[Fedora-directory-commits] adminserver/admserv/schema/ldif 12dsconfig.mod.tmpl, NONE, 1.1 13dsschema.mod.tmpl, NONE, 1.1 00nsroot_backend.ldif.tmpl, 1.2, 1.3 01nsroot.ldif.tmpl, 1.2, 1.3 02globalpreferences.ldif.tmpl, 1.1, 1.2 10dsdata.ldif.tmpl, 1.3, 1.4 11dstasks.ldif.tmpl, 1.1, 1.2 20asdata.ldif.tmpl, 1.2, 1.3 21astasks.ldif.tmpl, 1.2, 1.3 22ascommands.ldif.tmpl, 1.1, 1.2
Noriko Hosoi (nhosoi)
fedora-directory-commits at redhat.com
Wed Jun 20 23:50:14 UTC 2007
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/schema/ldif
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3584
Modified Files:
00nsroot_backend.ldif.tmpl 01nsroot.ldif.tmpl
02globalpreferences.ldif.tmpl 10dsdata.ldif.tmpl
11dstasks.ldif.tmpl 20asdata.ldif.tmpl 21astasks.ldif.tmpl
22ascommands.ldif.tmpl
Added Files:
12dsconfig.mod.tmpl 13dsschema.mod.tmpl
Log Message:
Resolves: #244749
Summary: Configure Pass Thru Auth (comment #4)
Description:
1) adding ACIs to o=netscaperoot, cn=config, and cn=schema to allow the Admin
CGIs/Console to access the server configuration info.
2) adding copyright notes.
--- NEW FILE 12dsconfig.mod.tmpl ---
# BEGIN COPYRIGHT BLOCK
# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# END COPYRIGHT BLOCK
dn: cn=config
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot";)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
dn: cn=SNMP,cn=config
changetype: modify
add: aci
aci: (target="ldap:///cn=SNMP,cn=config")(targetattr !="aci")(version 3.0;acl "snmp";allow (read, search, compare)(userdn = "ldap:///anyone");)
dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
changetype: modify
add: aci
aci: (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)
--- NEW FILE 13dsschema.mod.tmpl ---
# BEGIN COPYRIGHT BLOCK
# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# END COPYRIGHT BLOCK
dn: cn=schema
changetype: modify
add: aci
aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot";)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
Index: 00nsroot_backend.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/00nsroot_backend.ldif.tmpl,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- 00nsroot_backend.ldif.tmpl 18 Jun 2007 17:14:50 -0000 1.2
+++ 00nsroot_backend.ldif.tmpl 20 Jun 2007 23:50:11 -0000 1.3
@@ -1,3 +1,22 @@
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
dn: cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config
objectClass: top
objectClass: extensibleObject
@@ -13,5 +32,6 @@
objectClass: extensibleObject
objectClass: nsMappingTree
cn: "o=NetscapeRoot"
+cn: o=NetscapeRoot
nsslapd-state: backend
nsslapd-backend: NetscapeRoot
Index: 01nsroot.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/01nsroot.ldif.tmpl,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- 01nsroot.ldif.tmpl 13 Jun 2007 20:03:06 -0000 1.2
+++ 01nsroot.ldif.tmpl 20 Jun 2007 23:50:11 -0000 1.3
@@ -1,3 +1,22 @@
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
dn: o=NetscapeRoot
objectClass: top
objectClass: organization
@@ -5,6 +24,7 @@
aci: (targetattr="*")(version 3.0; acl "Enable Configuration Administrator Group modification"; allow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot";)
aci: (targetattr="*")(targetfilter=(o=NetscapeRoot))(version 3.0; acl "Default anonymous access"; allow (read, search) userdn="ldap:///anyone";)
aci: (targetattr="*")(version 3.0; acl "Enable Group Expansion"; allow (read, search, compare) groupdnattr="uniquemember";)
+aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
dn: ou=TopologyManagement, o=NetscapeRoot
objectClass: top
@@ -54,6 +74,7 @@
objectClass: top
objectClass: organizationalunit
ou: Global Preferences
+aci: (targetattr=*)(version 3.0; acl "Enable anonymous access"; allow(read,search) userdn="ldap:///anyone";)
dn: ou=Host Preferences, ou=%domain%, o=NetscapeRoot
objectClass: top
@@ -87,3 +108,5 @@
cn: Server Group
uniqueMember: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
uniqueMember: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+aci: (targetattr=*)(targetfilter=(nsconfigRoot=*))(version 3.0; acl "Enable delegated access"; allow (read, search, compare) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read, search, compare) userdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
