| blob | bd4efd49b0b5ff22ec0c839d95b11e78163e2cb2 |
1 <ldap_options>
2 <ldap_enable>[% ldappublic.use_ldap %]</ldap_enable>
3 <ldap_excluded_roles>[% ldappublic.excluded_roles %]</ldap_excluded_roles>
4 <ldap_suffixes>
5 [% FOREACH item = ldappublic.suffix %]
6 <ldap_suffix>[% item %]</ldap_suffix>
7 [% END %]
8 </ldap_suffixes>
9 <ldap_server>[% ldappublic.server %]</ldap_server>
10 <ldap_port>[% ldappublic.port %]</ldap_port>
11 <ldap_version>[% ldappublic.version %]</ldap_version>
12 <ldap_tls>
13 <use_tls>[% ldappublic.use_tls %]</use_tls>
14 <client_cert>[% ldappublic.client_cert %]</client_cert>
15 <client_key>[% ldappublic.client_key %]</client_key>
16 <ca_cert>[% ldappublic.ca_cert %]</ca_cert>
17 </ldap_tls>
18 <ldap_sasl>
19 <use_sasl>[% ldappublic.use_sasl %]</use_sasl>
20 <sasl_mech>[% ldappublic.sasl_mechanism %]</sasl_mech>
21 </ldap_sasl>
22 <ldap_login>[% ldappublic.login %]</ldap_login>
23 <ldap_password>[% ldappublic.password %]</ldap_password>
24 <schema>
25 <default>
26 <rdn>
27 <attributetype>serialNumber</attributetype>
28 <must>
29 <attributetype>serialNumber</attributetype>
30 <attributetype>cn</attributetype>
31 </must>
32 <may>
33 <attributetype>ou</attributetype>
34 <attributetype>o</attributetype>
35 <attributetype>l</attributetype>
36 </may>
37 <structural>
38 <objectclass>device</objectclass>
39 </structural>
40 <auxiliary>
41 <objectclass>pkiCA</objectclass>
42 </auxiliary>
43 </rdn>
44 <rdn>
45 <attributetype>cn</attributetype>
46 <must>
47 <attributetype>cn</attributetype>
48 </must>
49 <may>
50 <attributetype>ou</attributetype>
51 <attributetype>st</attributetype>
52 <attributetype>l</attributetype>
53 <attributetype>mail</attributetype>
54 <attributetype>emailAddress</attributetype>
55 </may>
56 <structural>
57 <objectclass>organizationalRole</objectclass>
58 </structural>
59 <auxiliary>
60 <objectclass>opencaEmailAddress</objectclass>
61 <objectclass>pkiCA</objectclass>
62 </auxiliary>
63 </rdn>
64 <rdn>
65 <attributetype>sn</attributetype>
66 <must>
67 <attributetype>cn</attributetype>
68 </must>
69 <may>
70 <attributetype>ou</attributetype>
71 <attributetype>st</attributetype>
72 <attributetype>l</attributetype>
73 <attributetype>mail</attributetype>
74 <attributetype>emailAddress</attributetype>
75 </may>
76 <structural>
77 <objectclass>organizationalRole</objectclass>
78 </structural>
79 <auxiliary>
80 <objectclass>opencaEmailAddress</objectclass>
81 <objectclass>pkiCA</objectclass>
82 </auxiliary>
83 </rdn>
84 <rdn>
85 <attributetype>emailAddress</attributetype>
86 <must>
87 <attributetype>cn</attributetype>
88 </must>
89 <may>
90 <attributetype>ou</attributetype>
91 <attributetype>st</attributetype>
92 <attributetype>l</attributetype>
93 <attributetype>mail</attributetype>
94 <attributetype>emailAddress</attributetype>
95 </may>
96 <structural>
97 <objectclass>organizationalRole</objectclass>
98 </structural>
99 <auxiliary>
100 <objectclass>opencaEmailAddress</objectclass>
101 <objectclass>pkiCA</objectclass>
102 </auxiliary>
103 </rdn>
104 <rdn>
105 <attributetype>mail</attributetype>
106 <must>
107 <attributetype>cn</attributetype>
108 </must>
109 <may>
110 <attributetype>ou</attributetype>
111 <attributetype>st</attributetype>
112 <attributetype>l</attributetype>
