diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-06 04:16:24 -0500 |
|---|---|---|
| committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-06 04:16:24 -0500 |
| commit | 75044dd48af51f848e49f6705ec6e9423571dd8c (patch) | |
| tree | a973bc28051a6706dc6e28f807538bc3e8f3488c /confskel/openldap | |
| parent | bf4dbda9682241deffb3ec704e2597a12496d2a8 (diff) | |
| download | kcmldapcontroller-75044dd48af51f848e49f6705ec6e9423571dd8c.tar.gz kcmldapcontroller-75044dd48af51f848e49f6705ec6e9423571dd8c.zip | |
Add ssl generation and storage
Diffstat (limited to 'confskel/openldap')
| -rw-r--r-- | confskel/openldap/ldap/slapd.conf | 4 | ||||
| -rw-r--r-- | confskel/openldap/ldif/config.ldif | 4 | ||||
| -rw-r--r-- | confskel/openldap/ldif/tde-core.ldif | 5 | ||||
| -rw-r--r-- | confskel/openldap/skel.ldif | 39 |
4 files changed, 47 insertions, 5 deletions
diff --git a/confskel/openldap/ldap/slapd.conf b/confskel/openldap/ldap/slapd.conf index 3dce739..9263350 100644 --- a/confskel/openldap/ldap/slapd.conf +++ b/confskel/openldap/ldap/slapd.conf @@ -72,8 +72,8 @@ index gidNumber eq lastmod on unique_attributes mail uid uidNumber -TLSCertificateFile /etc/trinity/ldap/tde-ca/public/@@@ADMINSERVER@@@.crt -TLSCertificateKeyFile /etc/trinity/ldap/tde-ca/private/@@@ADMINSERVER@@@.key +TLSCertificateFile @@@LDAPPEMFILE@@@ +TLSCertificateKeyFile @@@LDAPPEMKEYFILE@@@ sasl-realm @@@REALM_UCNAME@@@ sasl-host @@@ADMINSERVER@@@ diff --git a/confskel/openldap/ldif/config.ldif b/confskel/openldap/ldif/config.ldif index 9e05b86..8df7bdc 100644 --- a/confskel/openldap/ldif/config.ldif +++ b/confskel/openldap/ldif/config.ldif @@ -28,8 +28,8 @@ olcSaslSecProps: noplain,noanonymous olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 -#olcTLSCertificateFile: /etc/trinity/ldap/tde-ca/public/@@@ADMINSERVER@@@.crt -#olcTLSCertificateKeyFile: /etc/trinity/ldap/tde-ca/private/@@@ADMINSERVER@@@.key +olcTLSCertificateFile: @@@LDAPPEMFILE@@@ +olcTLSCertificateKeyFile: @@@LDAPPEMKEYFILE@@@ olcTLSVerifyClient: never olcToolThreads: 1 olcWriteTimeout: 0 diff --git a/confskel/openldap/ldif/tde-core.ldif b/confskel/openldap/ldif/tde-core.ldif index 52f7a80..0644264 100644 --- a/confskel/openldap/ldif/tde-core.ldif +++ b/confskel/openldap/ldif/tde-core.ldif @@ -15,6 +15,9 @@ olcAttributeTypes: {9} ( 1.3.6.1.4.1.99999.1.1.10 NAME 'badPwdCount' DESC 'Bad p olcAttributeTypes: {10} ( 1.3.6.1.4.1.99999.1.1.11 NAME 'badPasswordTime' DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {11} ( 1.3.6.1.4.1.99999.1.1.12 NAME 'lastLogon' DESC 'Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: {12} ( 1.3.6.1.4.1.99999.1.1.13 NAME 'lastLogoff' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +# Used for storing sharable certificates and keys +olcAttributeTypes: {13} ( 1.3.6.1.4.1.99999.1.1.14 NAME 'publicRootCertificate' DESC 'Certificate authority root certificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE ) olcObjectClasses: {0} ( 1.3.6.1.4.1.99999.1.2.1 NAME 'tdeExtendedUserData' SUP top AUXILIARY MAY ( website URL $ managerName $ secretaryName $ teletexId $ preferredDelivery $ locallyUniqueID $ notes $ pwdLastSet $ badPwdCount $ badPasswordTime $ lastLogon $ lastLogoff ) ) -olcObjectClasses: {1} ( 1.3.6.1.4.1.99999.1.2.2 NAME 'tdeAccountObject' SUP top AUXILIARY MAY tdeBuiltinAccount )
\ No newline at end of file +olcObjectClasses: {1} ( 1.3.6.1.4.1.99999.1.2.2 NAME 'tdeAccountObject' SUP top AUXILIARY MAY tdeBuiltinAccount ) +olcObjectClasses: {2} ( 1.3.6.1.4.1.99999.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate ) )
\ No newline at end of file diff --git a/confskel/openldap/skel.ldif b/confskel/openldap/skel.ldif index 34d615b..0d17c6c 100644 --- a/confskel/openldap/skel.ldif +++ b/confskel/openldap/skel.ldif @@ -88,6 +88,16 @@ entryCSN: @@@TIMESTAMP@@@.000000Z#000000#000#000000 modifiersName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ modifyTimestamp: @@@TIMESTAMP@@@Z +dn: cn=tde realm data,ou=master services,ou=core,ou=realm,@@@REALM_DCNAME@@@ +objectClass: namedObject +cn: TDE Realm Data +structuralObjectClass: namedObject +creatorsName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +createTimestamp: @@@TIMESTAMP@@@Z +entryCSN: @@@TIMESTAMP@@@.000000Z#000000#000#000000 +modifiersName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +modifyTimestamp: @@@TIMESTAMP@@@Z + dn: o=kerberos,cn=kerberos control,ou=master services,ou=core,ou=realm,@@@REALM_DCNAME@@@ cn: kerberos emsdescription: Kerberos Registry @@ -104,6 +114,22 @@ entryCSN: @@@TIMESTAMP@@@.000000Z#000000#000#000000 modifiersName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ modifyTimestamp: @@@TIMESTAMP@@@Z +dn: o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,@@@REALM_DCNAME@@@ +cn: tde +emsdescription: TDE Realm Data +emsmodelclass: EMSSecurityObject +emstype: ServicePlugin +o: tde +objectClass: organization +objectClass: emsSecurityObject +objectClass: emsIgnore +structuralObjectClass: organization +creatorsName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +createTimestamp: @@@TIMESTAMP@@@Z +entryCSN: @@@TIMESTAMP@@@.000000Z#000000#000#000000 +modifiersName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +modifyTimestamp: @@@TIMESTAMP@@@Z + dn: ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ emscontainertype: EGroupContainer emsdescription: EMS Group Container @@ -227,3 +253,16 @@ krb5EncryptionType: 23 entryCSN: @@@TIMESTAMP@@@.000000Z#000000#000#000000 modifiersName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ modifyTimestamp: @@@TIMESTAMP@@@Z + +dn: cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,@@@REALM_DCNAME@@@ +cn: certificate store +description: TDE Certificate Store +objectClass: tdeCertificateStore +objectClass: applicationProcess +tdeBuiltinAccount: TRUE +structuralObjectClass: applicationProcess +creatorsName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +createTimestamp: @@@TIMESTAMP@@@Z +entryCSN: @@@TIMESTAMP@@@.000000Z#000000#000#000000 +modifiersName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +modifyTimestamp: @@@TIMESTAMP@@@Z
\ No newline at end of file |