|
 |
47c2e9 |
From 826a1bb4ea88915ac492828d1cc4a901623f7866 Mon Sep 17 00:00:00 2001
|
|
|
47c2e9 |
From: William Brown <william@blackhats.net.au>
|
|
|
47c2e9 |
Date: Thu, 14 May 2020 14:31:47 +1000
|
|
|
47c2e9 |
Subject: [PATCH 1/2] Ticket 50933 - Update 2307compat.ldif
|
|
|
47c2e9 |
|
|
|
47c2e9 |
Bug Description: This resolves a potential conflict between 60nis.ldif
|
|
|
47c2e9 |
in freeipa and others with 2307compat, by removing the conflicting
|
|
|
47c2e9 |
definitions from 2307bis that were included.
|
|
|
47c2e9 |
|
|
|
47c2e9 |
Fix Description: By not including these in 2307compat, this means that
|
|
|
47c2e9 |
sites that rely on the values provided by 2307bis may ALSO need
|
|
|
47c2e9 |
60nis.ldif to be present. However, these nis values seem like they are
|
|
|
47c2e9 |
likely very rare in reality, and this also will avoid potential
|
|
|
47c2e9 |
issues with freeipa. It also is the least disruptive as we don't need
|
|
|
47c2e9 |
to change an already defined file, and we don't have values where the name
|
|
|
47c2e9 |
to oid relationship changes.
|
|
|
47c2e9 |
|
|
|
47c2e9 |
Fixes: #50933
|
|
|
47c2e9 |
https://pagure.io/389-ds-base/issue/50933
|
|
|
47c2e9 |
|
|
|
47c2e9 |
Author: William Brown <william@blackhats.net.au>
|
|
|
47c2e9 |
|
|
|
47c2e9 |
Review by: tbordaz (Thanks!)
|
|
|
47c2e9 |
---
|
|
|
47c2e9 |
ldap/schema/10rfc2307compat.ldif | 66 --------------------------------
|
|
|
47c2e9 |
ldap/schema/60autofs.ldif | 39 ++++++++++++-------
|
|
|
47c2e9 |
2 files changed, 26 insertions(+), 79 deletions(-)
|
|
|
47c2e9 |
|
|
|
47c2e9 |
diff --git a/ldap/schema/10rfc2307compat.ldif b/ldap/schema/10rfc2307compat.ldif
|
|
|
47c2e9 |
index 8810231ac..78c588d08 100644
|
|
|
47c2e9 |
--- a/ldap/schema/10rfc2307compat.ldif
|
|
|
47c2e9 |
+++ b/ldap/schema/10rfc2307compat.ldif
|
|
|
47c2e9 |
@@ -176,50 +176,6 @@ attributeTypes: (
|
|
|
47c2e9 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
|
47c2e9 |
SINGLE-VALUE
|
|
|
47c2e9 |
)
|
|
|
47c2e9 |
-attributeTypes: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
|
|
|
47c2e9 |
- DESC 'NIS public key'
|
|
|
47c2e9 |
- EQUALITY octetStringMatch
|
|
|
47c2e9 |
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
|
|
|
47c2e9 |
- SINGLE-VALUE
|
|
|
47c2e9 |
- )
|
|
|
47c2e9 |
-attributeTypes: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
|
|
|
47c2e9 |
- DESC 'NIS secret key'
|
|
|
47c2e9 |
- EQUALITY octetStringMatch
|
|
|
47c2e9 |
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
|
|
|
47c2e9 |
- SINGLE-VALUE
|
|
|
47c2e9 |
- )
|
|
|
47c2e9 |
-attributeTypes: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.1.30 NAME 'nisDomain'
|
|
|
47c2e9 |
- DESC 'NIS domain'
|
|
|
47c2e9 |
- EQUALITY caseIgnoreIA5Match
|
