Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 924787 Details for
Bug 1127270
sssd connect to ipa-server is long
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
ldap.log for KRB5_TRACE=/dev/stderr ldapsearch -Y GSSAPI
ldap.log (text/x-log), 83.19 KB, created by
David Spurek
on 2014-08-07 08:28:55 UTC
(
hide
)
Description:
ldap.log for KRB5_TRACE=/dev/stderr ldapsearch -Y GSSAPI
Filename:
MIME Type:
Creator:
David Spurek
Created:
2014-08-07 08:28:55 UTC
Size:
83.19 KB
patch
obsolete
>SASL/GSSAPI authentication started >SASL username: admin@TESTREALM >SASL SSF: 56 >SASL data security layer installed. ># extended LDIF ># ># LDAPv3 ># base <dc=testrealm> (default) with scope subtree ># filter: (objectclass=*) ># requesting: ALL ># > ># compat, testrealm >dn: cn=compat,dc=testrealm >objectClass: extensibleObject >cn: compat > ># computers, compat, testrealm >dn: cn=computers,cn=compat,dc=testrealm >objectClass: extensibleObject >cn: computers > ># groups, compat, testrealm >dn: cn=groups,cn=compat,dc=testrealm >objectClass: extensibleObject >cn: groups > ># tuser2, groups, compat, testrealm >dn: cn=tuser2,cn=groups,cn=compat,dc=testrealm >objectClass: posixGroup >objectClass: top >gidNumber: 964600001 >cn: tuser2 > ># editors, groups, compat, testrealm >dn: cn=editors,cn=groups,cn=compat,dc=testrealm >objectClass: posixGroup >objectClass: top >gidNumber: 964600002 >cn: editors > ># admins, groups, compat, testrealm >dn: cn=admins,cn=groups,cn=compat,dc=testrealm >objectClass: posixGroup >objectClass: top >gidNumber: 964600000 >memberUid: admin >cn: admins > ># ng, compat, testrealm >dn: cn=ng,cn=compat,dc=testrealm >objectClass: extensibleObject >cn: ng > ># hostgrp1, ng, compat, testrealm >dn: cn=hostgrp1,cn=ng,cn=compat,dc=testrealm >objectClass: nisNetgroup >objectClass: top >nisNetgroupTriple: (x86-64-v08.lab.eng.brq.redhat.com,-,lab.eng.brq.redhat.com > ) >cn: hostgrp1 > ># users, compat, testrealm >dn: cn=users,cn=compat,dc=testrealm >objectClass: extensibleObject >cn: users > ># tuser2, users, compat, testrealm >dn: uid=tuser2,cn=users,cn=compat,dc=testrealm >objectClass: posixAccount >objectClass: top >gecos: tuser2 >cn: tuser2 >uidNumber: 964600001 >gidNumber: 964600001 >loginShell: /bin/sh >homeDirectory: /home/tuser2 >uid: tuser2 > ># admin, users, compat, testrealm >dn: uid=admin,cn=users,cn=compat,dc=testrealm >objectClass: posixAccount >objectClass: top >gecos: Administrator >cn: Administrator >uidNumber: 964600000 >gidNumber: 964600000 >loginShell: /bin/bash >homeDirectory: /home/admin >uid: admin > ># sudoers, testrealm >dn: ou=sudoers,dc=testrealm >objectClass: extensibleObject >ou: sudoers > ># sudorule1, sudoers, testrealm >dn: cn=sudorule1,ou=sudoers,dc=testrealm >objectClass: sudoRole >sudoUser: tuser2 >sudoHost: +hostgrp1 >sudoCommand: /bin/date >cn: sudorule1 > ># testrealm >dn: dc=testrealm >objectClass: top >objectClass: domain >objectClass: pilotObject >objectClass: domainRelatedObject >objectClass: nisDomainObject >dc: testrealm >info: IPA V2.0 >nisDomain: lab.eng.brq.redhat.com >associatedDomain: lab.eng.brq.redhat.com > ># accounts, testrealm >dn: cn=accounts,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: accounts > ># users, accounts, testrealm >dn: cn=users,cn=accounts,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: users > ># groups, accounts, testrealm >dn: cn=groups,cn=accounts,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: groups > ># services, accounts, testrealm >dn: cn=services,cn=accounts,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: services > ># computers, accounts, testrealm >dn: cn=computers,cn=accounts,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: computers > ># hostgroups, accounts, testrealm >dn: cn=hostgroups,cn=accounts,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: hostgroups > ># alt, testrealm >dn: cn=alt,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: alt > ># ng, alt, testrealm >dn: cn=ng,cn=alt,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: ng > ># automount, testrealm >dn: cn=automount,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: automount > ># default, automount, testrealm >dn: cn=default,cn=automount,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: default > ># auto.master, default, automount, testrealm >dn: automountmapname=auto.master,cn=default,cn=automount,dc=testrealm >objectClass: automountMap >objectClass: top >automountMapName: auto.master > ># auto.direct, default, automount, testrealm >dn: automountmapname=auto.direct,cn=default,cn=automount,dc=testrealm >objectClass: automountMap >objectClass: top >automountMapName: auto.direct > ># /- auto.direct, auto.master, default, automount, testrealm >dn: description=/- auto.direct,automountmapname=auto.master,cn=default,cn=auto > mount,dc=testrealm >objectClass: automount >objectClass: top >automountKey: /- >automountInformation: auto.direct >description: /- auto.direct > ># hbac, testrealm >dn: cn=hbac,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: hbac > ># hbacservices, hbac, testrealm >dn: cn=hbacservices,cn=hbac,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: