null,
+ "object_name": "OTP token",
+ "object_name_plural": "OTP tokens",
+ "parent_object": "",
+ "primary_key": "ipatokenuniqueid",
+ "rdn_attribute": "",
+ "relationships": {
+ "member": [
+ "Member",
+ "",
+ "no_"
+ ],
+ "memberindirect": [
+ "Indirect Member",
+ null,
+ "no_indirect_"
+ ],
+ "memberof": [
+ "Member Of",
+ "in_",
+ "not_in_"
+ ],
+ "memberofindirect": [
+ "Indirect Member Of",
+ null,
+ "not_in_indirect_"
+ ]
+ },
+ "takes_params": [
+ {
+ "class": "Str",
+ "doc": "Unique ID",
+ "flags": [
+ "optional_create"
+ ],
+ "label": "Unique ID",
+ "name": "ipatokenuniqueid",
+ "noextrawhitespace": true,
+ "primary_key": true,
+ "required": true,
+ "type": "unicode"
+ },
+ {
+ "class": "StrEnum",
+ "default": "totp",
+ "doc": "Type",
+ "flags": [
+ "no_update",
+ "virtual_attribute"
+ ],
+ "label": "Type",
+ "name": "type",
+ "type": "unicode",
+ "values": [
+ "totp",
+ "hotp"
+ ]
+ },
+ {
+ "class": "Str",
+ "doc": "Description",
+ "flags": [],
+ "label": "Description",
+ "name": "description",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Owner",
+ "flags": [],
+ "label": "Owner",
+ "name": "ipatokenowner",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Bool",
+ "doc": "Disabled state",
+ "flags": [],
+ "label": "Disabled state",
+ "name": "ipatokendisabled",
+ "type": "bool"
+ },
+ {
+ "class": "Str",
+ "doc": "Validity start",
+ "flags": [],
+ "label": "Validity start",
+ "name": "ipatokennotbefore",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Validity end",
+ "flags": [],
+ "label": "Validity end",
+ "name": "ipatokennotafter",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "default": "FreeIPA",
+ "doc": "Vendor",
+ "flags": [],
+ "label": "Vendor",
+ "name": "ipatokenvendor",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Model",
+ "flags": [],
+ "label": "Model",
+ "name": "ipatokenmodel",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Serial",
+ "flags": [],
+ "label": "Serial",
+ "name": "ipatokenserial",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "OTPTokenKey",
+ "confirm": true,
+ "doc": "Key",
+ "flags": [
+ "no_display",
+ "no_update",
+ "no_search"
+ ],
+ "label": "Key",
+ "name": "ipatokenotpkey",
+ "type": "str"
+ },
+ {
+ "class": "StrEnum",
+ "default": "sha1",
+ "doc": "Algorithm",
+ "flags": [
+ "no_update"
+ ],
+ "label": "Algorithm",
+ "name": "ipatokenotpalgorithm",
+ "type": "unicode",
+ "values": [
+ "sha1",
+ "sha256",
+ "sha384",
+ "sha512"
+ ]
+ },
+ {
+ "class": "IntEnum",
+ "default": 6,
+ "doc": "Display length",
+ "flags": [
+ "no_update"
+ ],
+ "label": "Display length",
+ "name": "ipatokenotpdigits",
+ "type": "int",
+ "values": [
+ 6,
+ 8
+ ]
+ },
+ {
+ "class": "Int",
+ "default": 0,
+ "doc": "Clock offset",
+ "flags": [
+ "no_update"
+ ],
+ "label": "Clock offset",
+ "maxvalue": 2147483647,
+ "minvalue": -2147483648,
+ "name": "ipatokentotpclockoffset",
+ "type": "int"
+ },
+ {
+ "class": "Int",
+ "default": 30,
+ "doc": "Clock interval",
+ "flags": [
+ "no_update"
+ ],
+ "label": "Clock interval",
+ "maxvalue": 2147483647,
+ "minvalue": 5,
+ "name": "ipatokentotptimestep",
+ "type": "int"
+ },
+ {
+ "class": "Int",
+ "default": 0,
+ "doc": "Counter",
+ "flags": [
+ "no_update"
+ ],
+ "label": "Counter",
+ "maxvalue": 2147483647,
