Versions Compared

Old Version 3

changes.mady.by.user Chris Sanchez

Saved on

compared with

New Version 4

changes.mady.by.user Chris Sanchez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagetext
themeEmacs
titlesshldap-aci.ldif
collapsetrue
################################################
#	Copyright (c) 2015 zibernetics inc.
#
# This file is part of zig
#
# zig is free software: you can redistribute it and/or modify
# it under the terms of the Apache License as published by
# the Apache Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# zig is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# Apache License for more details.
#
# You should have received a copy of the Apache License
# along with zig.  If not, see <http://www.apache.org/licenses/LICENSE-2.0>.
#
################################################
dn: "${SSHLDAP_BASE_DN}"
changetype: modify
add: aci
aci: (target = "ldap:///${SSHLDAP_BASE_DN}")
    (targetattr = "isMemberOf || memberOf || sshPublicKey || inetUserStatus || pwdAccountLockedTime || ds-pwp-account-disabled")
    (version 3.0;acl "sshldap read attributes ${SSHLDAP_BASE_DN}";
        allow (search, read)(${SSHLDAP_ACI_DN_TYPE} ="ldap:///${SSHLDAP_ACI_DN}");)
dn: "${SSHLDAP_GROUPS_OPS_DN}"
changetype: modify
add: aci
aci:(target = "ldap:///${SSHLDAP_GROUPS_OPS_DN}") 
    (targetattr = "*" )
    (version 3.0; acl "sshldap administer ou=Groups"; 
        allow(all)(groupdn = "ldap:///cn=sshldap_admins,${SSHLDAP_GROUPS_OPS_DN}");)
dn: "${SSHLDAP_LAYERS_OPS_DN}"
changetype: modify
add: aci
aci:(target = "ldap:///${SSHLDAP_LAYERS_OPS_DN}") 
    (targetattr = "*" )
    (version 3.0; acl "sshldap administer ou=Layers"; 
        allow(all)(groupdn = "ldap:///cn=sshldap_admins,${SSHLDAP_GROUPS_OPS_DN}");)
dn: "${SSHLDAP_HOSTS_OPS_DN}"
changetype: modify
add: aci
aci:(target = "ldap:///${SSHLDAP_HOSTS_OPS_DN}") 
    (targetattr = "*" )
    (version 3.0; acl "sshldap administer ou=Hosts"; 
        allow(all)(groupdn = "ldap:///cn=sshldap_admins,${SSHLDAP_GROUPS_OPS_DN}");)
dn: "${SSHLDAP_SUDO_OPS_DN}"
changetype: modify
add: aci
aci:(target = "ldap:///${SSHLDAP_SUDO_OPS_DN}") 
    (targetattr = "*" )
    (version 3.0; acl "sshldap administer ou=Sudoers"; 
        allow(all)(groupdn = "ldap:///cn=sshldap_admins,${SSHLDAP_GROUPS_OPS_DN}");)
dn: "${SSHLDAP_VARS_OPS_DN}"
changetype: modify
add: aci
aci:(target = "ldap:///${SSHLDAP_VARS_OPS_DN}") 
    (targetattr = "*" )
    (version 3.0; acl "sshldap administer ou=Variables"; 
        allow(all)(groupdn = "ldap:///cn=sshldap_admins,${SSHLDAP_GROUPS_OPS_DN}");)
Code Block
languagetext
themeEmacs
titlesshldap-backend.ldif
collapsetrue
################################################
#	Copyright (c) 2015 zibernetics inc.
#
# This file is part of zig
#
# zig is free software: you can redistribute it and/or modify
# it under the terms of the Apache License as published by
# the Apache Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# zig is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# Apache License for more details.
#
# You should have received a copy of the Apache License
# along with zig.  If not, see <http://www.apache.org/licenses/LICENSE-2.0>.
#
# You must ensure that the SSHLDAP properties file is sourced and contains the following:
# SSHLDAP_SVCS_OPS_DN
# SSHLDAP_GROUPS_OPS_DN
# SSHLDAP_SVCS_OPS_DN
# SSHLDAP_BASE_OPS_DN
#
# In addition, you must ensure that 'localSvcSLPasswd' is defined
#
################################################
dn: uid=service_sshldap,"${SSHLDAP_SVCS_OPS_DN}"
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
cn: service_sshldap
sn: service_sshldap
uid: service_sshldap
userPassword: "${localSvcSLPasswd}"
dn: cn=sshldap_admins,"${SSHLDAP_GROUPS_OPS_DN}"
objectClass: top
objectClass: groupOfUniqueNames
objectClass: posixGroup
cn: sshldap_admins
uniqueMember: uid=service_sshldap,"${SSHLDAP_SVCS_OPS_DN}"
gidNumber: $((SSHLDAP_POSIX_GUID_UPPER-1))
dn: "${SSHLDAP_HOSTS_OPS_DN}"
objectClass: top
objectClass: organizationalUnit
ou: Hosts
dn: "${SSHLDAP_LAYERS_OPS_DN}"
objectClass: top
objectClass: organizationalUnit
ou: Layers
dn: "${SSHLDAP_SUDO_OPS_DN}"
objectClass: top
objectClass: organizationalUnit
ou: Sudoers
dn: "${SSHLDAP_VARS_OPS_DN}"
objectClass: top
objectClass: organizationalUnit
ou: Variables
################################################
#
#   Variables
#
################################################
dn: cn=posixAccount_idx,"${SSHLDAP_VARS_OPS_DN}"
objectClass: top
objectClass: posixGroup
cn: posixAccount_idx
gidNumber: ${SSHLDAP_POSIX_GUID_UPPER}
ou: Variable
dn: cn=posixGroup_idx,"${SSHLDAP_VARS_OPS_DN}"
objectClass: top
objectClass: posixGroup
cn: posixGroup_idx
gidNumber: ${SSHLDAP_POSIX_UID_UPPER}
ou: Variable

...