113 <attributetype>mail</attributetype>
114 <attributetype>emailAddress</attributetype>
115 </may>
116 <structural>
117 <objectclass>organizationalRole</objectclass>
118 </structural>
119 <auxiliary>
120 <objectclass>opencaEmailAddress</objectclass>
121 <objectclass>pkiCA</objectclass>
122 </auxiliary>
123 </rdn>
124 <rdn>
125 <attributetype>uid</attributetype>
126 <must>
127 <attributetype>cn</attributetype>
128 <attributetype>sn</attributetype>
129 </must>
130 <may>
131 <attributetype>uid</attributetype>
132 <attributetype>mail</attributetype>
133 <attributetype>emailAddress</attributetype>
134 <attributetype>ou</attributetype>
135 <attributetype>o</attributetype>
136 <attributetype>st</attributetype>
137 <attributetype>l</attributetype>
138 </may>
139 <structural>
140 <objectclass>person</objectclass>
141 <objectclass>organizationalPerson</objectclass>
142 <objectclass>inetOrgPerson</objectclass>
143 </structural>
144 <auxiliary>
145 <objectclass>opencaEmailAddress</objectclass>
146 <objectclass>pkiUser</objectclass>
147 </auxiliary>
148 </rdn>
149 <rdn>
150 <attributetype>dc</attributetype>
151 <must>
152 <attributetype>dc</attributetype>
153 </must>
154 <structural>
155 <objectclass>dcObject</objectclass>
156 </structural>
157 <auxiliary>
158 <objectclass>pkiUser</objectclass>
159 <objectclass>pkiCA</objectclass>
160 </auxiliary>
161 </rdn>
162 <rdn>
163 <attributetype>unstructuredName</attributetype>
164 <must>
165 <attributetype>cn</attributetype>
166 </must>
167 <may>
168 <attributetype>unstructuredName</attributetype>
169 <attributetype>unstructuredAddress</attributetype>
170 <attributetype>serialNumber</attributetype>
171 <attributetype>ou</attributetype>
172 <attributetype>o</attributetype>
173 <attributetype>l</attributetype>
174 </may>
175 <structural>
176 <objectclass>device</objectclass>
177 </structural>
178 <auxiliary>
179 <objectclass>opencaSCEPDevice</objectclass>
180 <objectclass>pkiUser</objectclass>
181 </auxiliary>
182 </rdn>
183 <rdn>
184 <attributetype>unstructuredAddress</attributetype>
185 <must>
186 <attributetype>cn</attributetype>
187 </must>
188 <may>
189 <attributetype>unstructuredName</attributetype>
190 <attributetype>unstructuredAddress</attributetype>
191 <attributetype>serialNumber</attributetype>
192 <attributetype>ou</attributetype>
193 <attributetype>o</attributetype>
194 <attributetype>l</attributetype>
195 </may>
196 <structural>
197 <objectclass>device</objectclass>
198 </structural>
199 <auxiliary>
200 <objectclass>opencaSCEPDevice</objectclass>
201 <objectclass>pkiUser</objectclass>
202 </auxiliary>
203 </rdn>
204 <rdn>
205 <attributetype>ou</attributetype>
206 <must>
207 <attributetype>ou</attributetype>
208 </must>
209 <may>
210 <attributetype>l</attributetype>
211 <attributetype>st</attributetype>
212 </may>
213 <structural>
214 <objectclass>organizationalUnit</objectclass>
215 </structural>
216 <auxiliary>
217 <objectclass>pkiUser</objectclass>
218 <objectclass>pkiCA</objectclass>
219 </auxiliary>
220 </rdn>
221 <rdn>
222 <attributetype>o</attributetype>
223 <must>
224 <attributetype>o</attributetype>
225 </must>
226 <may>
227 <attributetype>l</attributetype>
228 <attributetype>st</attributetype>
229 </may>
230 <structural>
231 <objectclass>organization</objectclass>
232 </structural>
