-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/19/2012 01:20 PM, Simo Sorce wrote: > On Wed, 2012-12-19 at 12:30 +0000, Dale Macartney wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Morning all >> >> Heres something I was working on last night with Gavin Spurgeon. >> >> If anyone would like to comment on better ways to achieve this, i'd love >> to here it so I can update my own procedures (and the article of course) >> >> https://www.dalemacartney.com/2012/12/19/integrating-yubikey-token-details-within-ldap-with-freeipa-and-red-hat-enterprise-linux-6/ >> >> I hope some people find it useful. > > Hi Dale, > what problem do you have adding new schema ? we weren't able to add any objectIdentifier fields... when trying to search for existing schema entries, we received the below output. [root@ds01 ~]# ldapsearch -LLL -h localhost -D "cn=Directory Manager" -x -w redhat123 -b "cn=schema" dn: cn=schema objectClass: top objectClass: ldapSubentry objectClass: subschema cn: schema [root@ds01 ~]# We were trying to use this schema which what created by Michal, however we never managed to get it imported with the objectidentifier values there. dn: cn=yubikey,cn=config objectClass: SchemaConfig cn: yubikey # # YubiKey LDAP schema # # Author: Michal Ludvig <[email protected]> # Consider a small PayPal donation: # http://logix.cz/michal/devel/yubikey-ldap/ # # Common Logix OID structure # <LogixOID>.<Project>.<SNMP/LDAP>.<...> ObjectIdentifier: {0}logixOID 1.3.6.1.4.1.40789 ObjectIdentifier: {1}YubiKeyPrj logixOID:2012.11.1 ObjectIdentifier: {2}YkSNMP YubiKeyPrj:1 ObjectIdentifier: {3}YkLDAP YubiKeyPrj:2 # YubiKey schema sub-tree ObjectIdentifier: {4}YkAttribute YkLDAP:1 ObjectIdentifier: {5}YkObjectClass YkLDAP:2 AttributeTypes: {0}( YkAttribute:1 NAME 'yubiKeyId' DESC 'Yubico YubiKey ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) ObjectClasses: {0}( YkObjectClass:1 NAME 'yubiKeyUser' DESC 'Yubico YubiKey User' SUP top AUXILIARY MAY ( yubiKeyId ) ) we ended up having to settle for dn: cn=schema # attributeTypes: ( 1.3.6.1.4.1.40789.2012.11.1.2.1 NAME 'yubiKeyId' DESC 'Yubico YubiKey ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1 objectClasses: ( 1.3.6.1.4.1.40789.2012.11.1.2.2 NAME 'yubiKeyUser' DESC 'Yubico YubiKey User' SUP top AUXILIARY MAY ( yubiKeyId ) ) Is there any security restrictions on the schema or perhaps something done differently to normal LDAP? Unless of course I'm doing something silly. thoughts? > > > Simo. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQ0cHaAAoJEAJsWS61tB+qwhwQAJF96eCzWsD2RYXZJpu9p2X9 bItiGZ5i1TYwc37CtSKkMaCf1TQzPcSvgCc3dGdUqpLYzO0zbiUmxJBXBCplTaXi J4ETOnkJQ5gheW1LpsCXGmGpX1eDIxC3PjtyjOFHKkFavdpvcxxgdzKhR7w1BK9J vw+QjPBs5DoUDQaihE0DbhEOPkZR2aqFHenI5ozv7ifSWpV3yq/zLpGADRAcOAEh /8FrYCu4GpIMKD7UTAee8U/Mrmekq8z2ZUVn5P1c/QOU41dy6aKMBS7tN6Evgpp6 SFOxX23wWd6ukIh3QSWCcwSOafiF0SQI9B9Ds2SHogf9FToq+R3xfXXM6bDEfU7B FhRQhIeqqUrz9zsj/FeL1rDvXgD7Moynm6x3pBokBEvQlHPdWwQteSzVi841eJg+ +akNxR9pJtvuigTF4md71M0JqBUx+vJVkpIN3SU5u/L2LOud6/d14GcybdIynrC6 FRYfvglR5NuwhcVEZZIn5fZmiROERXtgqqmxy0nTFDpJ1njm80jOH4blmmqtRFGM lumq+0jFDrWCpv4bJIPmlu3xlORSOpp8WcwqzKVS3Ss07owMXXqGmXCpmSxNMdJk 6hfnKvewQrH8Lpf9A8M92hFrvaXfbWp55EmN4VokiQjoFRpS51YjuLYPwMkT/8vA PNDkBUrrn2eUu/41BaNc =yKMg -----END PGP SIGNATURE-----
0xB5B41FAA.asc
Description: application/pgp-keys
0xB5B41FAA.asc.sig
Description: PGP signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