+ "minvalue": 0,
+ "name": "ipatokenhotpcounter",
+ "type": "int"
+ }
+ ],
+ "uuid_attribute": ""
+ },
"permission": {
"aciattrs": [
"businesscategory",
"cn",
"description",
+ "ipapermbindruletype",
+ "ipapermdefaultattr",
+ "ipapermexcludedattr",
+ "ipapermincludedattr",
"ipapermissiontype",
+ "ipapermlocation",
+ "ipapermright",
+ "ipapermtarget",
+ "ipapermtargetfilter",
"member",
"o",
"objectclass",
@@ -5365,16 +6014,29 @@
"attribute_members": {
"member": [
"privilege"
+ ],
+ "memberindirect": [
+ "role"
]
},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=permissions,cn=pbac",
"default_attributes": [
"cn",
"member",
"memberof",
"memberindirect",
- "ipapermissiontype"
+ "ipapermissiontype",
+ "objectclass",
+ "ipapermdefaultattr",
+ "ipapermincludedattr",
+ "ipapermexcludedattr",
+ "ipapermbindruletype",
+ "ipapermlocation",
+ "ipapermright",
+ "ipapermtargetfilter",
+ "ipapermtarget"
],
"hidden_attributes": [
"objectclass",
@@ -5395,7 +6057,8 @@
"name": "permission",
"object_class": [
"groupofnames",
- "ipapermission"
+ "ipapermission",
+ "ipapermissionv2"
],
"object_class_config": null,
"object_name": "permission",
@@ -5433,95 +6096,214 @@
"label": "Permission name",
"name": "cn",
"noextrawhitespace": true,
- "pattern": "^[-_ a-zA-Z0-9]+$",
- "pattern_errmsg": "May only contain letters, numbers, -, _, and space",
+ "pattern": "^[-_ a-zA-Z0-9.]+$",
+ "pattern_errmsg": "May only contain letters, numbers, -, _, ., and space",
"primary_key": true,
"required": true,
"type": "unicode"
},
{
- "class": "Str",
- "doc": "Comma-separated list of permissions to grant (read, write, add, delete, all)",
+ "class": "StrEnum",
+ "doc": "Rights to grant (read, search, compare, write, add, delete, all)",
"flags": [],
"label": "Permissions",
"multivalue": true,
- "name": "permissions",
+ "name": "ipapermright",
+ "type": "unicode",
+ "values": [
+ "read",
+ "search",
+ "compare",
+ "write",
+ "add",
+ "delete",
+ "all"
+ ]
+ },
+ {
+ "class": "Str",
+ "doc": "All attributes to which the permission applies",
+ "flags": [
+ "virtual_attribute",
+ "allow_mod_for_managed_permission"
+ ],
+ "label": "Effective attributes",
+ "multivalue": true,
+ "name": "attrs",
"noextrawhitespace": true,
- "required": true,
"type": "unicode"
},
{
"class": "Str",
- "doc": "Comma-separated list of attributes",
+ "doc": "User-specified attributes to which the permission applies",
"flags": [
- "ask_create"
+ "no_create",
+ "allow_mod_for_managed_permission"
],
- "label": "Attributes",
+ "label": "Included attributes",
"multivalue": true,
- "name": "attrs",
+ "name": "ipapermincludedattr",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "User-specified attributes to which the permission explicitly does not apply",
+ "flags": [
+ "no_create",
+ "allow_mod_for_managed_permission"
+ ],
+ "label": "Excluded attributes",
+ "multivalue": true,
+ "name": "ipapermexcludedattr",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Attributes to which the permission applies by default",
+ "flags": [
+ "no_update",
+ "no_create"
+ ],
+ "label": "Default attributes",
+ "multivalue": true,
+ "name": "ipapermdefaultattr",
"noextrawhitespace": true,
"type": "unicode"
},
{
"class": "StrEnum",
- "doc": "Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)",
+ "default": "permission",