233 <auxiliary>
234 <objectclass>pkiUser</objectclass>
235 <objectclass>pkiCA</objectclass>
236 </auxiliary>
237 </rdn>
238 <rdn>
239 <attributetype>c</attributetype>
240 <must>
241 <attributetype>c</attributetype>
242 </must>
243 <structural>
244 <objectclass>country</objectclass>
245 </structural>
246 <auxiliary>
247 <objectclass>pkiUser</objectclass>
248 <objectclass>pkiCA</objectclass>
249 </auxiliary>
250 </rdn>
251 <rdn>
252 <attributetype>l</attributetype>
253 <must>
254 <attributetype>l</attributetype>
255 </must>
256 <may>
257 <attributetype>l</attributetype>
258 </may>
259 <structural>
260 <objectclass>locality</objectclass>
261 </structural>
262 <auxiliary>
263 <objectclass>pkiUser</objectclass>
264 <objectclass>pkiCA</objectclass>
265 </auxiliary>
266 </rdn>
267 <rdn>
268 <attributetype>st</attributetype>
269 <must>
270 <attributetype>st</attributetype>
271 </must>
272 <may>
273 <attributetype>st</attributetype>
274 </may>
275 <structural>
276 <objectclass>locality</objectclass>
277 </structural>
278 <auxiliary>
279 <objectclass>pkiUser</objectclass>
280 <objectclass>pkiCA</objectclass>
281 </auxiliary>
282 </rdn>
283 </default>
284 <certificate>
285 <rdn>
286 <attributetype>serialNumber</attributetype>
287 <must>
288 <attributetype>cn</attributetype>
289 <attributetype>sn</attributetype>
290 </must>
291 <may>
292 <attributetype>serialNumber</attributetype>
293 <attributetype>mail</attributetype>
294 <attributetype>emailAddress</attributetype>
295 <attributetype>ou</attributetype>
296 <attributetype>o</attributetype>
297 <attributetype>st</attributetype>
298 <attributetype>l</attributetype>
299 </may>
300 <structural>
301 <objectclass>person</objectclass>
302 <objectclass>organizationalPerson</objectclass>
303 <objectclass>inetOrgPerson</objectclass>
304 </structural>
305 <auxiliary>
306 <objectclass>opencaEmailAddress</objectclass>
307 <objectclass>opencaUniquelyIdentifiedUser</objectclass>
308 <objectclass>pkiUser</objectclass>
309 </auxiliary>
310 </rdn>
311 <rdn>
312 <attributetype>cn</attributetype>
313 <must>
314 <attributetype>cn</attributetype>
315 <attributetype>sn</attributetype>
316 </must>
317 <may>
318 <attributetype>mail</attributetype>
319 <attributetype>emailAddress</attributetype>
320 <attributetype>ou</attributetype>
321 <attributetype>o</attributetype>
322 <attributetype>st</attributetype>
323 <attributetype>l</attributetype>
324 </may>
325 <structural>
326 <objectclass>person</objectclass>
327 <objectclass>organizationalPerson</objectclass>
328 <objectclass>inetOrgPerson</objectclass>
329 </structural>
330 <auxiliary>
331 <objectclass>opencaEmailAddress</objectclass>
332 <objectclass>pkiUser</objectclass>
333 </auxiliary>
334 </rdn>
335 <rdn>
336 <attributetype>sn</attributetype>
337 <must>
338 <attributetype>cn</attributetype>
339 <attributetype>sn</attributetype>
340 </must>
341 <may>
342 <attributetype>mail</attributetype>
343 <attributetype>emailAddress</attributetype>
344 <attributetype>ou</attributetype>
345 <attributetype>o</attributetype>
346 <attributetype>st</attributetype>
347 <attributetype>l</attributetype>
348 </may>
349 <structural>
350 <objectclass>person</objectclass>
351 <objectclass>organizationalPerson</objectclass>
352 <objectclass>inetOrgPerson</objectclass>