hbacservices > ># hbacservicegroups, hbac, testrealm >dn: cn=hbacservicegroups,cn=hbac,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: hbacservicegroups > ># sudo, testrealm >dn: cn=sudo,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: sudo > ># sudocmds, sudo, testrealm >dn: cn=sudocmds,cn=sudo,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: sudocmds > ># sudocmdgroups, sudo, testrealm >dn: cn=sudocmdgroups,cn=sudo,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: sudocmdgroups > ># sudorules, sudo, testrealm >dn: cn=sudorules,cn=sudo,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: sudorules > ># etc, testrealm >dn: cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: etc > ># sysaccounts, etc, testrealm >dn: cn=sysaccounts,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: sysaccounts > ># ipa, etc, testrealm >dn: cn=ipa,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: ipa > ># masters, ipa, etc, testrealm >dn: cn=masters,cn=ipa,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: masters > ># replicas, ipa, etc, testrealm >dn: cn=replicas,cn=ipa,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: replicas > ># dna, ipa, etc, testrealm >dn: cn=dna,cn=ipa,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: dna > ># posix-ids, dna, ipa, etc, testrealm >dn: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: posix-ids > ># ca_renewal, ipa, etc, testrealm >dn: cn=ca_renewal,cn=ipa,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: ca_renewal > ># s4u2proxy, etc, testrealm >dn: cn=s4u2proxy,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: s4u2proxy > ># ipa-http-delegation, s4u2proxy, etc, testrealm >dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=testrealm >objectClass: ipaKrb5DelegationACL >objectClass: groupOfPrincipals >objectClass: top >cn: ipa-http-delegation >memberPrincipal: HTTP/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM >ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=testre > alm >ipaAllowedTarget: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=testre > alm > ># ipa-ldap-delegation-targets, s4u2proxy, etc, testrealm >dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=testrealm >objectClass: groupOfPrincipals >objectClass: top >cn: ipa-ldap-delegation-targets >memberPrincipal: ldap/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM > ># ipa-cifs-delegation-targets, s4u2proxy, etc, testrealm >dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=testrealm >objectClass: groupOfPrincipals >objectClass: top >cn: ipa-cifs-delegation-targets > ># admin, users, accounts, testrealm >dn: uid=admin,cn=users,cn=accounts,dc=testrealm >objectClass: top >objectClass: person >objectClass: posixaccount >objectClass: krbprincipalaux >objectClass: krbticketpolicyaux >objectClass: inetuser >objectClass: ipaobject >objectClass: ipasshuser >objectClass: ipaSshGroupOfPubKeys >uid: admin >krbPrincipalName: admin@TESTREALM >cn: Administrator >sn: Administrator >uidNumber: 964600000 >gidNumber: 964600000 >homeDirectory: /home/admin >loginShell: /bin/bash >gecos: Administrator >ipaUniqueID: 4d148a80-1e03-11e4-bccb-5254007acf68 >memberOf: cn=admins,cn=groups,cn=accounts,dc=testrealm >memberOf: cn=replication administrators,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=add replication agreements,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify replication agreements,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove replication agreements,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=host enrollment,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=manage host keytab,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=enroll a host,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add krbprincipalname to a host,cn=permissions,cn=pbac,dc=testreal > m >memberOf: cn=unlock user accounts,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage service keytab,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=trust admins,cn=groups,cn=accounts,dc=testrealm >krbLastPwdChange: 20140807072502Z >krbPasswordExpiration: 20141105072502Z >krbExtraData:: AALOKeNTcm9vdC9hZG1pbkBURVNUUkVBTE0A >krbLastSuccessfulAuth: 20140807073310Z > ># admins, groups, accounts, testrealm >dn: cn=admins,cn=groups,cn=accounts,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: posixgroup >objectClass: ipausergroup >objectClass: ipaobject >objectClass: nestedGroup >cn: admins >description: Account administrators group >gidNumber: 964600000 >member: uid=admin,cn=users,cn=accounts,dc=testrealm >ipaUniqueID: 4d5510a0-1e03-11e4-81fe-5254007acf68 >memberOf: cn=replication administrators,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=add replication agreements,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify replication agreements,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove replication agreements,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=host enrollment,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=manage host keytab,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=enroll a