+ "doc": "Bind rule type",
"flags": [
- "ask_create"
+ "allow_mod_for_managed_permission"
],
- "label": "Type",
- "name": "type",
+ "label": "Bind rule type",
+ "name": "ipapermbindruletype",
+ "required": true,
"type": "unicode",
"values": [
- "user",
- "group",
- "host",
- "service",
- "hostgroup",
- "netgroup",
- "dnsrecord"
+ "permission",
+ "all",
+ "anonymous"
]
},
{
- "class": "Str",
- "doc": "Target members of a group",
+ "class": "DNOrURL",
+ "doc": "Subtree to apply permissions to",
"flags": [
"ask_create"
],
+ "label": "Subtree",
+ "name": "ipapermlocation",
+ "type": "DN"
+ },
+ {
+ "class": "Str",
+ "doc": "Extra target filter",
+ "flags": [
+ "virtual_attribute"
+ ],
+ "label": "Extra target filter",
+ "multivalue": true,
+ "name": "extratargetfilter",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "All target filters, including those implied by type and memberof",
+ "flags": [],
+ "label": "Raw target filter",
+ "multivalue": true,
+ "name": "ipapermtargetfilter",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "DNParam",
+ "doc": "ACI target DN",
+ "flags": [
+ "no_option"
+ ],
+ "label": "ACI target DN",
+ "name": "ipapermtarget",
+ "type": "DN"
+ },
+ {
+ "class": "Str",
+ "doc": "Target members of a group (sets memberOf targetfilter)",
+ "flags": [
+ "ask_create",
+ "virtual_attribute"
+ ],
"label": "Member of group",
+ "multivalue": true,
"name": "memberof",
"noextrawhitespace": true,
"type": "unicode"
},
{
"class": "Str",
- "doc": "Legal LDAP filter (e.g. ou=Engineering)",
+ "doc": "User group to apply permissions to (sets target)",
"flags": [
- "ask_create"
+ "ask_create",
+ "virtual_attribute"
+ ],
+ "label": "Target group",
+ "name": "targetgroup",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Type of IPA object (sets subtree and objectClass targetfilter)",
+ "flags": [
+ "ask_create",
+ "virtual_attribute"
+ ],
+ "label": "Type",
+ "name": "type",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Deprecated; use extratargetfilter",
+ "flags": [
+ "no_option",
+ "virtual_attribute"
],
- "label": "Filter",
+ "label": "<filter>",
+ "multivalue": true,
"name": "filter",
"noextrawhitespace": true,
"type": "unicode"
},
{
"class": "Str",
- "doc": "Subtree to apply permissions to",
+ "doc": "Deprecated; use ipapermlocation",
"flags": [
- "ask_create"
+ "no_option",
+ "virtual_attribute"
],
- "label": "Subtree",
+ "label": "<subtree>",
+ "multivalue": true,
"name": "subtree",
"noextrawhitespace": true,
"type": "unicode"
},
{
"class": "Str",
- "doc": "User group to apply permissions to",
+ "doc": "Deprecated; use ipapermright",
"flags": [
- "ask_create"
+ "no_option",
+ "virtual_attribute"
],
- "label": "Target group",
- "name": "targetgroup",
+ "label": "<permissions>",
+ "multivalue": true,
+ "name": "permissions",
"noextrawhitespace": true,
"type": "unicode"
}
@@ -5553,6 +6335,7 @@
]
},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=privileges,cn=pbac",
"default_attributes": [
"cn",
@@ -5650,6 +6433,7 @@
],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=EXAMPLE.COM,cn=kerberos",
"default_attributes": [
"cn",
@@ -5726,7 +6510,7 @@
"doc": "Maximum password lifetime (in days)",
"flags": [],
"label": "Max lifetime (days)",
- "maxvalue": 2147483647,
+ "maxvalue": 20000,