353 </structural>
354 <auxiliary>
355 <objectclass>opencaEmailAddress</objectclass>
356 <objectclass>pkiUser</objectclass>
357 </auxiliary>
358 </rdn>
359 <rdn>
360 <attributetype>emailAddress</attributetype>
361 <must>
362 <attributetype>cn</attributetype>
363 <attributetype>sn</attributetype>
364 </must>
365 <may>
366 <attributetype>mail</attributetype>
367 <attributetype>emailAddress</attributetype>
368 <attributetype>ou</attributetype>
369 <attributetype>o</attributetype>
370 <attributetype>st</attributetype>
371 <attributetype>l</attributetype>
372 </may>
373 <structural>
374 <objectclass>person</objectclass>
375 <objectclass>organizationalPerson</objectclass>
376 <objectclass>inetOrgPerson</objectclass>
377 </structural>
378 <auxiliary>
379 <objectclass>opencaEmailAddress</objectclass>
380 <objectclass>pkiUser</objectclass>
381 </auxiliary>
382 </rdn>
383 <rdn>
384 <attributetype>mail</attributetype>
385 <must>
386 <attributetype>cn</attributetype>
387 <attributetype>sn</attributetype>
388 </must>
389 <may>
390 <attributetype>mail</attributetype>
391 <attributetype>emailAddress</attributetype>
392 <attributetype>ou</attributetype>
393 <attributetype>o</attributetype>
394 <attributetype>st</attributetype>
395 <attributetype>l</attributetype>
396 </may>
397 <structural>
398 <objectclass>person</objectclass>
399 <objectclass>organizationalPerson</objectclass>
400 <objectclass>inetOrgPerson</objectclass>
401 </structural>
402 <auxiliary>
403 <objectclass>opencaEmailAddress</objectclass>
404 <objectclass>pkiUser</objectclass>
405 </auxiliary>
406 </rdn>
407 <rdn>
408 <attributetype>uid</attributetype>
409 <must>
410 <attributetype>cn</attributetype>
411 <attributetype>sn</attributetype>
412 </must>
413 <may>
414 <attributetype>uid</attributetype>
415 <attributetype>mail</attributetype>
416 <attributetype>emailAddress</attributetype>
417 <attributetype>ou</attributetype>
418 <attributetype>o</attributetype>
419 <attributetype>st</attributetype>
420 <attributetype>l</attributetype>
421 </may>
422 <structural>
423 <objectclass>person</objectclass>
424 <objectclass>organizationalPerson</objectclass>
425 <objectclass>inetOrgPerson</objectclass>
426 </structural>
427 <auxiliary>
428 <objectclass>opencaEmailAddress</objectclass>
429 <objectclass>pkiUser</objectclass>
430 </auxiliary>
431 </rdn>
432 <rdn>
433 <attributetype>dc</attributetype>
434 <must>
435 <attributetype>dc</attributetype>
436 </must>
437 <structural>
438 <objectclass>dcObject</objectclass>
439 </structural>
440 <auxiliary>
441 <objectclass>pkiUser</objectclass>
442 </auxiliary>
443 </rdn>
444 <rdn>
445 <attributetype>unstructuredName</attributetype>
446 <must>
447 <attributetype>cn</attributetype>
448 </must>
449 <may>
450 <attributetype>unstructuredName</attributetype>
451 <attributetype>unstructuredAddress</attributetype>
452 <attributetype>serialNumber</attributetype>
453 <attributetype>ou</attributetype>
454 <attributetype>o</attributetype>
455 <attributetype>l</attributetype>
456 </may>
457 <structural>
458 <objectclass>device</objectclass>
459 </structural>
460 <auxiliary>
461 <objectclass>opencaSCEPDevice</objectclass>
462 <objectclass>pkiUser</objectclass>
463 </auxiliary>
464 </rdn>
465 <rdn>
466 <attributetype>unstructuredAddress</attributetype>
