From 826a1bb4ea88915ac492828d1cc4a901623f7866 Mon Sep 17 00:00:00 2001

From: William Brown <william@blackhats.net.au>

Date: Thu, 14 May 2020 14:31:47 +1000

Subject: [PATCH 1/2] Ticket 50933 - Update 2307compat.ldif

Bug Description: This resolves a potential conflict between 60nis.ldif

in freeipa and others with 2307compat, by removing the conflicting

definitions from 2307bis that were included.

Fix Description: By not including these in 2307compat, this means that

sites that rely on the values provided by 2307bis may ALSO need

60nis.ldif to be present. However, these nis values seem like they are

likely very rare in reality, and this also will avoid potential

issues with freeipa. It also is the least disruptive as we don't need

to change an already defined file, and we don't have values where the name

to oid relationship changes.

Fixes: #50933

https://pagure.io/389-ds-base/issue/50933

Author: William Brown <william@blackhats.net.au>

Review by: tbordaz (Thanks!)

---

 ldap/schema/10rfc2307compat.ldif | 66 --------------------------------

 ldap/schema/60autofs.ldif        | 39 ++++++++++++-------

 2 files changed, 26 insertions(+), 79 deletions(-)

diff --git a/ldap/schema/10rfc2307compat.ldif b/ldap/schema/10rfc2307compat.ldif

index 8810231ac..78c588d08 100644

--- a/ldap/schema/10rfc2307compat.ldif

+++ b/ldap/schema/10rfc2307compat.ldif

@@ -176,50 +176,6 @@ attributeTypes: (

   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26

   SINGLE-VALUE

   )

-attributeTypes: (

-  1.3.6.1.1.1.1.28 NAME 'nisPublicKey'

-  DESC 'NIS public key'

-  EQUALITY octetStringMatch

-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40

-  SINGLE-VALUE

-  )

-attributeTypes: (

-  1.3.6.1.1.1.1.29 NAME 'nisSecretKey'

-  DESC 'NIS secret key'

-  EQUALITY octetStringMatch

-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40

-  SINGLE-VALUE

-  )

-attributeTypes: (

-  1.3.6.1.1.1.1.30 NAME 'nisDomain'

-  DESC 'NIS domain'

-  EQUALITY caseIgnoreIA5Match

-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26

-  )

-attributeTypes: (

-  1.3.6.1.1.1.1.31 NAME 'automountMapName'

-  DESC 'automount Map Name'

-  EQUALITY caseExactIA5Match

-  SUBSTR caseExactIA5SubstringsMatch

-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26

-  SINGLE-VALUE

-  )

-attributeTypes: (

-  1.3.6.1.1.1.1.32 NAME 'automountKey'

-  DESC 'Automount Key value'

-  EQUALITY caseExactIA5Match

-  SUBSTR caseExactIA5SubstringsMatch

-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26

-  SINGLE-VALUE

-  )

-attributeTypes: (

-  1.3.6.1.1.1.1.33 NAME 'automountInformation'

-  DESC 'Automount information'

-  EQUALITY caseExactIA5Match

-  SUBSTR caseExactIA5SubstringsMatch

-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26

-  SINGLE-VALUE

-  )

 # end of attribute types - beginning of objectclasses

 objectClasses: (

   1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY

@@ -324,28 +280,6 @@ objectClasses: (

         seeAlso $ serialNumber'

   MAY ( bootFile $ bootParameter $ cn $ description $ l $ o $ ou $ owner $ seeAlso $ serialNumber )

   )

-objectClasses: (

-  1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY

-  DESC 'An object with a public and secret key'

-  MUST ( cn $ nisPublicKey $ nisSecretKey )

-  MAY ( uidNumber $ description )

-  )

-objectClasses: (

-  1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY

-  DESC 'Associates a NIS domain with a naming context'

-  MUST nisDomain

-  )

-objectClasses: (

-  1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL

-  MUST ( automountMapName )

-  MAY description

-  )

-objectClasses: (

-  1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL

-  DESC 'Automount information'

-  MUST ( automountKey $ automountInformation )

-  MAY description

-  )

 ## namedObject is needed for groups without members

 objectClasses: (

   1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top STRUCTURAL

diff --git a/ldap/schema/60autofs.ldif b/ldap/schema/60autofs.ldif

index 084e9ec30..de3922aa2 100644

--- a/ldap/schema/60autofs.ldif

+++ b/ldap/schema/60autofs.ldif

@@ -6,7 +6,23 @@ dn: cn=schema

 ################################################################################

 #

 attributeTypes: (

-  1.3.6.1.1.1.1.33 

+  1.3.6.1.1.1.1.31 NAME 'automountMapName'

+  DESC 'automount Map Name'

+  EQUALITY caseExactIA5Match

+  SUBSTR caseExactIA5SubstringsMatch

+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26

+  SINGLE-VALUE

+  )

+attributeTypes: (

+  1.3.6.1.1.1.1.32 NAME 'automountKey'

+  DESC 'Automount Key value'

+  EQUALITY caseExactIA5Match

+  SUBSTR caseExactIA5SubstringsMatch

+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26

+  SINGLE-VALUE

+  )

+attributeTypes: (

+  1.3.6.1.1.1.1.33

   NAME 'automountInformation'

   DESC 'Information used by the autofs automounter'

   EQUALITY caseExactIA5Match

@@ -18,25 +34,22 @@ attributeTypes: (

 ################################################################################

 #

 objectClasses: (

-  1.3.6.1.1.1.2.17

-  NAME 'automount'

-  DESC 'An entry in an automounter map'

+  1.3.6.1.1.1.2.16

+  NAME 'automountMap'

+  DESC 'An group of related automount objects'

   SUP top

   STRUCTURAL

-  MUST ( cn $ automountInformation )

-  MAY ( description )

+  MAY ( ou $ automountMapName $ description )

   X-ORIGIN 'draft-howard-rfc2307bis'

   )

-#

-################################################################################

-#

 objectClasses: (

-  1.3.6.1.1.1.2.16

-  NAME 'automountMap'

-  DESC 'An group of related automount objects'

+  1.3.6.1.1.1.2.17

+  NAME 'automount'

+  DESC 'An entry in an automounter map'

   SUP top

   STRUCTURAL

-  MUST ( ou )

+  MUST ( automountInformation )

+  MAY ( cn $ description $ automountKey )

   X-ORIGIN 'draft-howard-rfc2307bis'

   )

 #

-- 

2.26.2