"minvalue": 0,
"name": "krbmaxpwdlife",
"type": "int"
@@ -5817,33 +6601,35 @@
],
"uuid_attribute": ""
},
- "idrange": {
+ "radiusproxy": {
"aciattrs": [
"cn",
- "ipabaseid",
- "ipabaserid",
- "ipaidrangesize",
- "ipanttrusteddomainsid",
- "ipasecondarybaserid"
+ "description",
+ "ipatokenradiusretries",
+ "ipatokenradiussecret",
+ "ipatokenradiusserver",
+ "ipatokenradiustimeout",
+ "ipatokenusermapattribute",
+ "objectclass"
],
"attribute_members": {},
"bindable": false,
- "container_dn": "cn=ranges,cn=etc",
+ "can_have_permissions": false,
+ "container_dn": "cn=radiusproxy",
"default_attributes": [
"cn",
- "ipabaseid",
- "ipaidrangesize",
- "ipabaserid",
- "ipasecondarybaserid",
- "ipanttrusteddomainsid",
- "iparangetype"
+ "description",
+ "ipatokenradiusserver",
+ "ipatokenradiustimeout",
+ "ipatokenradiusretries",
+ "ipatokenusermapattribute"
],
"hidden_attributes": [
"objectclass",
"aci"
],
- "label": "Ranges",
- "label_singular": "Range",
+ "label": "RADIUS Servers",
+ "label_singular": "RADIUS Server",
"methods": [
"add",
"del",
@@ -5851,13 +6637,13 @@
"mod",
"show"
],
- "name": "range",
+ "name": "radiusproxy",
"object_class": [
- "ipaIDrange"
+ "ipatokenradiusconfiguration"
],
"object_class_config": null,
- "object_name": "range",
- "object_name_plural": "ranges",
+ "object_name": "RADIUS proxy server",
+ "object_name_plural": "RADIUS proxy servers",
"parent_object": "",
"primary_key": "cn",
"rdn_attribute": "",
@@ -5886,9 +6672,9 @@
"takes_params": [
{
"class": "Str",
- "doc": "Range name",
+ "doc": "RADIUS proxy server name",
"flags": [],
- "label": "Range name",
+ "label": "RADIUS proxy server name",
"name": "cn",
"noextrawhitespace": true,
"primary_key": true,
@@ -5896,65 +6682,64 @@
"type": "unicode"
},
{
- "class": "Int",
- "doc": "First Posix ID of the range",
+ "class": "Str",
+ "doc": "A description of this RADIUS proxy server",
"flags": [],
- "label": "First Posix ID of the range",
- "maxvalue": 2147483647,
- "minvalue": -2147483648,
- "name": "ipabaseid",
- "required": true,
- "type": "int"
+ "label": "Description",
+ "name": "description",
+ "noextrawhitespace": true,
+ "type": "unicode"
},
{
- "class": "Int",
- "doc": "Number of IDs in the range",
+ "class": "Str",
+ "doc": "The hostname or IP (with or without port)",
"flags": [],
- "label": "Number of IDs in the range",
- "maxvalue": 2147483647,
- "minvalue": -2147483648,
- "name": "ipaidrangesize",
+ "label": "Server",
+ "multivalue": true,
+ "name": "ipatokenradiusserver",
+ "noextrawhitespace": true,
"required": true,
- "type": "int"
+ "type": "unicode"
},
{
- "class": "Int",
- "doc": "First RID of the corresponding RID range",
- "flags": [],
- "label": "First RID of the corresponding RID range",
- "maxvalue": 2147483647,
- "minvalue": -2147483648,
- "name": "ipabaserid",
+ "class": "Password",
+ "confirm": true,
+ "doc": "The secret used to encrypt data",
+ "flags": [
+ "no_option"
+ ],
+ "label": "Secret",
+ "name": "ipatokenradiussecret",
+ "noextrawhitespace": true,
"required": true,
- "type": "int"
+ "type": "unicode"
},
{
"class": "Int",
- "doc": "First RID of the secondary RID range",
+ "doc": "The total timeout across all retries (in seconds)",
"flags": [],
- "label": "First RID of the secondary RID range",
+ "label": "Timeout",
"maxvalue": 2147483647,