host,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add krbprincipalname to a host,cn=permissions,cn=pbac,dc=testreal > m >memberOf: cn=unlock user accounts,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage service keytab,cn=permissions,cn=pbac,dc=testrealm > ># ipausers, groups, accounts, testrealm >dn: cn=ipausers,cn=groups,cn=accounts,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >objectClass: ipausergroup >objectClass: ipaobject >description: Default group for all users >cn: ipausers >ipaUniqueID: 4d621fac-1e03-11e4-9018-5254007acf68 >member: uid=tuser2,cn=users,cn=accounts,dc=testrealm > ># editors, groups, accounts, testrealm >dn: cn=editors,cn=groups,cn=accounts,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: posixgroup >objectClass: ipausergroup >objectClass: ipaobject >objectClass: nestedGroup >gidNumber: 964600002 >description: Limited admins who can edit other users >cn: editors >ipaUniqueID: 4d68a912-1e03-11e4-aa01-5254007acf68 > ># sshd, hbacservices, hbac, testrealm >dn: cn=sshd,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: sshd >description: sshd >ipaUniqueID: 4d717628-1e03-11e4-a65a-5254007acf68 > ># ftp, hbacservices, hbac, testrealm >dn: cn=ftp,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: ftp >description: ftp >ipaUniqueID: 4d76f8a0-1e03-11e4-84eb-5254007acf68 >memberOf: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=testrealm > ># su, hbacservices, hbac, testrealm >dn: cn=su,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: su >description: su >ipaUniqueID: 4d7c724e-1e03-11e4-8b56-5254007acf68 > ># login, hbacservices, hbac, testrealm >dn: cn=login,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: login >description: login >ipaUniqueID: 4d7d71f8-1e03-11e4-95e1-5254007acf68 > ># su-l, hbacservices, hbac, testrealm >dn: cn=su-l,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: su-l >description: su with login shell >ipaUniqueID: 4d991462-1e03-11e4-ace9-5254007acf68 > ># sudo, hbacservices, hbac, testrealm >dn: cn=sudo,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: sudo >description: sudo >ipaUniqueID: 4d9a74ec-1e03-11e4-9c3b-5254007acf68 >memberOf: cn=sudo,cn=hbacservicegroups,cn=hbac,dc=testrealm > ># sudo-i, hbacservices, hbac, testrealm >dn: cn=sudo-i,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: sudo-i >description: sudo-i >ipaUniqueID: 4da517bc-1e03-11e4-bc40-5254007acf68 >memberOf: cn=sudo,cn=hbacservicegroups,cn=hbac,dc=testrealm > ># gdm, hbacservices, hbac, testrealm >dn: cn=gdm,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: gdm >description: gdm >ipaUniqueID: 4daf9994-1e03-11e4-9533-5254007acf68 > ># gdm-password, hbacservices, hbac, testrealm >dn: cn=gdm-password,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: gdm-password >description: gdm-password >ipaUniqueID: 4db0594c-1e03-11e4-9c3d-5254007acf68 > ># kdm, hbacservices, hbac, testrealm >dn: cn=kdm,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: kdm >description: kdm >ipaUniqueID: 4db506a4-1e03-11e4-a78c-5254007acf68 > ># Sudo, hbacservicegroups, hbac, testrealm >dn: cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=testrealm >objectClass: ipaobject >objectClass: ipahbacservicegroup >objectClass: nestedGroup >objectClass: groupOfNames >objectClass: top >cn: Sudo >description: Default group of Sudo related services >member: cn=sudo,cn=hbacservices,cn=hbac,dc=testrealm >member: cn=sudo-i,cn=hbacservices,cn=hbac,dc=testrealm >ipaUniqueID: 4db7d852-1e03-11e4-a517-5254007acf68 > ># ipaConfig, etc, testrealm >dn: cn=ipaConfig,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >objectClass: ipaGuiConfig >objectClass: ipaConfigObject >ipaUserSearchFields: uid,givenname,sn,telephonenumber,ou,title >ipaGroupSearchFields: cn,description >ipaSearchTimeLimit: 2 >ipaSearchRecordsLimit: 100 >ipaHomesRootDir: /home >ipaDefaultLoginShell: /bin/sh >ipaDefaultPrimaryGroup: ipausers >ipaMaxUsernameLength: 32 >ipaPwdExpAdvNotify: 4 >ipaGroupObjectClasses: top >ipaGroupObjectClasses: groupofnames >ipaGroupObjectClasses: nestedgroup >ipaGroupObjectClasses: ipausergroup >ipaGroupObjectClasses: ipaobject >ipaUserObjectClasses: top >ipaUserObjectClasses: person >ipaUserObjectClasses: organizationalperson >ipaUserObjectClasses: inetorgperson >ipaUserObjectClasses: inetuser >ipaUserObjectClasses: posixaccount >ipaUserObjectClasses: krbprincipalaux >ipaUserObjectClasses: krbticketpolicyaux >ipaUserObjectClasses: ipaobject >ipaUserObjectClasses: ipasshuser >ipaDefaultEmailDomain: lab.eng.brq.redhat.com >ipaMigrationEnabled: FALSE >ipaConfigString: AllowNThash >ipaSELinuxUserMapOrder: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c102 > 3$unconfined_u:s0-s0:c0.c1023 >ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023 >cn: ipaConfig >ipaCertificateSubjectBase: O=TESTREALM >ipaKrbAuthzData: MS-PAC > ># cosTemplates, accounts, testrealm >dn: cn=cosTemplates,cn=accounts,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: cosTemplates > ># selinux, testrealm >dn: cn=selinux,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: selinux > ># usermap, selinux, testrealm >dn: cn=usermap,cn=selinux,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: usermap > ># ranges, etc, testrealm >dn: cn=ranges,cn=etc,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: ranges > ># TESTREALM_id_range, ranges, etc, testrealm >dn: cn=TESTREALM_id_range,cn=ranges,cn=etc,dc=testrealm >objectClass: top >objectClass: ipaIDrange >objectClass: ipaDomainIDRange >cn: TESTREALM_id_range >ipaBaseID: 964600000 >ipaIDRangeSize: 200000 > ># roles, accounts, testrealm >dn: cn=roles,cn=accounts,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: roles > ># pbac, testrealm >dn: cn=pbac,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: pbac > ># privileges, pbac, testrealm >dn: cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: privileges > ># permissions, pbac, testrealm >dn: cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: permissions > ># helpdesk, roles, accounts, testrealm >dn: cn=helpdesk,cn=roles,cn=accounts,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: helpdesk >description: Helpdesk >memberOf: cn=modify group membership,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=modify group membership,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify users and reset passwords,cn=privileges,cn=pbac,dc=testrea > lm >memberOf: cn=change a user password,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify users,cn=permissions,cn=pbac,dc=testrealm > ># User Administrators, privileges, pbac, testrealm >dn: cn=User Administrators,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: User Administrators >description: User Administrators >memberOf: cn=add users,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=change a user password,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add user to default group,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=unlock user accounts,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove users,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify users,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage user ssh public keys,cn=permissions,cn=pbac,dc=testrealm >member: cn=User Administrator,cn=roles,cn=accounts,dc=testrealm > ># Group Administrators, privileges, pbac, testrealm >dn: cn=Group Administrators,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: Group Administrators >description: Group Administrators >memberOf: cn=add groups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove groups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify groups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify group membership,cn=permissions,cn=pbac,dc=testrealm >member: cn=User Administrator,cn=roles,cn=accounts,dc=testrealm > ># Host Administrators, privileges, pbac, testrealm >dn: cn=Host Administrators,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: Host Administrators >description: Host Administrators >memberOf: cn=add hosts,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove hosts,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify hosts,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage host ssh public keys,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage host keytab,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=enroll a host,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add krbprincipalname to a host,cn=permissions,cn=pbac,dc=testreal > m >member: cn=IT Specialist,cn=roles,cn=accounts,dc=testrealm > ># Host Group Administrators, privileges, pbac, testrealm >dn: cn=Host Group Administrators,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: Host Group Administrators >description: Host Group Administrators >memberOf: cn=add hostgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove hostgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify hostgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify hostgroup membership,cn=permissions,cn=pbac,dc=testrealm >member: cn=IT Specialist,cn=roles,cn=accounts,dc=testrealm > ># Delegation Administrator, privileges, pbac, testrealm >dn: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: Delegation Administrator >description: Role administration >memberOf: cn=add roles,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove roles,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify roles,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify role membership,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify privilege membership,cn=permissions,cn=pbac,dc=testrealm >member: cn=Security Architect,cn=roles,cn=accounts,dc=testrealm > ># Service Administrators, privileges, pbac, testrealm >dn: cn=Service Administrators,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: Service Administrators >description: Service Administrators >memberOf: cn=add services,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove services,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify services,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage service keytab,cn=permissions,cn=pbac,dc=testrealm >member: cn=IT Specialist,cn=roles,cn=accounts,dc=testrealm > ># Automount Administrators, privileges, pbac, testrealm >dn: cn=Automount