467 <must>
468 <attributetype>cn</attributetype>
469 </must>
470 <may>
471 <attributetype>unstructuredName</attributetype>
472 <attributetype>unstructuredAddress</attributetype>
473 <attributetype>serialNumber</attributetype>
474 <attributetype>ou</attributetype>
475 <attributetype>o</attributetype>
476 <attributetype>l</attributetype>
477 </may>
478 <structural>
479 <objectclass>device</objectclass>
480 </structural>
481 <auxiliary>
482 <objectclass>opencaSCEPDevice</objectclass>
483 <objectclass>pkiUser</objectclass>
484 </auxiliary>
485 </rdn>
486 <rdn>
487 <attributetype>ou</attributetype>
488 <must>
489 <attributetype>ou</attributetype>
490 </must>
491 <may>
492 <attributetype>l</attributetype>
493 <attributetype>st</attributetype>
494 </may>
495 <structural>
496 <objectclass>organizationalUnit</objectclass>
497 </structural>
498 <auxiliary>
499 <objectclass>pkiUser</objectclass>
500 </auxiliary>
501 </rdn>
502 <rdn>
503 <attributetype>o</attributetype>
504 <must>
505 <attributetype>o</attributetype>
506 </must>
507 <may>
508 <attributetype>l</attributetype>
509 <attributetype>st</attributetype>
510 </may>
511 <structural>
512 <objectclass>organization</objectclass>
513 </structural>
514 <auxiliary>
515 <objectclass>pkiUser</objectclass>
516 </auxiliary>
517 </rdn>
518 <rdn>
519 <attributetype>c</attributetype>
520 <must>
521 <attributetype>c</attributetype>
522 </must>
523 <structural>
524 <objectclass>country</objectclass>
525 </structural>
526 <auxiliary>
527 <objectclass>pkiUser</objectclass>
528 </auxiliary>
529 </rdn>
530 <rdn>
531 <attributetype>l</attributetype>
532 <must>
533 <attributetype>l</attributetype>
534 </must>
535 <may>
536 <attributetype>l</attributetype>
537 </may>
538 <structural>
539 <objectclass>locality</objectclass>
540 </structural>
541 <auxiliary>
542 <objectclass>pkiUser</objectclass>
543 </auxiliary>
544 </rdn>
545 <rdn>
546 <attributetype>st</attributetype>
547 <must>
548 <attributetype>st</attributetype>
549 </must>
550 <may>
551 <attributetype>st</attributetype>
552 </may>
553 <structural>
554 <objectclass>locality</objectclass>
555 </structural>
556 <auxiliary>
557 <objectclass>pkiUser</objectclass>
558 </auxiliary>
559 </rdn>
560 </certificate>
561 <ca>
562 <rdn>
563 <attributetype>serialNumber</attributetype>
564 <must>
565 <attributetype>cn</attributetype>
566 </must>
567 <may>
568 <attributetype>serialNumber</attributetype>
569 <attributetype>ou</attributetype>
570 <attributetype>o</attributetype>
571 <attributetype>l</attributetype>
572 </may>
573 <structural>
574 <objectclass>device</objectclass>
575 </structural>
576 <auxiliary>
577 <objectclass>pkiCA</objectclass>
578 </auxiliary>
579 </rdn>
580 <rdn>
581 <attributetype>cn</attributetype>
582 <must>
583 <attributetype>cn</attributetype>
584 </must>
585 <may>
586 <attributetype>ou</attributetype>
587 <attributetype>st</attributetype>
588 <attributetype>l</attributetype>
589 </may>
590 <structural>
591 <objectclass>organizationalRole</objectclass>
592 </structural>
593 <auxiliary>
594 <objectclass>pkiCA</objectclass>
595 </auxiliary>
596 </rdn>
597 <rdn>
598 <attributetype>sn</attributetype>
599 <must>
600 <attributetype>cn</attributetype>
601 </must>
602 <may>
603 <attributetype>ou</attributetype>
604 <attributetype>st</attributetype>