- "minvalue": -2147483648,
- "name": "ipasecondarybaserid",
+ "minvalue": 1,
+ "name": "ipatokenradiustimeout",
"type": "int"
},
{
- "class": "Str",
- "doc": "Domain SID of the trusted domain",
+ "class": "Int",
+ "doc": "The number of times to retry authentication",
"flags": [],
- "label": "Domain SID of the trusted domain",
- "name": "ipanttrusteddomainsid",
- "noextrawhitespace": true,
- "type": "unicode"
+ "label": "Retries",
+ "maxvalue": 10,
+ "minvalue": 0,
+ "name": "ipatokenradiusretries",
+ "type": "int"
},
{
"class": "Str",
- "doc": "Range type",
- "flags": [
- "no_option"
- ],
- "label": "Range type",
- "name": "iparangetype",
+ "doc": "The username attribute on the user object",
+ "flags": [],
+ "label": "User attribute",
+ "name": "ipatokenusermapattribute",
"noextrawhitespace": true,
"type": "unicode"
}
@@ -5965,8 +6750,11 @@
"aciattrs": [],
"attribute_members": {},
"bindable": false,
- "container_dn": "",
- "default_attributes": ["associateddomain"],
+ "can_have_permissions": false,
+ "container_dn": "cn=Realm Domains,cn=ipa,cn=etc",
+ "default_attributes": [
+ "associateddomain"
+ ],
"hidden_attributes": [
"objectclass",
"aci"
@@ -5978,27 +6766,63 @@
"show"
],
"name": "realmdomains",
- "object_class": [
- "domainrelatedobject",
- "top",
- "nscontainter"
- ],
+ "object_class": [],
"object_class_config": null,
- "object_name": "realmdomains",
- "object_name_plural": "realmdomains",
+ "object_name": "Realm domains",
+ "object_name_plural": "entries",
"parent_object": "",
"rdn_attribute": "",
- "relationships": {},
+ "relationships": {
+ "member": [
+ "Member",
+ "",
+ "no_"
+ ],
+ "memberindirect": [
+ "Indirect Member",
+ null,
+ "no_indirect_"
+ ],
+ "memberof": [
+ "Member Of",
+ "in_",
+ "not_in_"
+ ],
+ "memberofindirect": [
+ "Indirect Member Of",
+ null,
+ "not_in_indirect_"
+ ]
+ },
"takes_params": [
{
"class": "Str",
"doc": "Domain",
"flags": [],
"label": "Domain",
+ "multivalue": true,
"name": "associateddomain",
+ "noextrawhitespace": true,
"required": true,
- "type": "unicode",
- "multivalued": true
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Add domain",
+ "flags": [],
+ "label": "Add domain",
+ "name": "add_domain",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Delete domain",
+ "flags": [],
+ "label": "Delete domain",
+ "name": "del_domain",
+ "noextrawhitespace": true,
+ "type": "unicode"
}
],
"uuid_attribute": ""
@@ -6028,6 +6852,7 @@
]
},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=roles,cn=accounts",
"default_attributes": [
"cn",
@@ -6143,7 +6968,7 @@
},
{
"class": "Str",
- "doc": "Comma-separated list of permissions to grant (read, write). Default is write.",
+ "doc": "Permissions to grant (read, write). Default is write.",
"flags": [],
"label": "Permissions",
"multivalue": true,
@@ -6153,7 +6978,7 @@
},
{
"class": "Str",
- "doc": "Comma-separated list of attributes",
+ "doc": "Attributes to which the permission applies.",
"flags": [],
"label": "Attributes",
"multivalue": true,
@@ -6189,6 +7014,7 @@
]
},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=usermap,cn=selinux",
"default_attributes": [
"cn",
@@ -6419,6 +7245,7 @@
]
},
"bindable": true,
+ "can_have_permissions": true,
"container_dn": "cn=services,cn=accounts",
"default_attributes": [
"krbprincipalname",
