From 826a1bb4ea88915ac492828d1cc4a901623f7866 Mon Sep 17 00:00:00 2001
From: William Brown <william@blackhats.net.au>
Date: Thu, 14 May 2020 14:31:47 +1000
Subject: [PATCH 1/2] Ticket 50933 - Update 2307compat.ldif

Bug Description: This resolves a potential conflict between 60nis.ldif
in freeipa and others with 2307compat, by removing the conflicting
definitions from 2307bis that were included.

Fix Description: By not including these in 2307compat, this means that
sites that rely on the values provided by 2307bis may ALSO need
60nis.ldif to be present. However, these nis values seem like they are
likely very rare in reality, and this also will avoid potential
issues with freeipa. It also is the least disruptive as we don't need
to change an already defined file, and we don't have values where the name
to oid relationship changes.

Fixes: #50933
https://pagure.io/389-ds-base/issue/50933

Author: William Brown <william@blackhats.net.au>

Review by: tbordaz (Thanks!)
---
 ldap/schema/10rfc2307compat.ldif | 66 --------------------------------
 ldap/schema/60autofs.ldif        | 39 ++++++++++++-------
 2 files changed, 26 insertions(+), 79 deletions(-)

diff --git a/ldap/schema/10rfc2307compat.ldif b/ldap/schema/10rfc2307compat.ldif
index 8810231ac..78c588d08 100644
--- a/ldap/schema/10rfc2307compat.ldif
+++ b/ldap/schema/10rfc2307compat.ldif
@@ -176,50 +176,6 @@ attributeTypes: (
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   SINGLE-VALUE
   )
-attributeTypes: (
-  1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
-  DESC 'NIS public key'
-  EQUALITY octetStringMatch
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-  SINGLE-VALUE
-  )
-attributeTypes: (
-  1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
-  DESC 'NIS secret key'
-  EQUALITY octetStringMatch
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-  SINGLE-VALUE
-  )
-attributeTypes: (
-  1.3.6.1.1.1.1.30 NAME 'nisDomain'
-  DESC 'NIS domain'
-  EQUALITY caseIgnoreIA5Match
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-  )
-attributeTypes: (
-  1.3.6.1.1.1.1.31 NAME 'automountMapName'
-  DESC 'automount Map Name'
-  EQUALITY caseExactIA5Match
-  SUBSTR caseExactIA5SubstringsMatch
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-  SINGLE-VALUE
-  )
-attributeTypes: (
-  1.3.6.1.1.1.1.32 NAME 'automountKey'
-  DESC 'Automount Key value'
-  EQUALITY caseExactIA5Match
-  SUBSTR caseExactIA5SubstringsMatch
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-  SINGLE-VALUE
-  )
-attributeTypes: (
-  1.3.6.1.1.1.1.33 NAME 'automountInformation'
-  DESC 'Automount information'
-  EQUALITY caseExactIA5Match
-  SUBSTR caseExactIA5SubstringsMatch
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-  SINGLE-VALUE
-  )
 # end of attribute types - beginning of objectclasses
 objectClasses: (
   1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
@@ -324,28 +280,6 @@ objectClasses: (
         seeAlso $ serialNumber'
   MAY ( bootFile $ bootParameter $ cn $ description $ l $ o $ ou $ owner $ seeAlso $ serialNumber )
   )
-objectClasses: (
-  1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
-  DESC 'An object with a public and secret key'
-  MUST ( cn $ nisPublicKey $ nisSecretKey )
-  MAY ( uidNumber $ description )
-  )
-objectClasses: (
-  1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
-  DESC 'Associates a NIS domain with a naming context'
-  MUST nisDomain
-  )
-objectClasses: (
-  1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
-  MUST ( automountMapName )
-  MAY description
-  )
-objectClasses: (
-  1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
-  DESC 'Automount information'
-  MUST ( automountKey $ automountInformation )
-  MAY description
-  )
 ## namedObject is needed for groups without members
 objectClasses: (
   1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top STRUCTURAL
diff --git a/ldap/schema/60autofs.ldif b/ldap/schema/60autofs.ldif
index 084e9ec30..de3922aa2 100644
--- a/ldap/schema/60autofs.ldif
+++ b/ldap/schema/60autofs.ldif
@@ -6,7 +6,23 @@ dn: cn=schema
 ################################################################################
 #
 attributeTypes: (
-  1.3.6.1.1.1.1.33 
+  1.3.6.1.1.1.1.31 NAME 'automountMapName'
+  DESC 'automount Map Name'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE
+  )
+attributeTypes: (
+  1.3.6.1.1.1.1.32 NAME 'automountKey'
+  DESC 'Automount Key value'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE
+  )
+attributeTypes: (
+  1.3.6.1.1.1.1.33
   NAME 'automountInformation'
   DESC 'Information used by the autofs automounter'
   EQUALITY caseExactIA5Match
@@ -18,25 +34,22 @@ attributeTypes: (
 ################################################################################
 #
 objectClasses: (
-  1.3.6.1.1.1.2.17
-  NAME 'automount'
-  DESC 'An entry in an automounter map'
+  1.3.6.1.1.1.2.16
+  NAME 'automountMap'
+  DESC 'An group of related automount objects'
   SUP top
   STRUCTURAL
-  MUST ( cn $ automountInformation )
-  MAY ( description )
+  MAY ( ou $ automountMapName $ description )
   X-ORIGIN 'draft-howard-rfc2307bis'
   )
-#
-################################################################################
-#
 objectClasses: (
-  1.3.6.1.1.1.2.16
-  NAME 'automountMap'
-  DESC 'An group of related automount objects'
+  1.3.6.1.1.1.2.17
+  NAME 'automount'
+  DESC 'An entry in an automounter map'
   SUP top
   STRUCTURAL
-  MUST ( ou )
+  MUST ( automountInformation )
+  MAY ( cn $ description $ automountKey )
   X-ORIGIN 'draft-howard-rfc2307bis'
   )
 #
-- 
2.26.2