|
|
47c2e9 |
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
|
47c2e9 |
- )
|
|
|
47c2e9 |
-attributeTypes: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.1.31 NAME 'automountMapName'
|
|
|
47c2e9 |
- DESC 'automount Map Name'
|
|
|
47c2e9 |
- EQUALITY caseExactIA5Match
|
|
|
47c2e9 |
- SUBSTR caseExactIA5SubstringsMatch
|
|
|
47c2e9 |
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
|
47c2e9 |
- SINGLE-VALUE
|
|
|
47c2e9 |
- )
|
|
|
47c2e9 |
-attributeTypes: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.1.32 NAME 'automountKey'
|
|
|
47c2e9 |
- DESC 'Automount Key value'
|
|
|
47c2e9 |
- EQUALITY caseExactIA5Match
|
|
|
47c2e9 |
- SUBSTR caseExactIA5SubstringsMatch
|
|
|
47c2e9 |
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
|
47c2e9 |
- SINGLE-VALUE
|
|
|
47c2e9 |
- )
|
|
|
47c2e9 |
-attributeTypes: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.1.33 NAME 'automountInformation'
|
|
|
47c2e9 |
- DESC 'Automount information'
|
|
|
47c2e9 |
- EQUALITY caseExactIA5Match
|
|
|
47c2e9 |
- SUBSTR caseExactIA5SubstringsMatch
|
|
|
47c2e9 |
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
|
47c2e9 |
- SINGLE-VALUE
|
|
|
47c2e9 |
- )
|
|
|
47c2e9 |
# end of attribute types - beginning of objectclasses
|
|
|
47c2e9 |
objectClasses: (
|
|
|
47c2e9 |
1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
|
|
|
47c2e9 |
@@ -324,28 +280,6 @@ objectClasses: (
|
|
|
47c2e9 |
seeAlso $ serialNumber'
|
|
|
47c2e9 |
MAY ( bootFile $ bootParameter $ cn $ description $ l $ o $ ou $ owner $ seeAlso $ serialNumber )
|
|
|
47c2e9 |
)
|
|
|
47c2e9 |
-objectClasses: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
|
|
|
47c2e9 |
- DESC 'An object with a public and secret key'
|
|
|
47c2e9 |
- MUST ( cn $ nisPublicKey $ nisSecretKey )
|
|
|
47c2e9 |
- MAY ( uidNumber $ description )
|
|
|
47c2e9 |
- )
|
|
|
47c2e9 |
-objectClasses: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
|
|
|
47c2e9 |
- DESC 'Associates a NIS domain with a naming context'
|
|
|
47c2e9 |
- MUST nisDomain
|
|
|
47c2e9 |
- )
|
|
|
47c2e9 |
-objectClasses: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
|
|
|
47c2e9 |
- MUST ( automountMapName )
|
|
|
47c2e9 |
- MAY description
|
|
|
47c2e9 |
- )
|
|
|
47c2e9 |
-objectClasses: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
|
|
|
47c2e9 |
- DESC 'Automount information'
|
|
|
47c2e9 |
- MUST ( automountKey $ automountInformation )
|
|
|
47c2e9 |
- MAY description
|
|
|
47c2e9 |
- )
|
|
|
47c2e9 |
## namedObject is needed for groups without members
|
|
|
47c2e9 |
objectClasses: (
|
|
|
47c2e9 |
1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top STRUCTURAL
|
|
|
47c2e9 |
diff --git a/ldap/schema/60autofs.ldif b/ldap/schema/60autofs.ldif
