Re: ldapd: adding bsd.schema
On Thu, 10 Sep 2020 17:03:28 -0400 Aisha Tammy wrote: > On 9/10/20 2:03 AM, Robert Klein wrote: > > On Sat, 5 Sep 2020 18:47:08 -0400 > > Aisha Tammy wrote: > > > >> Sorry for the late reply. > >> > >> On 8/12/20 8:19 AM, Robert Klein wrote: > >>> Hi, > >>> > >>> On Wed, 12 Aug 2020 09:00:18 +0200 > >>> Theo Buehler wrote: > >>> > On Tue, Aug 11, 2020 at 10:22:51PM -0400, Aisha Tammy wrote: > > Another bump. > > I think this is useful and am ok with this. > > Are there any concerns? If not, I'm going to commit it tomorrow. > > >>> > >>> for an sshPublicKey attribute, there's a “openssh-lpk” schema > >>> which seems to be in common use. It's defined as > >>> > >>> # octetString SYNTAX > >>> attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' > >>> DESC 'OpenSSH Public key' > >>> EQUALITY octetStringMatch > >>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) > >>> > >> I prefer the non-octet version mostly because of inconsistent > >> spacing when > >> > >> copy pasting. > > > > IA5Match precludes non-ascii comments. BTW, your version has 'SSH > > public key' as DESC. I suppose it means a 'OpenSSH public key', as > > above, not a RFC4716 public key which wouldn't make much sense in > > OpenBSD context I guess. > > > Haha, I wasn't even aware SSH public key was a different thing >.< > (how do ya'll know/remember these weird RFCs...) Honestly, I like to read. > Updated patch with OpenSSH public key. I'd still prefer octetstring instead of ia5string. Don't care enough though to object if someones willing to ok and commit it. Best regards Robert > > OK? > > Aisha > > > > >> > >> > >> > >>> # printableString SYNTAX yes|no > >>> objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' > >>> SUP top AUXILIARY DESC 'OpenSSH LPK objectclass' > >>> MUST uid > >>> MAY sshPublicKey > >>> ) > >>> > >>> though there are versions of the “ldapPublicKey” definitions with > >>> both uid and sshPublicKye in the MUST and both in the MAY clause. > >>> The “both MAY” version is imho more flexible. > >>> > >>> > >>> The original mail proposing bsd.schema seems to have added both > >>> “shadowPassword” and “bsdaccount” more as an afterthought, it > >>> seems. > >> The bsd account is a bit more flexible than the ldapPublicKey and > >> can be substituted for this. > >> I am fine with moving the `uid` to MAY as well, that would be very > >> nice for virtual user setups, where uid is unimportant and not > >> used. > > > > +1 > > > > > > Best regards > > Robert > > > > > >> > >> I've attached the updated patch which moves uid to MAY. > >> I would really like this to be in 6.8. > >> > >> OK? > >> > >> Thanks, > >> Aisha > >> > >>> > >>> Best regards > >>> Robert > >>> > >>> > > Index: etc/examples/ldapd.conf > === > RCS file: /cvs/src/etc/examples/ldapd.conf,v > retrieving revision 1.1 > diff -u -p -u -p -r1.1 ldapd.conf > --- etc/examples/ldapd.conf 11 Jul 2014 21:20:10 - > 1.1 +++ etc/examples/ldapd.conf 18 May 2018 10:09:45 - > @@ -3,6 +3,7 @@ > schema "/etc/ldap/core.schema" > schema "/etc/ldap/inetorgperson.schema" > schema "/etc/ldap/nis.schema" > +schema "/etc/ldap/bsd.schema" > > listen on lo0 > listen on "/var/run/ldapi" > Index: usr.sbin/ldapd/Makefile > === > RCS file: /cvs/src/usr.sbin/ldapd/Makefile,v > retrieving revision 1.15 > diff -u -p -u -p -r1.15 Makefile > --- usr.sbin/ldapd/Makefile 20 Jan 2017 11:55:08 - > 1.15 +++ usr.sbin/ldapd/Makefile 18 May 2018 10:09:45 > - @@ -17,7 +17,8 @@ CFLAGS+= -Wshadow -Wpointer-arith > -Wcast CFLAGS+= -Wsign-compare > CLEANFILES+=y.tab.h parse.c > > -SCHEMA_FILES= core.schema \ > +SCHEMA_FILES= bsd.schema \ > +core.schema \ > inetorgperson.schema \ > nis.schema > > Index: usr.sbin/ldapd/schema/bsd.schema > === > RCS file: usr.sbin/ldapd/schema/bsd.schema > diff -N usr.sbin/ldapd/schema/bsd.schema > --- /dev/null1 Jan 1970 00:00:00 - > +++ usr.sbin/ldapd/schema/bsd.schema 18 May 2018 10:09:45 > - @@ -0,0 +1,17 @@ > +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword' > +DESC 'POSIX hashed password' > +EQUALITY caseExactIA5Match > +SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > + > +attributetype ( 1.3.6.1.4.1.30155.115.3 NAME 'sshPublicKey' > +DESC 'SSH public key' > +EQUALITY caseExactIA5Match > +SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > + > +objectclass (
Re: ldapd: adding bsd.schema
On 9/10/20 2:03 AM, Robert Klein wrote: > On Sat, 5 Sep 2020 18:47:08 -0400 > Aisha Tammy wrote: > >> Sorry for the late reply. >> >> On 8/12/20 8:19 AM, Robert Klein wrote: >>> Hi, >>> >>> On Wed, 12 Aug 2020 09:00:18 +0200 >>> Theo Buehler wrote: >>> On Tue, Aug 11, 2020 at 10:22:51PM -0400, Aisha Tammy wrote: > Another bump. I think this is useful and am ok with this. Are there any concerns? If not, I'm going to commit it tomorrow. >>> >>> for an sshPublicKey attribute, there's a “openssh-lpk” schema which >>> seems to be in common use. It's defined as >>> >>> # octetString SYNTAX >>> attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' >>> DESC 'OpenSSH Public key' >>> EQUALITY octetStringMatch >>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) >>> >> I prefer the non-octet version mostly because of inconsistent spacing >> when >> >> copy pasting. > > IA5Match precludes non-ascii comments. BTW, your version has 'SSH > public key' as DESC. I suppose it means a 'OpenSSH public key', as > above, not a RFC4716 public key which wouldn't make much sense in > OpenBSD context I guess. > Haha, I wasn't even aware SSH public key was a different thing >.< (how do ya'll know/remember these weird RFCs...) Updated patch with OpenSSH public key. OK? Aisha > >> >> >> >>> # printableString SYNTAX yes|no >>> objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP >>> top AUXILIARY DESC 'OpenSSH LPK objectclass' >>> MUST uid >>> MAY sshPublicKey >>> ) >>> >>> though there are versions of the “ldapPublicKey” definitions with >>> both uid and sshPublicKye in the MUST and both in the MAY clause. >>> The “both MAY” version is imho more flexible. >>> >>> >>> The original mail proposing bsd.schema seems to have added both >>> “shadowPassword” and “bsdaccount” more as an afterthought, it seems. >>> >> The bsd account is a bit more flexible than the ldapPublicKey and can >> be substituted for this. >> I am fine with moving the `uid` to MAY as well, that would be very >> nice for virtual user setups, where uid is unimportant and not used. > > +1 > > > Best regards > Robert > > >> >> I've attached the updated patch which moves uid to MAY. >> I would really like this to be in 6.8. >> >> OK? >> >> Thanks, >> Aisha >> >>> >>> Best regards >>> Robert >>> >>> Index: etc/examples/ldapd.conf === RCS file: /cvs/src/etc/examples/ldapd.conf,v retrieving revision 1.1 diff -u -p -u -p -r1.1 ldapd.conf --- etc/examples/ldapd.conf11 Jul 2014 