diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-03 00:03:24 -0500 |
|---|---|---|
| committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-03 00:03:24 -0500 |
| commit | c39d52d4c9425c45394105bebdd6f2fac29569ee (patch) | |
| tree | e83eeaf9efbb96e9341cc40137830a0b720814b4 /confskel | |
| parent | b6e7d7b5155c2aee53b9ec2306a4400acc7c325f (diff) | |
| download | kcmldapcontroller-c39d52d4c9425c45394105bebdd6f2fac29569ee.tar.gz kcmldapcontroller-c39d52d4c9425c45394105bebdd6f2fac29569ee.zip | |
Realm is now almost fully online
Diffstat (limited to 'confskel')
| -rw-r--r-- | confskel/openldap/ldap/slapd.conf | 1 | ||||
| -rw-r--r-- | confskel/openldap/ldif/olcDatabase.ldif | 3 | ||||
| -rw-r--r-- | confskel/openldap/skel.ldif | 31 |
3 files changed, 32 insertions, 3 deletions
diff --git a/confskel/openldap/ldap/slapd.conf b/confskel/openldap/ldap/slapd.conf index 35e8bf2..3dce739 100644 --- a/confskel/openldap/ldap/slapd.conf +++ b/confskel/openldap/ldap/slapd.conf @@ -87,6 +87,7 @@ authz-regexp "gidNumber=.*+uidNumber=0,cn=peercred,cn=external,cn=auth" "uid=@@@ # access to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags by dn="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write + by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write by sockurl.regex="^ldapi:///$" write by anonymous auth by self write diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif index db82473..90e841b 100644 --- a/confskel/openldap/ldif/olcDatabase.ldif +++ b/confskel/openldap/ldif/olcDatabase.ldif @@ -11,7 +11,8 @@ olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm ,@@@REALM_DCNAME@@@" write by sockurl.regex="^ldapi:///$" write by dynacl/ac - i write + i write by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou + =core,ou=realm,@@@REALM_DCNAME@@@" write olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 diff --git a/confskel/openldap/skel.ldif b/confskel/openldap/skel.ldif index 2ed6f73..da66b0a 100644 --- a/confskel/openldap/skel.ldif +++ b/confskel/openldap/skel.ldif @@ -122,11 +122,38 @@ modifyTimestamp: @@@TIMESTAMP@@@Z dn: cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ cn: @@@ADMINGROUP@@@ +description: Realm Administrators emsdescription: Group emsplugins: PosixGroup emsplugins: KerberosGroup emstype: GroupEntry -gidNumber: 999 +gidNumber: 900 +objectClass: groupOfNames +objectClass: emsGroup +objectClass: posixGroup +objectClass: tdeAccountObject +emsmodules: kerberos +emsmodules: posix +member: cn=placeholder,@@@REALM_DCNAME@@@ +member: uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@ +memberUid: @@@ADMINUSER@@@ +tdeBuiltinAccount: TRUE +emsmodelclass: EMSGroup +structuralObjectClass: groupOfNames +creatorsName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +createTimestamp: @@@TIMESTAMP@@@Z +entryCSN: @@@TIMESTAMP@@@.000000Z#000000#000#000000 +modifiersName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +modifyTimestamp: @@@TIMESTAMP@@@Z + +dn: cn=@@@LOCALADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ +cn: @@@LOCALADMINGROUP@@@ +description: Machine Administrators +emsdescription: Group +emsplugins: PosixGroup +emsplugins: KerberosGroup +emstype: GroupEntry +gidNumber: 901 objectClass: groupOfNames objectClass: emsGroup objectClass: posixGroup @@ -166,7 +193,7 @@ cn: Realm Administrator emsdescription: Admin User Entry emsprimarygroupdn: cn=@@@ADMINUSER@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ emstype: UserEntry -gidNumber: 999 +gidNumber: 900 givenName: Realm homeDirectory: /home/@@@ADMINUSER@@@ krb5KDCFlags: 586 |