/usr/share/ipa/updates/73-certmap.update is in freeipa-server 4.7.0~pre1+git20180411-2ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | # Configuration for Certificate Identity Mapping
dn: cn=certmap,$SUFFIX
default:objectclass: top
default:objectclass: nsContainer
default:objectclass: ipaCertMapConfigObject
default:cn: certmap
default:ipaCertMapPromptUsername: FALSE
dn: cn=certmaprules,cn=certmap,$SUFFIX
default:objectclass: top
default:objectclass: nsContainer
default:cn: certmaprules
# Certificate Identity Mapping Administrators
dn: cn=Certificate Identity Mapping Administrators,cn=privileges,cn=pbac,$SUFFIX
default:objectClass: top
default:objectClass: groupofnames
default:objectClass: nestedgroup
default:cn: Certificate Identity Mapping Administrators
default:description: Certificate Identity Mapping Administrators
dn: $SUFFIX
add:aci: (targetattr = "ipacertmapdata")(targattrfilters="add=objectclass:(objectclass=ipacertmapobject)")(version 3.0;acl "selfservice:Users can manage their own X.509 certificate identity mappings";allow (write) userdn = "ldap:///self";)
|