@@ -6449,8 +7276,7 @@
"krbticketpolicyaux",
"ipaobject",
"ipaservice",
- "pkiuser",
- "ipakrbprincipal"
+ "pkiuser"
],
"object_class_config": null,
"object_name": "service",
@@ -6489,7 +7315,7 @@
},
{
"class": "StrEnum",
- "doc": "Types of PAC this service supports",
+ "doc": "Override default list of supported PAC types. Use 'NONE' to disable PAC support for this service, e.g. this might be necessary for NFS services.",
"flags": [],
"label": "PAC type",
"multivalue": true,
@@ -6503,6 +7329,17 @@
},
{
"class": "Bool",
+ "doc": "Pre-authentication is required for the service",
+ "flags": [
+ "virtual_attribute",
+ "no_search"
+ ],
+ "label": "Requires pre-authentication",
+ "name": "ipakrbrequirespreauth",
+ "type": "bool"
+ },
+ {
+ "class": "Bool",
"doc": "Client credentials may be delegated to the service",
"flags": [
"virtual_attribute",
@@ -6529,6 +7366,7 @@
]
},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=sudocmds,cn=sudo",
"default_attributes": [
"sudocmd",
@@ -6558,7 +7396,7 @@
"object_name_plural": "sudo commands",
"parent_object": "",
"primary_key": "sudocmd",
- "rdn_attribute": "",
+ "rdn_attribute": "ipauniqueid",
"relationships": {
"member": [
"Member",
@@ -6624,6 +7462,7 @@
]
},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=sudocmdgroups,cn=sudo",
"default_attributes": [
"cn",
@@ -6782,6 +7621,7 @@
]
},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=sudorules,cn=sudo",
"default_attributes": [
"cn",
@@ -7163,6 +8003,8 @@
"aciattrs": [
"cn",
"ipantflatname",
+ "ipantsidblacklistincoming",
+ "ipantsidblacklistoutgoing",
"ipantsupportedencryptiontypes",
"ipanttrustattributes",
"ipanttrustauthincoming",
@@ -7177,6 +8019,7 @@
],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "cn=trusts",
"default_attributes": [
"cn",
@@ -7201,6 +8044,7 @@
"methods": [
"add",
"del",
+ "fetch_domains",
"find",
"mod",
"show"
@@ -7306,6 +8150,7 @@
"aciattrs": [],
"attribute_members": {},
"bindable": false,
+ "can_have_permissions": false,
"container_dn": "",
"default_attributes": [
"cn",
@@ -7415,6 +8260,125 @@
],
"uuid_attribute": ""
},
+ "trustdomain": {
+ "aciattrs": [
+ "cn",
+ "ipantflatname",
+ "ipantsidblacklistincoming",
+ "ipantsidblacklistoutgoing",
+ "ipantsupportedencryptiontypes",
+ "ipanttrustattributes",
+ "ipanttrustauthincoming",
+ "ipanttrustauthoutgoing",
+ "ipanttrustdirection",
+ "ipanttrusteddomainsid",
+ "ipanttrustforesttrustinfo",
+ "ipanttrustpartner",
+ "ipanttrustposixoffset",
+ "ipanttrusttype",
+ "objectclass"
+ ],
+ "attribute_members": {},
+ "bindable": false,
+ "can_have_permissions": false,
+ "container_dn": "",
+ "default_attributes": [
+ "cn",
+ "ipantflatname",
+ "ipanttrusteddomainsid",
+ "ipanttrustpartner"
+ ],
+ "hidden_attributes": [
+ "objectclass",
+ "aci"
+ ],
+ "label": "Trusted domains",
+ "label_singular": "Trusted domain",
+ "methods": [
+ "add",
+ "del",
+ "disable",
+ "enable",
+ "find",
+ "mod"
+ ],
+ "name": "trustdomain",
+ "object_class": [
+ "ipaNTTrustedDomain"
+ ],
+ "object_class_config": null,
+ "object_name": "trust domain",
+ "object_name_plural": "trust domains",
+ "parent_object": "trust",
+ "primary_key": "cn",
+ "rdn_attribute": "",
+ "relationships": {
+ "member": [
+ "Member",
+ "",
+ "no_"
+ ],
+ "memberindirect": [
+ "Indirect Member",
+ null,