605 <attributetype>l</attributetype>
606 </may>
607 <structural>
608 <objectclass>organizationalRole</objectclass>
609 </structural>
610 <auxiliary>
611 <objectclass>pkiCA</objectclass>
612 </auxiliary>
613 </rdn>
614 <rdn>
615 <attributetype>emailAddress</attributetype>
616 <must>
617 <attributetype>cn</attributetype>
618 </must>
619 <may>
620 <attributetype>ou</attributetype>
621 <attributetype>st</attributetype>
622 <attributetype>l</attributetype>
623 <attributetype>mail</attributetype>
624 <attributetype>emailAddress</attributetype>
625 </may>
626 <structural>
627 <objectclass>organizationalRole</objectclass>
628 </structural>
629 <auxiliary>
630 <objectclass>opencaEmailAddress</objectclass>
631 <objectclass>pkiCA</objectclass>
632 </auxiliary>
633 </rdn>
634 <rdn>
635 <attributetype>mail</attributetype>
636 <must>
637 <attributetype>cn</attributetype>
638 </must>
639 <may>
640 <attributetype>ou</attributetype>
641 <attributetype>st</attributetype>
642 <attributetype>l</attributetype>
643 <attributetype>mail</attributetype>
644 <attributetype>emailAddress</attributetype>
645 </may>
646 <structural>
647 <objectclass>organizationalRole</objectclass>
648 </structural>
649 <auxiliary>
650 <objectclass>opencaEmailAddress</objectclass>
651 <objectclass>pkiCA</objectclass>
652 </auxiliary>
653 </rdn>
654 <rdn>
655 <attributetype>dc</attributetype>
656 <must>
657 <attributetype>dc</attributetype>
658 </must>
659 <structural>
660 <objectclass>dcObject</objectclass>
661 </structural>
662 <auxiliary>
663 <objectclass>pkiCA</objectclass>
664 </auxiliary>
665 </rdn>
666 <rdn>
667 <attributetype>ou</attributetype>
668 <must>
669 <attributetype>ou</attributetype>
670 </must>
671 <may>
672 <attributetype>l</attributetype>
673 <attributetype>st</attributetype>
674 </may>
675 <structural>
676 <objectclass>organizationalUnit</objectclass>
677 </structural>
678 <auxiliary>
679 <objectclass>pkiCA</objectclass>
680 </auxiliary>
681 </rdn>
682 <rdn>
683 <attributetype>o</attributetype>
684 <must>
685 <attributetype>o</attributetype>
686 </must>
687 <may>
688 <attributetype>l</attributetype>
689 <attributetype>st</attributetype>
690 </may>
691 <structural>
692 <objectclass>organization</objectclass>
693 </structural>
694 <auxiliary>
695 <objectclass>pkiCA</objectclass>
696 </auxiliary>
697 </rdn>
698 <rdn>
699 <attributetype>c</attributetype>
700 <must>
701 <attributetype>c</attributetype>
702 </must>
703 <structural>
704 <objectclass>country</objectclass>
705 </structural>
706 <auxiliary>
707 <objectclass>pkiCA</objectclass>
708 </auxiliary>
709 </rdn>
710 <rdn>
711 <attributetype>l</attributetype>
712 <must>
713 <attributetype>l</attributetype>
714 </must>
715 <may>
716 <attributetype>l</attributetype>
717 </may>
718 <structural>
719 <objectclass>locality</objectclass>
720 </structural>
721 <auxiliary>
722 <objectclass>pkiCA</objectclass>
723 </auxiliary>
724 </rdn>
725 <rdn>
726 <attributetype>st</attributetype>
727 <must>
728 <attributetype>st</attributetype>
729 </must>
730 <may>
731 <attributetype>st</attributetype>
732 </may>
733 <structural>
734 <objectclass>locality</objectclass>
735 </structural>
736 <auxiliary>
737 <objectclass>pkiCA</objectclass>
738 </auxiliary>
739 </rdn>
740 </ca>
741 </schema>
742 </ldap_options>