21:20:10 - 1.1 +++ etc/examples/ldapd.conf18 May 2018 10:09:45 - @@ -3,6 +3,7 @@ schema "/etc/ldap/core.schema" schema "/etc/ldap/inetorgperson.schema" schema "/etc/ldap/nis.schema" +schema "/etc/ldap/bsd.schema" listen on lo0 listen on "/var/run/ldapi" Index: usr.sbin/ldapd/Makefile === RCS file: /cvs/src/usr.sbin/ldapd/Makefile,v retrieving revision 1.15 diff -u -p -u -p -r1.15 Makefile --- usr.sbin/ldapd/Makefile20 Jan 2017 11:55:08 - 1.15 +++ usr.sbin/ldapd/Makefile 18 May 2018 10:09:45 - @@ -17,7 +17,8 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast CFLAGS+= -Wsign-compare CLEANFILES+= y.tab.h parse.c -SCHEMA_FILES= core.schema \ +SCHEMA_FILES= bsd.schema \ + core.schema \ inetorgperson.schema \ nis.schema Index: usr.sbin/ldapd/schema/bsd.schema === RCS file: usr.sbin/ldapd/schema/bsd.schema diff -N usr.sbin/ldapd/schema/bsd.schema --- /dev/null 1 Jan 1970 00:00:00 - +++ usr.sbin/ldapd/schema/bsd.schema 18 May 2018 10:09:45 - @@ -0,0 +1,17 @@ +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword' + DESC 'POSIX hashed password' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.30155.115.3 NAME 'sshPublicKey' + DESC 'SSH public key' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +objectclass ( 1.3.6.1.4.1.30155.115.1 NAME 'bsdAccount' + SUP top + AUXILIARY + DESC 'Abstraction of an account with OpenBSD attributes' + MUST ( uid ) + MAY ( shadowPassword $ shadowExpire $ modifyTimestamp $ userClass $ + sshPublicKey )) >>> >> > diff --git a/etc/examples/ldapd.conf b/etc/examples/ldapd.conf index 1bc6aa462c1..183563d6f9a 100644 --- a/etc/examples/ldapd.conf +++ b/etc/examples/ldapd.conf @@ -3,6 +3,7 @@ schema "/etc/ldap/core.schema" schema "/etc/ldap/inetorgperson.schema" schema "/etc/ldap/nis.schema" +schema
Re: ldapd: adding bsd.schema
On Sat, 5 Sep 2020 18:47:08 -0400 Aisha Tammy wrote: > Sorry for the late reply. > > On 8/12/20 8:19 AM, Robert Klein wrote: > > Hi, > > > > On Wed, 12 Aug 2020 09:00:18 +0200 > > Theo Buehler wrote: > > > >> On Tue, Aug 11, 2020 at 10:22:51PM -0400, Aisha Tammy wrote: > >>> Another bump. > >> > >> I think this is useful and am ok with this. > >> > >> Are there any concerns? If not, I'm going to commit it tomorrow. > > > > for an sshPublicKey attribute, there's a “openssh-lpk” schema which > > seems to be in common use. It's defined as > > > > # octetString SYNTAX > > attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' > > DESC 'OpenSSH Public key' > > EQUALITY octetStringMatch > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) > > > I prefer the non-octet version mostly because of inconsistent spacing > when > > copy pasting. IA5Match precludes non-ascii comments. BTW, your version has 'SSH public key' as DESC. I suppose it means a 'OpenSSH public key', as above, not a RFC4716 public key which wouldn't make much sense in OpenBSD context I guess. > > > > > # printableString SYNTAX yes|no > > objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP > > top AUXILIARY DESC 'OpenSSH LPK objectclass' > > MUST uid > > MAY sshPublicKey > > ) > > > > though there are versions of the “ldapPublicKey” definitions with > > both uid and sshPublicKye in the MUST and both in the MAY clause. > > The “both MAY” version is imho more flexible. > > > > > > The original mail proposing bsd.schema seems to have added both > > “shadowPassword” and “bsdaccount” more as an afterthought, it seems. > > > The bsd