freeipa-server 4.3.1-0ubuntu1 / usr / share / ipa / updates / 10-schema_compat.update

This file is indexed.

/usr/share/ipa/updates/10-schema_compat.update is in freeipa-server 4.3.1-0ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
only:schema-compat-entry-rdn:%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
add:schema-compat-entry-attribute: sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
add:schema-compat-entry-attribute: sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
# Fix for #4324 (regression of #1309)
remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref("ipaSudoRunAs","cn")
remove:schema-compat-entry-attribute:sudoRunAsUser=%{ipaSudoRunAsExtUser}
remove:schema-compat-entry-attribute:sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
remove:schema-compat-entry-attribute:sudoRunAsUser=%deref("ipaSudoRunAs","uid")
remove:schema-compat-entry-attribute:sudoRunAsGroup=%{ipaSudoRunAsExtGroup}
remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")

# We need to add the value in a separate transaction
dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
add: schema-compat-entry-attribute: sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
remove: schema-compat-ignore-subtree: cn=changelog
remove: schema-compat-ignore-subtree: o=ipaca
add: schema-compat-restrict-subtree: $SUFFIX
add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX

# Change padding for host and userCategory so the pad returns the same value
# as the original, '' or -.
dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
replace: schema-compat-entry-attribute:nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})::nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-})
remove: schema-compat-ignore-subtree: cn=changelog
remove: schema-compat-ignore-subtree: o=ipaca
add: schema-compat-restrict-subtree: $SUFFIX
add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX

dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
default:objectClass: top
default:objectClass: extensibleObject
default:cn: computers
default:schema-compat-container-group: cn=compat, $SUFFIX
default:schema-compat-container-rdn: cn=computers
default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
default:schema-compat-entry-rdn: cn=%first("%{fqdn}")
default:schema-compat-entry-attribute: objectclass=device
default:schema-compat-entry-attribute: objectclass=ieee802Device
default:schema-compat-entry-attribute: cn=%{fqdn}
default:schema-compat-entry-attribute: macAddress=%{macAddress}
remove: schema-compat-ignore-subtree: cn=changelog
remove: schema-compat-ignore-subtree: o=ipaca
add: schema-compat-restrict-subtree: $SUFFIX
add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX

dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
add:schema-compat-entry-attribute: sudoOrder=%{sudoOrder}

dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
remove: schema-compat-ignore-subtree: cn=changelog
remove: schema-compat-ignore-subtree: o=ipaca
add: schema-compat-restrict-subtree: $SUFFIX
add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX

dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
remove: schema-compat-ignore-subtree: cn=changelog
remove: schema-compat-ignore-subtree: o=ipaca
add: schema-compat-restrict-subtree: $SUFFIX
add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX

dn: cn=Schema Compatibility,cn=plugins,cn=config
# We need to run schema-compat pre-bind callback before
# other IPA pre-bind callbacks to make sure bind DN is
# rewritten to the original entry if needed
add:nsslapd-pluginprecedence: 49

dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")

dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")

APT Browse - Built by Thomas Orozco.