Index: 02globalpreferences.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/02globalpreferences.ldif.tmpl,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 02globalpreferences.ldif.tmpl 13 Jun 2007 17:48:35 -0000 1.1
+++ 02globalpreferences.ldif.tmpl 20 Jun 2007 23:50:11 -0000 1.2
@@ -1,3 +1,22 @@
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
dn: ou=Admin, ou=Global Preferences, ou=%domain%, o=NetscapeRoot
objectClass: top
objectClass: organizationalUnit
Index: 10dsdata.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/10dsdata.ldif.tmpl,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- 10dsdata.ldif.tmpl 19 Jun 2007 18:32:28 -0000 1.3
+++ 10dsdata.ldif.tmpl 20 Jun 2007 23:50:11 -0000 1.4
@@ -1,3 +1,22 @@
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
dn: cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: nsApplication
objectClass: groupOfUniqueNames
Index: 11dstasks.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/11dstasks.ldif.tmpl,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 11dstasks.ldif.tmpl 13 Jun 2007 17:48:35 -0000 1.1
+++ 11dstasks.ldif.tmpl 20 Jun 2007 23:50:11 -0000 1.2
@@ -1,3 +1,22 @@
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
dn: cn=Tasks, %ds_sie%
objectClass: top
objectClass: nsResourceRef
Index: 20asdata.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/20asdata.ldif.tmpl,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- 20asdata.ldif.tmpl 19 Jun 2007 18:32:28 -0000 1.2
+++ 20asdata.ldif.tmpl 20 Jun 2007 23:50:11 -0000 1.3
@@ -1,3 +1,22 @@
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
dn: cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: top
objectClass: nsApplication
@@ -10,9 +29,9 @@
nsBuildNumber: %as_buildnum%
nsInstalledLocation: %as_installedlocation%
nsBuildSecurity: domestic
-nsServerMigrationClassname: com.netscape.management.admserv.AdminServerProduct
- @%as_console_jar%
+nsServerMigrationClassname: com.netscape.management.admserv.AdminServerProduct@%as_console_jar%
uniqueMember: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+aci: (targetattr=*)(targetfilter=(nsNickName=*))(version 3.0; acl "Enable delegated access"; allow (read, search, compare) groupdn="ldap:///cn=%brand% Admin istration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
dn: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: top
@@ -26,6 +45,8 @@
serverProductName: Administration Server
serverHostName: %fqdn%
uniqueMember: cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read, search, compare) groupdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+aci: (targetattr="uniquemember || serverProductName || administratorContactInfo || userpassword || description")(targetfilter=(objectclass=netscapeServer))(version 3.0; acl "Enable access delegation"; allow (write) groupdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
dn: cn=configuration, cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
objectClass: nsConfig
@@ -50,4 +71,6 @@
nsAdminOneACLDir: adminacl
nsDefaultAcceptLanguage: en
nsClassname: com.netscape.management.admserv.AdminServer@%as_console_jar%@cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot
+aci: (targetattr=*)(version 3.0; acl "Enable delegated admin to access configuration"; allow (read, search) groupdn="ldap:///cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
+aci: (targetattr=*)(version 3.0; acl "Enable Server configuration"; allow (all) groupdn="ldap:///cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";)
Index: 21astasks.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/21astasks.ldif.tmpl,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- 21astasks.ldif.tmpl 20 Jun 2007 22:33:20 -0000 1.2
+++ 21astasks.ldif.tmpl 20 Jun 2007 23:50:11 -0000 1.3
@@ -1,3 +1,22 @@
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
dn: cn=Tasks, %as_sie%
objectClass: top
objectClass: nsResourceRef
Index: 22ascommands.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/22ascommands.ldif.tmpl,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 22ascommands.ldif.tmpl 13 Jun 2007 17:48:35 -0000 1.1
+++ 22ascommands.ldif.tmpl 20 Jun 2007 23:50:11 -0000 1.2
@@ -1,3 +1,22 @@
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
dn: cn=Commands, %as_sie%
objectClass: top
objectClass: nsResourceRef
More information about the Fedora-directory-commits
mailing list