Administrators,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: Automount Administrators >description: Automount Administrators >memberOf: cn=add automount maps,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove automount maps,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify automount maps,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add automount keys,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify automount keys,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove automount keys,cn=permissions,cn=pbac,dc=testrealm >member: cn=IT Specialist,cn=roles,cn=accounts,dc=testrealm > ># Netgroups Administrators, privileges, pbac, testrealm >dn: cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: Netgroups Administrators >description: Netgroups Administrators >memberOf: cn=add netgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove netgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify netgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify netgroup membership,cn=permissions,cn=pbac,dc=testrealm >member: cn=IT Security Specialist,cn=roles,cn=accounts,dc=testrealm > ># Certificate Administrators, privileges, pbac, testrealm >dn: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: Certificate Administrators >description: Certificate Administrators >memberOf: cn=retrieve certificates from the ca,cn=permissions,cn=pbac,dc=testr > ealm >memberOf: cn=request certificate,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=request certificates from a different host,cn=permissions,cn=pbac > ,dc=testrealm >memberOf: cn=get certificates status from the ca,cn=permissions,cn=pbac,dc=tes > trealm >memberOf: cn=revoke certificate,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=certificate remove hold,cn=permissions,cn=pbac,dc=testrealm > ># Replication Administrators, privileges, pbac, testrealm >dn: cn=Replication Administrators,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: Replication Administrators >description: Replication Administrators >member: cn=admins,cn=groups,cn=accounts,dc=testrealm >member: cn=Security Architect,cn=roles,cn=accounts,dc=testrealm >memberOf: cn=add replication agreements,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify replication agreements,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove replication agreements,cn=permissions,cn=pbac,dc=testrealm > ># Host Enrollment, privileges, pbac, testrealm >dn: cn=Host Enrollment,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: Host Enrollment >description: Host Enrollment >memberOf: cn=manage host keytab,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=enroll a host,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add krbprincipalname to a host,cn=permissions,cn=pbac,dc=testreal > m >member: cn=admins,cn=groups,cn=accounts,dc=testrealm > ># Add Users, permissions, pbac, testrealm >dn: cn=Add Users,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Add Users >member: cn=User Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Change a user password, permissions, pbac, testrealm >dn: cn=Change a user password,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Change a user password >member: cn=User Administrators,cn=privileges,cn=pbac,dc=testrealm >member: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=testrealm > ># Add user to default group, permissions, pbac, testrealm >dn: cn=Add user to default group,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Add user to default group >member: cn=User Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Unlock user accounts, permissions, pbac, testrealm >dn: cn=Unlock user accounts,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Unlock user accounts >member: cn=User Administrators,cn=privileges,cn=pbac,dc=testrealm >member: cn=admins,cn=groups,cn=accounts,dc=testrealm > ># Remove Users, permissions, pbac, testrealm >dn: cn=Remove Users,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Remove Users >member: cn=User Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify Users, permissions, pbac, testrealm >dn: cn=Modify Users,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Users >member: cn=User Administrators,cn=privileges,cn=pbac,dc=testrealm >member: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=testrealm > ># Manage User SSH Public Keys, permissions, pbac, testrealm >dn: cn=Manage User SSH Public Keys,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Manage User SSH Public Keys >member: cn=User Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Add Groups, permissions, pbac, testrealm >dn: cn=Add Groups,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Add Groups >member: cn=Group Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Remove Groups, permissions, pbac, testrealm >dn: cn=Remove Groups,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Remove Groups >member: cn=Group Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify Groups, permissions, pbac, testrealm >dn: cn=Modify Groups,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Groups >member: cn=Group Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify Group membership, permissions, pbac, testrealm >dn: cn=Modify Group membership,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Group membership >member: cn=Group Administrators,cn=privileges,cn=pbac,dc=testrealm >member: cn=Modify Group membership,cn=privileges,cn=pbac,dc=testrealm > ># Add Hosts, permissions, pbac, testrealm >dn: cn=Add Hosts,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Add Hosts >member: cn=Host Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Remove Hosts, permissions, pbac, testrealm >dn: cn=Remove Hosts,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Remove Hosts >member: cn=Host Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify Hosts, permissions, pbac, testrealm >dn: cn=Modify Hosts,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Hosts >member: cn=Host Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Manage Host SSH Public Keys, permissions, pbac, testrealm >dn: cn=Manage Host SSH Public Keys,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Manage Host SSH Public Keys >member: cn=Host Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Add Hostgroups, permissions, pbac, testrealm >dn: cn=Add Hostgroups,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Add Hostgroups >member: cn=Host Group Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Remove Hostgroups, permissions, pbac, testrealm >dn: cn=Remove Hostgroups,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Remove Hostgroups >member: cn=Host Group Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify Hostgroups, permissions, pbac, testrealm >dn: cn=Modify Hostgroups,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Hostgroups >member: cn=Host Group Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify Hostgroup membership, permissions, pbac, testrealm >dn: cn=Modify Hostgroup membership,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Hostgroup membership >member: cn=Host Group Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Add Services, permissions, pbac, testrealm >dn: cn=Add Services,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Add Services >member: cn=Service Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Remove Services, permissions, pbac, testrealm >dn: cn=Remove Services,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Remove Services >member: cn=Service Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify Services, permissions, pbac, testrealm >dn: cn=Modify Services,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Services >member: cn=Service Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Add Roles, permissions, pbac, testrealm >dn: cn=Add Roles,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Add Roles >member: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=testrealm > ># Remove Roles, permissions, pbac, testrealm >dn: cn=Remove Roles,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Remove Roles >member: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=testrealm > ># Modify Roles, permissions, pbac, testrealm >dn: cn=Modify Roles,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Roles >member: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=testrealm > ># Modify Role membership, permissions, pbac, testrealm >dn: cn=Modify Role membership,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Role membership >member: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=testrealm > ># Modify privilege membership, permissions, pbac, testrealm >dn: cn=Modify privilege membership,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify privilege membership >member: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=testrealm > ># Add Automount maps, permissions, pbac, testrealm >dn: cn=Add Automount maps,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Add Automount maps >member: cn=Automount Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Remove Automount maps, permissions, pbac, testrealm >dn: cn=Remove Automount maps,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Remove Automount maps >member: cn=Automount Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify Automount maps, permissions, pbac, testrealm >dn: cn=Modify Automount maps,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Automount maps >member: cn=Automount Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Add Automount keys, permissions, pbac, testrealm >dn: cn=Add Automount keys,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Add Automount keys >member: cn=Automount Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify Automount keys, permissions, pbac, testrealm >dn: cn=Modify Automount keys,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Automount keys >member: cn=Automount Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Remove Automount keys, permissions, pbac, testrealm >dn: cn=Remove Automount keys,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Remove Automount keys >member: cn=Automount Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Add netgroups, permissions, pbac, testrealm >dn: cn=Add netgroups,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Add