diff options
| author | Timothy Pearson <[email protected]> | 2015-09-03 05:03:36 +0000 |
|---|---|---|
| committer | Timothy Pearson <[email protected]> | 2015-09-03 05:03:36 +0000 |
| commit | d21c8923134c61fc9312767cedd76f67898a33e8 (patch) | |
| tree | 14446f90d1673da1ab31edefc7f9a4f5ecf964be /confskel/openldap | |
| parent | 75a61a29a31f0dcfceeb964204b50ea00dbc2d58 (diff) | |
| download | kcmldapcontroller-d21c8923134c61fc9312767cedd76f67898a33e8.tar.gz kcmldapcontroller-d21c8923134c61fc9312767cedd76f67898a33e8.zip | |
Add CRL support
Diffstat (limited to 'confskel/openldap')
| -rw-r--r-- | confskel/openldap/ldif/olcDatabase.ldif | 2 | ||||
| -rw-r--r-- | confskel/openldap/ldif/tde-core.ldif | 7 |
2 files changed, 6 insertions, 3 deletions
diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif index 12ee550..29b107d 100644 --- a/confskel/openldap/ldif/olcDatabase.ldif +++ b/confskel/openldap/ldif/olcDatabase.ldif @@ -4,7 +4,7 @@ objectClass: olcHdbConfig olcDatabase: {@@@LDIFSCHEMANUMBER@@@}hdb olcDbDirectory: /var/lib/ldap olcSuffix: @@@REALM_DCNAME@@@ -olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,privateRootCertificateKey +olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,privateRootCertificateKey,pkiCertificate by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" by sockurl.regex="^ldapi:///$" write diff --git a/confskel/openldap/ldif/tde-core.ldif b/confskel/openldap/ldif/tde-core.ldif index 8a72c00..d2647c6 100644 --- a/confskel/openldap/ldif/tde-core.ldif +++ b/confskel/openldap/ldif/tde-core.ldif @@ -26,10 +26,13 @@ olcAttributeTypes: {17} ( 1.3.6.1.4.1.40364.1.1.18 NAME 'builtinMachineAdminGrou olcAttributeTypes: {18} ( 1.3.6.1.4.1.40364.1.1.19 NAME 'builtinStandardUserGroup' DESC 'Built-in standard user group distinguished name' SUP name ) # Used for storing certificate management settings olcAttributeTypes: {19} ( 1.3.6.1.4.1.40364.1.1.20 NAME 'publicRootCertificateOriginServer' DESC 'Certificate authority root certificate origin server' SUP name ) +# Used for storing PKI user certificates and certificate status +olcAttributeTypes: {20} ( 1.3.6.1.4.1.40364.1.1.21 NAME 'pkiCertificate' DESC 'User PKI certificate and status encoded with text mode TQDataStream TQPair<uint32_t, TQByteArray>' SUP name ) +olcAttributeTypes: {21} ( 1.3.6.1.4.1.40364.1.1.22 NAME 'publicRootCertificateRevocationList' DESC 'Certificate authority root certificate revocation list' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE ) olcObjectClasses: {0} ( 1.3.6.1.4.1.40364.1.2.1 NAME 'tdeExtendedUserData' SUP top AUXILIARY MAY ( website URL $ managerName $ secretaryName $ teletexId $ preferredDelivery $ locallyUniqueID $ notes $ pwdLastSet $ badPwdCount $ badPasswordTime $ lastLogon $ lastLogoff ) ) -olcObjectClasses: {1} ( 1.3.6.1.4.1.40364.1.2.2 NAME 'tdeAccountObject' SUP top AUXILIARY MAY tdeBuiltinAccount ) -olcObjectClasses: {2} ( 1.3.6.1.4.1.40364.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate $ privateRootCertificateKey $ publicRootCertificateOriginServer ) ) +olcObjectClasses: {1} ( 1.3.6.1.4.1.40364.1.2.2 NAME 'tdeAccountObject' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ pkiCertificate ) ) +olcObjectClasses: {2} ( 1.3.6.1.4.1.40364.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate $ privateRootCertificateKey $ publicRootCertificateRevocationList $ publicRootCertificateOriginServer ) ) olcObjectClasses: {3} ( 1.3.6.1.4.1.40364.1.2.4 NAME 'tdeBuiltinStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ builtinRealmAdminAccount $ builtinRealmAdminGroup $ builtinMachineAdminGroup $ builtinStandardUserGroup ) ) structuralObjectClass: olcSchemaConfig creatorsName: cn=config |