Commit a3555517 authored by Maciej Delmanowski's avatar Maciej Delmanowski

[LDAP] Add more object classes to admin account

The initial administrator account in the LDAP directory will have
'authorizedServiceObject' and 'hostObject' object classes, which allow
inclusion of the 'authorizedService' and 'host' attributes.
parent a0e0ca38
......@@ -167,7 +167,8 @@
- name: 'Create cn=UNIX Administrators group'
dn: '{{ [ "cn=UNIX Administrators", ldap__system_groups_rdn ] + ldap__base_dn }}'
objectClass: [ 'groupOfNames', 'posixGroup', 'posixGroupId' ]
objectClass: [ 'groupOfNames', 'posixGroup', 'posixGroupId',
'authorizedServiceObject', 'hostObject' ]
attributes:
cn: 'UNIX Administrators'
gid: 'admins'
......@@ -175,6 +176,8 @@
member: '{{ admin_dn }}'
owner: '{{ admin_dn }}'
description: 'People responsible for UNIX-like infrastructure'
authorizedService: '*'
host: '*'
- name: 'Create cn=Account Administrators group'
dn: '{{ [ "CN=Account Administrators", ldap__system_groups_rdn ] + ldap__base_dn }}'
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment