diff options
| author | Andrew Branson <andrew.branson@cern.ch> | 2014-07-23 11:10:10 +0200 |
|---|---|---|
| committer | Andrew Branson <andrew.branson@cern.ch> | 2014-07-23 11:11:33 +0200 |
| commit | 3a1cf227c6744c94d8620b13c1e5a430cd6895ce (patch) | |
| tree | 7bb55bf60e30e7eec3fd450385f8743549c87448 | |
| parent | 56b47f270cdd9b1177758047f154b7e21579a3be (diff) | |
OpenLDAP schema and sample conf from kernel
| -rw-r--r-- | openldap/README | 5 | ||||
| -rw-r--r-- | openldap/cristal.schema | 49 | ||||
| -rw-r--r-- | openldap/slapd.conf | 13 |
3 files changed, 67 insertions, 0 deletions
diff --git a/openldap/README b/openldap/README new file mode 100644 index 0000000..e5453ef --- /dev/null +++ b/openldap/README @@ -0,0 +1,5 @@ +cristal.schema goes in OpenLDAP/schemas, or change the include line to point to it here.
+
+edit your slapd.conf to include it.
+edit the suffix and rootdn and rootpass
+use this slapd to help you
diff --git a/openldap/cristal.schema b/openldap/cristal.schema new file mode 100644 index 0000000..2370964 --- /dev/null +++ b/openldap/cristal.schema @@ -0,0 +1,49 @@ +attributetype ( 1.3.6.1.4.1.96.64.10.1 NAME 'intsyskey'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.96.64.10.6 NAME 'ior'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.96.64.10.7 NAME 'cristalprop'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.96.64.10.10 NAME 'cristalentity' SUP top STRUCTURAL
+ MUST ( cn $ objectclass )
+ MAY ( intsyskey $ ior $ cristalprop ) )
+
+objectclass ( 1.3.6.1.4.1.96.64.10.13 NAME 'cristalcontext' SUP top STRUCTURAL
+ MUST ( cn $ objectclass )
+ MAY ( intsyskey ) )
+
+objectclass ( 1.3.6.1.4.1.96.64.10.15 NAME 'aliasObject' SUP alias STRUCTURAL
+ MUST ( cn $ objectclass $ aliasedObjectName ) )
+
+# agent
+attributetype ( 1.3.6.1.4.1.96.64.10.8 NAME 'jobList'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+ # uid must store userName if agent (for authentication to work)
+objectclass ( 1.3.6.1.4.1.96.64.10.14 NAME 'cristalagent' SUP cristalentity STRUCTURAL
+ MUST ( userPassword $ uid ) )
+
+objectclass ( 1.3.6.1.4.1.96.64.10.16 NAME 'cristalrole' SUP top STRUCTURAL
+ MUST ( cn $ objectclass )
+ MAY ( jobList $ uniqueMember ) )
+
+# old
+
+attributetype ( 1.3.6.1.4.1.96.64.10.2 NAME 'propval'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.96.64.10.11 NAME 'cristalproperty' SUP top STRUCTURAL
+ MUST ( cn $ objectclass )
+ MAY ( propval ) )
+
diff --git a/openldap/slapd.conf b/openldap/slapd.conf new file mode 100644 index 0000000..ebf42df --- /dev/null +++ b/openldap/slapd.conf @@ -0,0 +1,13 @@ +include /etc/openldap/schema/core.schema
+include cristal-kernel/bin/openldap/cristal.schema
+pidfile /var/run/slapd/slapd.pid
+argsfile /var/run/slapd/slapd.args
+
+moduleload back_bdb.la
+
+database bdb
+suffix "o=cern,c=ch"
+rootdn "cn=admin,o=cern,c=ch"
+rootpw cristal
+index objectClass eq
+index cn eq,pres,sub
|