Hi,
On Wed, 12 Aug 2020 09:00:18 +0200
Theo Buehler <t...@theobuehler.org> wrote:
> On Tue, Aug 11, 2020 at 10:22:51PM -0400, Aisha Tammy wrote:
> > Another bump.
>
> I think this is useful and am ok with this.
>
> Are there any concerns? If not, I'm going to commit it tomorrow.
for an sshPublicKey attribute, there's a “openssh-lpk” schema which
seems to be in common use. It's defined as
# octetString SYNTAX
attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
DESC 'OpenSSH Public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
# printableString SYNTAX yes|no
objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP
top AUXILIARY DESC 'OpenSSH LPK objectclass'
MUST uid
MAY sshPublicKey
)
though there are versions of the “ldapPublicKey” definitions with both
uid and sshPublicKye in the MUST and both in the MAY clause. The
“both MAY” version is imho more flexible.
The original mail proposing bsd.schema seems to have added both
“shadowPassword” and “bsdaccount” more as an afterthought, it seems.
Best regards
Robert
>
> Index: etc/examples/ldapd.conf
> ===================================================================
> RCS file: /cvs/src/etc/examples/ldapd.conf,v
> retrieving revision 1.1
> diff -u -p -u -p -r1.1 ldapd.conf
> --- etc/examples/ldapd.conf 11 Jul 2014 21:20:10 -0000
> 1.1 +++ etc/examples/ldapd.conf 18 May 2018 10:09:45 -0000
> @@ -3,6 +3,7 @@
> schema "/etc/ldap/core.schema"
> schema "/etc/ldap/inetorgperson.schema"
> schema "/etc/ldap/nis.schema"
> +schema "/etc/ldap/bsd.schema"
>
> listen on lo0
> listen on "/var/run/ldapi"
> Index: usr.sbin/ldapd/Makefile
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ldapd/Makefile,v
> retrieving revision 1.15
> diff -u -p -u -p -r1.15 Makefile
> --- usr.sbin/ldapd/Makefile 20 Jan 2017 11:55:08 -0000
> 1.15 +++ usr.sbin/ldapd/Makefile 18 May 2018 10:09:45 -0000
> @@ -17,7 +17,8 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast
> CFLAGS+= -Wsign-compare
> CLEANFILES+= y.tab.h parse.c
>
> -SCHEMA_FILES= core.schema \
> +SCHEMA_FILES= bsd.schema \
> + core.schema \
> inetorgperson.schema \
> nis.schema
>
> Index: usr.sbin/ldapd/schema/bsd.schema
> ===================================================================
> RCS file: usr.sbin/ldapd/schema/bsd.schema
> diff -N usr.sbin/ldapd/schema/bsd.schema
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ usr.sbin/ldapd/schema/bsd.schema 18 May 2018 10:09:45 -0000
> @@ -0,0 +1,17 @@
> +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword'
> + DESC 'POSIX hashed password'
> + EQUALITY caseExactIA5Match
> + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
> +
> +attributetype ( 1.3.6.1.4.1.30155.115.3 NAME 'sshPublicKey'
> + DESC 'SSH public key'
> + EQUALITY caseExactIA5Match
> + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
> +
> +objectclass ( 1.3.6.1.4.1.30155.115.1 NAME 'bsdAccount'
> + SUP top
> + AUXILIARY
> + DESC 'Abstraction of an account with OpenBSD attributes'
> + MUST ( uid )
> + MAY ( shadowPassword $ shadowExpire $ modifyTimestamp $
> userClass $
> + sshPublicKey ))
>