|
|
|
47c2e9 |
index 084e9ec30..de3922aa2 100644
|
|
|
47c2e9 |
--- a/ldap/schema/60autofs.ldif
|
|
|
47c2e9 |
+++ b/ldap/schema/60autofs.ldif
|
|
|
47c2e9 |
@@ -6,7 +6,23 @@ dn: cn=schema
|
|
|
47c2e9 |
################################################################################
|
|
|
47c2e9 |
#
|
|
|
47c2e9 |
attributeTypes: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.1.33
|
|
|
47c2e9 |
+ 1.3.6.1.1.1.1.31 NAME 'automountMapName'
|
|
|
47c2e9 |
+ DESC 'automount Map Name'
|
|
|
47c2e9 |
+ EQUALITY caseExactIA5Match
|
|
|
47c2e9 |
+ SUBSTR caseExactIA5SubstringsMatch
|
|
|
47c2e9 |
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
|
47c2e9 |
+ SINGLE-VALUE
|
|
|
47c2e9 |
+ )
|
|
|
47c2e9 |
+attributeTypes: (
|
|
|
47c2e9 |
+ 1.3.6.1.1.1.1.32 NAME 'automountKey'
|
|
|
47c2e9 |
+ DESC 'Automount Key value'
|
|
|
47c2e9 |
+ EQUALITY caseExactIA5Match
|
|
|
47c2e9 |
+ SUBSTR caseExactIA5SubstringsMatch
|
|
|
47c2e9 |
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
|
47c2e9 |
+ SINGLE-VALUE
|
|
|
47c2e9 |
+ )
|
|
|
47c2e9 |
+attributeTypes: (
|
|
|
47c2e9 |
+ 1.3.6.1.1.1.1.33
|
|
|
47c2e9 |
NAME 'automountInformation'
|
|
|
47c2e9 |
DESC 'Information used by the autofs automounter'
|
|
|
47c2e9 |
EQUALITY caseExactIA5Match
|
|
|
47c2e9 |
@@ -18,25 +34,22 @@ attributeTypes: (
|
|
|
47c2e9 |
################################################################################
|
|
|
47c2e9 |
#
|
|
|
47c2e9 |
objectClasses: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.2.17
|
|
|
47c2e9 |
- NAME 'automount'
|
|
|
47c2e9 |
- DESC 'An entry in an automounter map'
|
|
|
47c2e9 |
+ 1.3.6.1.1.1.2.16
|
|
|
47c2e9 |
+ NAME 'automountMap'
|
|
|
47c2e9 |
+ DESC 'An group of related automount objects'
|
|
|
47c2e9 |
SUP top
|
|
|
47c2e9 |
STRUCTURAL
|
|
|
47c2e9 |
- MUST ( cn $ automountInformation )
|
|
|
47c2e9 |
- MAY ( description )
|
|
|
47c2e9 |
+ MAY ( ou $ automountMapName $ description )
|
|
|
47c2e9 |
X-ORIGIN 'draft-howard-rfc2307bis'
|
|
|
47c2e9 |
)
|
|
|
47c2e9 |
-#
|
|
|
47c2e9 |
-################################################################################
|
|
|
47c2e9 |
-#
|
|
|
47c2e9 |
objectClasses: (
|
|
|
47c2e9 |
- 1.3.6.1.1.1.2.16
|
|
|
47c2e9 |
- NAME 'automountMap'
|
|
|
47c2e9 |
- DESC 'An group of related automount objects'
|
|
|
47c2e9 |
+ 1.3.6.1.1.1.2.17
|
|
|
47c2e9 |
+ NAME 'automount'
|
|
|
47c2e9 |
+ DESC 'An entry in an automounter map'
|
|
|
47c2e9 |
SUP top
|
|
|
47c2e9 |
STRUCTURAL
|
|
|
47c2e9 |
- MUST ( ou )
|
|
|
47c2e9 |
+ MUST ( automountInformation )
|
|
|
47c2e9 |
+ MAY ( cn $ description $ automountKey )
|
|
|
47c2e9 |
X-ORIGIN 'draft-howard-rfc2307bis'
|
|
|
47c2e9 |
)
|
|
|
47c2e9 |
#
|
|
|
47c2e9 |
--
|
|
|
47c2e9 |
2.26.2
|
|
|
47c2e9 |
|