account is a bit more flexible than the ldapPublicKey and can > be substituted for this. > I am fine with moving the `uid` to MAY as well, that would be very > nice for virtual user setups, where uid is unimportant and not used. +1 Best regards Robert > > I've attached the updated patch which moves uid to MAY. > I would really like this to be in 6.8. > > OK? > > Thanks, > Aisha > > > > > Best regards > > Robert > > > > > >> > >> Index: etc/examples/ldapd.conf > >> === > >> RCS file: /cvs/src/etc/examples/ldapd.conf,v > >> retrieving revision 1.1 > >> diff -u -p -u -p -r1.1 ldapd.conf > >> --- etc/examples/ldapd.conf11 Jul 2014 21:20:10 - > >> 1.1 +++ etc/examples/ldapd.conf18 May 2018 10:09:45 - > >> @@ -3,6 +3,7 @@ > >> schema "/etc/ldap/core.schema" > >> schema "/etc/ldap/inetorgperson.schema" > >> schema "/etc/ldap/nis.schema" > >> +schema "/etc/ldap/bsd.schema" > >> > >> listen on lo0 > >> listen on "/var/run/ldapi" > >> Index: usr.sbin/ldapd/Makefile > >> === > >> RCS file: /cvs/src/usr.sbin/ldapd/Makefile,v > >> retrieving revision 1.15 > >> diff -u -p -u -p -r1.15 Makefile > >> --- usr.sbin/ldapd/Makefile20 Jan 2017 11:55:08 - > >> 1.15 +++ usr.sbin/ldapd/Makefile 18 May 2018 10:09:45 - > >> @@ -17,7 +17,8 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast > >> CFLAGS+= -Wsign-compare > >> CLEANFILES+= y.tab.h parse.c > >> > >> -SCHEMA_FILES= core.schema \ > >> +SCHEMA_FILES= bsd.schema \ > >> + core.schema \ > >>inetorgperson.schema \ > >>nis.schema > >> > >> Index: usr.sbin/ldapd/schema/bsd.schema > >> === > >> RCS file: usr.sbin/ldapd/schema/bsd.schema > >> diff -N usr.sbin/ldapd/schema/bsd.schema > >> --- /dev/null 1 Jan 1970 00:00:00 - > >> +++ usr.sbin/ldapd/schema/bsd.schema 18 May 2018 10:09:45 > >> - @@ -0,0 +1,17 @@ > >> +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword' > >> + DESC 'POSIX hashed password' > >> + EQUALITY caseExactIA5Match > >> + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > >> + > >> +attributetype ( 1.3.6.1.4.1.30155.115.3 NAME 'sshPublicKey' > >> + DESC 'SSH public key' > >> + EQUALITY caseExactIA5Match > >> + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > >> + > >> +objectclass ( 1.3.6.1.4.1.30155.115.1 NAME 'bsdAccount' > >> + SUP top > >> + AUXILIARY > >> + DESC 'Abstraction of an account with OpenBSD attributes' > >> + MUST ( uid ) > >> + MAY ( shadowPassword $ shadowExpire $ modifyTimestamp $ > >> userClass $ > >> + sshPublicKey )) > >> > > >
Re: ldapd: adding bsd.schema
Sorry for the late reply. On 8/12/20 8:19 AM, Robert Klein wrote: > Hi, > > On Wed, 12 Aug 2020 09:00:18 +0200 > Theo Buehler wrote: > >> On Tue, Aug 11, 2020 at 10:22:51PM -0400, Aisha Tammy wrote: >>> Another bump. >> >> I think this is useful and am ok with this. >> >> Are there any concerns? If not, I'm going to commit it tomorrow. > > for an sshPublicKey attribute, there's a “openssh-lpk” schema which > seems to be in common use. It's defined as > > # octetString SYNTAX > attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' > DESC 'OpenSSH Public key' > EQUALITY octetStringMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) > I prefer the non-octet version mostly because of inconsistent spacing when copy pasting. > # printableString SYNTAX yes|no > objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP > top AUXILIARY DESC 'OpenSSH LPK objectclass' > MUST uid > MAY sshPublicKey > ) > > though