+ "no_indirect_"
+ ],
+ "memberof": [
+ "Member Of",
+ "in_",
+ "not_in_"
+ ],
+ "memberofindirect": [
+ "Indirect Member Of",
+ null,
+ "not_in_indirect_"
+ ]
+ },
+ "takes_params": [
+ {
+ "class": "Str",
+ "doc": "Domain name",
+ "flags": [],
+ "label": "Domain name",
+ "name": "cn",
+ "noextrawhitespace": true,
+ "primary_key": true,
+ "required": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Domain NetBIOS name",
+ "flags": [],
+ "label": "Domain NetBIOS name",
+ "name": "ipantflatname",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Domain Security Identifier",
+ "flags": [],
+ "label": "Domain Security Identifier",
+ "name": "ipanttrusteddomainsid",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "Trusted domain partner",
+ "flags": [
+ "no_display",
+ "no_option"
+ ],
+ "label": "Trusted domain partner",
+ "name": "ipanttrustpartner",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ }
+ ],
+ "uuid_attribute": ""
+ },
"user": {
"aciattrs": [
"audio",
@@ -7439,7 +8403,10 @@
"initials",
"internationalisdnnumber",
"ipasshpubkey",
+ "ipatokenradiusconfiglink",
+ "ipatokenradiususername",
"ipauniqueid",
+ "ipauserauthtype",
"jpegphoto",
"krbcanonicalname",
"krbextradata",
@@ -7494,6 +8461,7 @@
"uid",
"uidnumber",
"usercertificate",
+ "userclass",
"userpassword",
"userpkcs12",
"usersmimecertificate",
@@ -7517,6 +8485,7 @@
]
},
"bindable": true,
+ "can_have_permissions": true,
"container_dn": "cn=users,cn=accounts",
"default_attributes": [
"uid",
@@ -7532,7 +8501,11 @@
"title",
"memberof",
"nsaccountlock",
- "memberofindirect"
+ "memberofindirect",
+ "ipauserauthtype",
+ "userclass",
+ "ipatokenradiusconfiglink",
+ "ipatokenradiususername"
],
"hidden_attributes": [
"objectclass",
@@ -7734,26 +8707,22 @@
},
{
"class": "Int",
- "default": 999,
"doc": "User ID Number (system will assign one if not provided)",
"flags": [],
"label": "UID",
"maxvalue": 2147483647,
"minvalue": 1,
"name": "uidnumber",
- "required": true,
"type": "int"
},
{
"class": "Int",
- "default": 999,
"doc": "Group ID Number",
"flags": [],
"label": "GID",
"maxvalue": 2147483647,
"minvalue": 1,
"name": "gidnumber",
- "required": true,
"type": "int"
},
{
@@ -7889,10 +8858,52 @@
"name": "ipasshpubkey",
"noextrawhitespace": true,
"type": "unicode"
+ },
+ {
+ "class": "StrEnum",
+ "doc": "Types of supported user authentication",
+ "flags": [],
+ "label": "User authentication types",
+ "multivalue": true,
+ "name": "ipauserauthtype",
+ "type": "unicode",
+ "values": [
+ "password",
+ "radius",
+ "otp"
+ ]
+ },
+ {
+ "class": "Str",
+ "doc": "User category (semantics placed on this attribute are for local interpretation)",
+ "flags": [],
+ "label": "Class",
+ "multivalue": true,
+ "name": "userclass",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "RADIUS proxy configuration",
+ "flags": [],
+ "label": "RADIUS proxy configuration",
+ "name": "ipatokenradiusconfiglink",
+ "noextrawhitespace": true,
+ "type": "unicode"
+ },
+ {
+ "class": "Str",
+ "doc": "RADIUS proxy username",
+ "flags": [],
+ "label": "RADIUS proxy username",
+ "name": "ipatokenradiususername",
+ "noextrawhitespace": true,
+ "type": "unicode"
}
],
"uuid_attribute": "ipauniqueid"
}
}
}
-}
+} \ No newline at end of file
generated by cgit (git 2.34.1) at 2024-06-24 18:57:25 +0000