From c39d52d4c9425c45394105bebdd6f2fac29569ee Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Sun, 3 Jun 2012 00:03:24 -0500 Subject: Realm is now almost fully online --- confskel/openldap/ldap/slapd.conf | 1 + confskel/openldap/ldif/olcDatabase.ldif | 3 ++- confskel/openldap/skel.ldif | 31 +++++++++++++++++++++++++++++-- 3 files changed, 32 insertions(+), 3 deletions(-) (limited to 'confskel') diff --git a/confskel/openldap/ldap/slapd.conf b/confskel/openldap/ldap/slapd.conf index 35e8bf2..3dce739 100644 --- a/confskel/openldap/ldap/slapd.conf +++ b/confskel/openldap/ldap/slapd.conf @@ -87,6 +87,7 @@ authz-regexp "gidNumber=.*+uidNumber=0,cn=peercred,cn=external,cn=auth" "uid=@@@ # access to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags by dn="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write + by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write by sockurl.regex="^ldapi:///$" write by anonymous auth by self write diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif index db82473..90e841b 100644 --- a/confskel/openldap/ldif/olcDatabase.ldif +++ b/confskel/openldap/ldif/olcDatabase.ldif @@ -11,7 +11,8 @@ olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm ,@@@REALM_DCNAME@@@" write by sockurl.regex="^ldapi:///$" write by dynacl/ac - i write + i write by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou + =core,ou=realm,@@@REALM_DCNAME@@@" write olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 diff --git a/confskel/openldap/skel.ldif b/confskel/openldap/skel.ldif index 2ed6f73..da66b0a 100644 --- a/confskel/openldap/skel.ldif +++ b/confskel/openldap/skel.ldif @@ -122,11 +122,38 @@ modifyTimestamp: @@@TIMESTAMP@@@Z dn: cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ cn: @@@ADMINGROUP@@@ +description: Realm Administrators emsdescription: Group emsplugins: PosixGroup emsplugins: KerberosGroup emstype: GroupEntry -gidNumber: 999 +gidNumber: 900 +objectClass: groupOfNames +objectClass: emsGroup +objectClass: posixGroup +objectClass: tdeAccountObject +emsmodules: kerberos +emsmodules: posix +member: cn=placeholder,@@@REALM_DCNAME@@@ +member: uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@ +memberUid: @@@ADMINUSER@@@ +tdeBuiltinAccount: TRUE +emsmodelclass: EMSGroup +structuralObjectClass: groupOfNames +creatorsName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +createTimestamp: @@@TIMESTAMP@@@Z +entryCSN: @@@TIMESTAMP@@@.000000Z#000000#000#000000 +modifiersName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +modifyTimestamp: @@@TIMESTAMP@@@Z + +dn: cn=@@@LOCALADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ +cn: @@@LOCALADMINGROUP@@@ +description: Machine Administrators +emsdescription: Group +emsplugins: PosixGroup +emsplugins: KerberosGroup +emstype: GroupEntry +gidNumber: 901 objectClass: groupOfNames objectClass: emsGroup objectClass: posixGroup @@ -166,7 +193,7 @@ cn: Realm Administrator emsdescription: Admin User Entry emsprimarygroupdn: cn=@@@ADMINUSER@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ emstype: UserEntry -gidNumber: 999 +gidNumber: 900 givenName: Realm homeDirectory: /home/@@@ADMINUSER@@@ krb5KDCFlags: 586 -- cgit v1.2.3