there are versions of the “ldapPublicKey” definitions with both > uid and sshPublicKye in the MUST and both in the MAY clause. The > “both MAY” version is imho more flexible. > > > The original mail proposing bsd.schema seems to have added both > “shadowPassword” and “bsdaccount” more as an afterthought, it seems. > The bsd account is a bit more flexible than the ldapPublicKey and can be substituted for this. I am fine with moving the `uid` to MAY as well, that would be very nice for virtual user setups, where uid is unimportant and not used. I've attached the updated patch which moves uid to MAY. I would really like this to be in 6.8. OK? Thanks, Aisha > > Best regards > Robert > > >> >> Index: etc/examples/ldapd.conf >> === >> RCS file: /cvs/src/etc/examples/ldapd.conf,v >> retrieving revision 1.1 >> diff -u -p -u -p -r1.1 ldapd.conf >> --- etc/examples/ldapd.conf 11 Jul 2014 21:20:10 - >> 1.1 +++ etc/examples/ldapd.conf 18 May 2018 10:09:45 - >> @@ -3,6 +3,7 @@ >> schema "/etc/ldap/core.schema" >> schema "/etc/ldap/inetorgperson.schema" >> schema "/etc/ldap/nis.schema" >> +schema "/etc/ldap/bsd.schema" >> >> listen on lo0 >> listen on "/var/run/ldapi" >> Index: usr.sbin/ldapd/Makefile >> === >> RCS file: /cvs/src/usr.sbin/ldapd/Makefile,v >> retrieving revision 1.15 >> diff -u -p -u -p -r1.15 Makefile >> --- usr.sbin/ldapd/Makefile 20 Jan 2017 11:55:08 - >> 1.15 +++ usr.sbin/ldapd/Makefile 18 May 2018 10:09:45 - >> @@ -17,7 +17,8 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast >> CFLAGS+=-Wsign-compare >> CLEANFILES+=y.tab.h parse.c >> >> -SCHEMA_FILES= core.schema \ >> +SCHEMA_FILES= bsd.schema \ >> +core.schema \ >> inetorgperson.schema \ >> nis.schema >> >> Index: usr.sbin/ldapd/schema/bsd.schema >> === >> RCS file: usr.sbin/ldapd/schema/bsd.schema >> diff -N usr.sbin/ldapd/schema/bsd.schema >> --- /dev/null1 Jan 1970 00:00:00 - >> +++ usr.sbin/ldapd/schema/bsd.schema 18 May 2018 10:09:45 - >> @@ -0,0 +1,17 @@ >> +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword' >> +DESC 'POSIX hashed password' >> +EQUALITY caseExactIA5Match >> +SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) >> + >> +attributetype ( 1.3.6.1.4.1.30155.115.3 NAME 'sshPublicKey' >> +DESC 'SSH public key' >> +EQUALITY caseExactIA5Match >> +SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) >> + >> +objectclass ( 1.3.6.1.4.1.30155.115.1 NAME 'bsdAccount' >> +SUP top >> +AUXILIARY >> +DESC 'Abstraction of an account with OpenBSD attributes' >> +MUST ( uid ) >> +MAY ( shadowPassword $ shadowExpire $ modifyTimestamp $ >> userClass $ >> +sshPublicKey )) >> > diff --git a/etc/examples/ldapd.conf b/etc/examples/ldapd.conf index 1bc6aa462c1..183563d6f9a 100644 --- a/etc/examples/ldapd.conf +++ b/etc/examples/ldapd.conf @@ -3,6 +3,7 @@ schema "/etc/ldap/core.schema" schema "/etc/ldap/inetorgperson.schema" schema "/etc/ldap/nis.schema" +schema "/etc/ldap/bsd.schema" listen on lo0 listen on "/var/run/ldapi" diff --git a/usr.sbin/ldapd/Makefile b/usr.sbin/ldapd/Makefile index bf445832576..5af25895787 100644 --- a/usr.sbin/ldapd/Makefile +++ b/usr.sbin/ldapd/Makefile @@ -17,7 +17,8 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast-qual CFLAGS+= -Wsign-compare CLEANFILES+= y.tab.h parse.c -SCHEMA_FILES= core.schema \ +SCHEMA_FILES= bsd.schema \ + core.schema \ inetorgperson.schema \ nis.schema diff --git a/usr.sbin/ldapd/schema/bsd.schema b/usr.sbin/ldapd/schema/bsd.schema new file mode 100644 index 000..d14fcfe7456 --- /dev/null +++ b/usr.sbin/ldapd/schema/bsd.schema @@ -0,0 +1,16 @@ +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword' + DESC 'POSIX hashed password' + EQUALITY
