[LDAP] Add more object classes to admin account

The initial administrator account in the LDAP directory will have 'authorizedServiceObject' and 'hostObject' object classes, which allow inclusion of the 'authorizedService' and 'host' attributes.

[LDAP] Add more object classes to admin account
The initial administrator account in the LDAP directory will have 'authorizedServiceObject' and 'hostObject' object classes, which allow inclusion of the 'authorizedService' and 'host' attributes.
a3555517 · Maciej Delmanowski · a0e0ca38 · a3555517
Commit a3555517 authored Apr 10, 2019 by Maciej Delmanowski
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

ansible/playbooks/ldap/init-directory.yml ansible/playbooks/ldap/init-directory.yml +4 -1

No files found.
--- a/ansible/playbooks/ldap/init-directory.yml
+++ b/ansible/playbooks/ldap/init-directory.yml
@@ -167,7 +167,8 @@

      - name: 'Create cn=UNIX Administrators group'
        dn: '{{ [ "cn=UNIX Administrators", ldap__system_groups_rdn ] + ldap__base_dn }}'
-        objectClass: [ 'groupOfNames', 'posixGroup', 'posixGroupId' ]
+        objectClass: [ 'groupOfNames', 'posixGroup', 'posixGroupId',
+                       'authorizedServiceObject', 'hostObject' ]
        attributes:
          cn: 'UNIX Administrators'
          gid: 'admins'
@@ -175,6 +176,8 @@
          member: '{{ admin_dn }}'
          owner: '{{ admin_dn }}'
          description: 'People responsible for UNIX-like infrastructure'
+          authorizedService: '*'
+          host: '*'

      - name: 'Create cn=Account Administrators group'
        dn: '{{ [ "CN=Account Administrators", ldap__system_groups_rdn ] + ldap__base_dn }}'