Re: ldapd: adding bsd.schema
Hi, On Wed, 12 Aug 2020 09:00:18 +0200 Theo Buehler wrote: > On Tue, Aug 11, 2020 at 10:22:51PM -0400, Aisha Tammy wrote: > > Another bump. > > I think this is useful and am ok with this. > > Are there any concerns? If not, I'm going to commit it tomorrow. for an sshPublicKey attribute, there's a “openssh-lpk” schema which seems to be in common use. It's defined as # octetString SYNTAX attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DESC 'OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) # printableString SYNTAX yes|no objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'OpenSSH LPK objectclass' MUST uid MAY sshPublicKey ) though there are versions of the “ldapPublicKey” definitions with both uid and sshPublicKye in the MUST and both in the MAY clause. The “both MAY” version is imho more flexible. The original mail proposing bsd.schema seems to have added both “shadowPassword” and “bsdaccount” more as an afterthought, it seems. Best regards Robert > > Index: etc/examples/ldapd.conf > === > RCS file: /cvs/src/etc/examples/ldapd.conf,v > retrieving revision 1.1 > diff -u -p -u -p -r1.1 ldapd.conf > --- etc/examples/ldapd.conf 11 Jul 2014 21:20:10 - > 1.1 +++ etc/examples/ldapd.conf 18 May 2018 10:09:45 - > @@ -3,6 +3,7 @@ > schema "/etc/ldap/core.schema" > schema "/etc/ldap/inetorgperson.schema" > schema "/etc/ldap/nis.schema" > +schema "/etc/ldap/bsd.schema" > > listen on lo0 > listen on "/var/run/ldapi" > Index: usr.sbin/ldapd/Makefile > === > RCS file: /cvs/src/usr.sbin/ldapd/Makefile,v > retrieving revision 1.15 > diff -u -p -u -p -r1.15 Makefile > --- usr.sbin/ldapd/Makefile 20 Jan 2017 11:55:08 - > 1.15 +++ usr.sbin/ldapd/Makefile 18 May 2018 10:09:45 - > @@ -17,7 +17,8 @@ CFLAGS+=-Wshadow -Wpointer-arith -Wcast > CFLAGS+= -Wsign-compare > CLEANFILES+= y.tab.h parse.c > > -SCHEMA_FILES=core.schema \ > +SCHEMA_FILES=bsd.schema \ > + core.schema \ > inetorgperson.schema \ > nis.schema > > Index: usr.sbin/ldapd/schema/bsd.schema > === > RCS file: usr.sbin/ldapd/schema/bsd.schema > diff -N usr.sbin/ldapd/schema/bsd.schema > --- /dev/null 1 Jan 1970 00:00:00 - > +++ usr.sbin/ldapd/schema/bsd.schema 18 May 2018 10:09:45 - > @@ -0,0 +1,17 @@ > +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword' > + DESC 'POSIX hashed password' > + EQUALITY caseExactIA5Match > + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > + > +attributetype ( 1.3.6.1.4.1.30155.115.3 NAME 'sshPublicKey' > + DESC 'SSH public key' > + EQUALITY caseExactIA5Match > + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > + > +objectclass ( 1.3.6.1.4.1.30155.115.1 NAME 'bsdAccount' > + SUP top > + AUXILIARY > + DESC 'Abstraction of an account with OpenBSD attributes' > + MUST ( uid ) > + MAY ( shadowPassword $ shadowExpire $ modifyTimestamp $ > userClass $ > + sshPublicKey )) >
Re: ldapd: adding bsd.schema
On Tue, Aug 11, 2020 at 10:22:51PM -0400, Aisha Tammy wrote: > Another bump. I think this is useful and am ok with this. Are there any concerns? If not, I'm going to commit it tomorrow. Index: etc/examples/ldapd.conf === RCS file: /cvs/src/etc/examples/ldapd.conf,v retrieving revision 1.1 diff -u -p -u -p -r1.1 ldapd.conf --- etc/examples/ldapd.conf 11 Jul 2014 21:20:10 - 1.1 +++ etc/examples/ldapd.conf 18 May 2018 10:09:45 - @@ -3,6 +3,7 @@ schema "/etc/ldap/core.schema" schema "/etc/ldap/inetorgperson.schema" schema "/etc/ldap/nis.schema" +schema "/etc/ldap/bsd.schema" listen on lo0 listen on "/var/run/ldapi" Index: usr.sbin/ldapd/Makefile === RCS file: /cvs/src/usr.sbin/ldapd/Makefile,v retrieving revision 1.15 diff -u -p -u -p -r1.15 Makefile --- usr.sbin/ldapd/Makefile 20 Jan 2017 11:55:08 - 1.15 +++ usr.sbin/ldapd/Makefile 18 May 2018 10:09:45 - @@ -17,7 +17,8 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast CFLAGS+= -Wsign-compare CLEANFILES+= y.tab.h parse.c -SCHEMA_FILES= core.schema \ +SCHEMA_FILES= bsd.schema \ + core.schema \ inetorgperson.schema \ nis.schema Index: usr.sbin/ldapd/schema/bsd.schema === RCS file: usr.sbin/ldapd/schema/bsd.schema diff -N usr.sbin/ldapd/schema/bsd.schema --- /dev/null 1 Jan 1970 00:00:00 - +++ usr.sbin/ldapd/schema/bsd.schema18 May 2018 10:09:45 - @@ -0,0 +1,17 @@ +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword' + DESC 'POSIX hashed password' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.30155.115.3 NAME 'sshPublicKey' + DESC 'SSH public key' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +objectclass ( 1.3.6.1.4.1.30155.115.1 NAME 'bsdAccount' + SUP top + AUXILIARY + DESC 'Abstraction of an account with OpenBSD attributes' + MUST ( uid ) + MAY ( shadowPassword $ shadowExpire $ modifyTimestamp $ userClass $ + sshPublicKey ))
Re: ldapd: adding bsd.schema
On 8/2/20 9:34 AM, Aisha Tammy wrote: > On 7/26/20 5:25 PM, Aisha Tammy wrote: >> On 7/26/20 5:21 PM, Aisha Tammy wrote: >>> Hi, >>> Am reviving an old thread from >>> https://marc.info/?l=openbsd-tech=152663835315469=4 >>> (i did cc reyk@ sorry if it is noise) >>> >>> For some reason seems like the patch didn't go through... >>> >>> I am reattaching it here, maybe someone can take a look and >>> see if it can be merged ? >>> Getting sshPublicKey would be really nice! >>> >>> Aisha >>> >> >> >> reattaching it because thunderbird >> > > Bump, can anyone see if this is fine ? > > Thanks, > Aisha > Another bump. Aisha
Re: ldapd: adding bsd.schema
On 7/26/20 5:25 PM, Aisha Tammy wrote: > On 7/26/20 5:21 PM, Aisha Tammy wrote: >> Hi, >> Am reviving an old thread from >> https://marc.info/?l=openbsd-tech=152663835315469=4 >> (i did cc reyk@ sorry if it is noise) >> >> For some reason seems like the patch didn't go through... >> >> I am reattaching it here, maybe someone can take a look and >> see if it can be merged ? >> Getting sshPublicKey would be really nice! >> >> Aisha >> > > > reattaching it because thunderbird > Bump, can anyone see if this is fine ? Thanks, Aisha
Re: ldapd: adding bsd.schema
On 7/26/20 5:21 PM, Aisha Tammy wrote: > Hi, > Am reviving an old thread from > https://marc.info/?l=openbsd-tech=152663835315469=4 > (i did cc reyk@ sorry if it is noise) > > For some reason seems like the patch didn't go through... > > I am reattaching it here, maybe someone can take a look and > see if it can be merged ? > Getting sshPublicKey would be really nice! > > Aisha > reattaching it because thunderbird Index: etc/examples/ldapd.conf === RCS file: /cvs/src/etc/examples/ldapd.conf,v retrieving revision 1.1 diff -u -p -u -p -r1.1 ldapd.conf --- etc/examples/ldapd.conf 11 Jul 2014 21:20:10 - 1.1 +++ etc/examples/ldapd.conf 18 May 2018 10:09:45 - @@ -3,6 +3,7 @@ schema "/etc/ldap/core.schema" schema "/etc/ldap/inetorgperson.schema" schema "/etc/ldap/nis.schema" +schema "/etc/ldap/bsd.schema" listen on lo0 listen on "/var/run/ldapi" Index: usr.sbin/ldapd/Makefile === RCS file: /cvs/src/usr.sbin/ldapd/Makefile,v retrieving revision 1.15 diff -u -p -u -p -r1.15 Makefile --- usr.sbin/ldapd/Makefile 20 Jan 2017 11:55:08 - 1.15 +++ usr.sbin/ldapd/Makefile 18 May 2018 10:09:45 - @@ -17,7 +17,8 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast CFLAGS+= -Wsign-compare CLEANFILES+= y.tab.h parse.c -SCHEMA_FILES= core.schema \ +SCHEMA_FILES= bsd.schema \ + core.schema \ inetorgperson.schema \ nis.schema Index: usr.sbin/ldapd/schema/bsd.schema === RCS file: usr.sbin/ldapd/schema/bsd.schema diff -N usr.sbin/ldapd/schema/bsd.schema --- /dev/null 1 Jan 1970 00:00:00 - +++ usr.sbin/ldapd/schema/bsd.schema 18 May 2018 10:09:45 - @@ -0,0 +1,17 @@ +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword' + DESC 'POSIX hashed password' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.30155.115.3 NAME 'sshPublicKey' + DESC 'SSH public key' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +objectclass ( 1.3.6.1.4.1.30155.115.1 NAME 'bsdAccount' + SUP top + AUXILIARY + DESC 'Abstraction of an account with OpenBSD attributes' + MUST ( uid ) + MAY ( shadowPassword $ shadowExpire $ modifyTimestamp $ userClass $ + sshPublicKey ))
ldapd: adding bsd.schema
Hi, Am reviving an old thread from https://marc.info/?l=openbsd-tech=152663835315469=4 (i did cc reyk@ sorry if it is noise) For some reason seems like the patch didn't go through... I am reattaching it here, maybe someone can take a look and see if it can be merged ? Getting sshPublicKey would be really nice! Aisha Index: etc/examples/ldapd.conf === RCS file: /cvs/src/etc/examples/ldapd.conf,v retrieving revision 1.1 diff -u -p -u -p -r1.1 ldapd.conf --- etc/examples/ldapd.conf 11 Jul 2014 21:20:10 - 1.1 +++ etc/examples/ldapd.conf 18 May 2018 10:09:45 - @@ -3,6 +3,7 @@ schema "/etc/ldap/core.schema" schema "/etc/ldap/inetorgperson.schema" schema "/etc/ldap/nis.schema" +schema "/etc/ldap/bsd.schema" listen on lo0 listen on "/var/run/ldapi" Index: usr.sbin/ldapd/Makefile === RCS file: /cvs/src/usr.sbin/ldapd/Makefile,v retrieving revision 1.15 diff -u -p -u -p -r1.15 Makefile --- usr.sbin/ldapd/Makefile 20 Jan 2017 11:55:08 - 1.15 +++ usr.sbin/ldapd/Makefile 18 May 2018 10:09:45 - @@ -17,7 +17,8 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast CFLAGS+= -Wsign-compare CLEANFILES+= y.tab.h parse.c -SCHEMA_FILES= core.schema \ +SCHEMA_FILES= bsd.schema \ + core.schema \ inetorgperson.schema \ nis.schema Index: usr.sbin/ldapd/schema/bsd.schema === RCS file: usr.sbin/ldapd/schema/bsd.schema diff -N usr.sbin/ldapd/schema/bsd.schema --- /dev/null 1 Jan 1970 00:00:00 - +++ usr.sbin/ldapd/schema/bsd.schema18 May 2018 10:09:45 - @@ -0,0 +1,17 @@ +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword' + DESC 'POSIX hashed password' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.30155.115.3 NAME 'sshPublicKey' + DESC 'SSH public key' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +objectclass ( 1.3.6.1.4.1.30155.115.1 NAME 'bsdAccount' + SUP top + AUXILIARY + DESC 'Abstraction of an account with OpenBSD attributes' + MUST ( uid ) + MAY ( shadowPassword $ shadowExpire $ modifyTimestamp $ userClass $ + sshPublicKey ))