netgroups >member: cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Remove netgroups, permissions, pbac, testrealm >dn: cn=Remove netgroups,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Remove netgroups >member: cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify netgroups, permissions, pbac, testrealm >dn: cn=Modify netgroups,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify netgroups >member: cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify netgroup membership, permissions, pbac, testrealm >dn: cn=Modify netgroup membership,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify netgroup membership >member: cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Manage host keytab, permissions, pbac, testrealm >dn: cn=Manage host keytab,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Manage host keytab >member: cn=Host Administrators,cn=privileges,cn=pbac,dc=testrealm >member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=testrealm > ># Manage service keytab, permissions, pbac, testrealm >dn: cn=Manage service keytab,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Manage service keytab >member: cn=Service Administrators,cn=privileges,cn=pbac,dc=testrealm >member: cn=admins,cn=groups,cn=accounts,dc=testrealm > ># Enroll a host, permissions, pbac, testrealm >dn: cn=Enroll a host,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Enroll a host >member: cn=Host Administrators,cn=privileges,cn=pbac,dc=testrealm >member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=testrealm > ># Add Replication Agreements, permissions, pbac, testrealm >dn: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Add Replication Agreements >ipaPermissionType: SYSTEM >member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Modify Replication Agreements, permissions, pbac, testrealm >dn: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Modify Replication Agreements >ipaPermissionType: SYSTEM >member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Remove Replication Agreements, permissions, pbac, testrealm >dn: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Remove Replication Agreements >ipaPermissionType: SYSTEM >member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=testrealm > ># virtual operations, etc, testrealm >dn: cn=virtual operations,cn=etc,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: virtual operations > ># retrieve certificate, virtual operations, etc, testrealm >dn: cn=retrieve certificate,cn=virtual operations,cn=etc,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: retrieve certificate > ># Retrieve Certificates from the CA, permissions, pbac, testrealm >dn: cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Retrieve Certificates from the CA >member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testrealm > ># request certificate, virtual operations, etc, testrealm >dn: cn=request certificate,cn=virtual operations,cn=etc,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: request certificate > ># Request Certificate, permissions, pbac, testrealm >dn: cn=Request Certificate,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Request Certificate >member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testrealm > ># request certificate different host, virtual operations, etc, testrealm >dn: cn=request certificate different host,cn=virtual operations,cn=etc,dc=test > realm >objectClass: top >objectClass: nsContainer >cn: request certificate different host > ># Request Certificates from a different host, permissions, pbac, testrealm >dn: cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=te > strealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Request Certificates from a different host >member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testrealm > ># certificate status, virtual operations, etc, testrealm >dn: cn=certificate status,cn=virtual operations,cn=etc,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: certificate status > ># Get Certificates status from the CA, permissions, pbac, testrealm >dn: cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Get Certificates status from the CA >member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testrealm > ># revoke certificate, virtual operations, etc, testrealm >dn: cn=revoke certificate,cn=virtual operations,cn=etc,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: revoke certificate > ># Revoke Certificate, permissions, pbac, testrealm >dn: cn=Revoke Certificate,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Revoke Certificate >member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testrealm > ># certificate remove hold, virtual operations, etc, testrealm >dn: cn=certificate remove hold,cn=virtual operations,cn=etc,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: certificate remove hold > ># Certificate Remove Hold, permissions, pbac, testrealm >dn: cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >cn: Certificate Remove Hold >member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testrealm > ># Managed Entries, etc, testrealm >dn: cn=Managed Entries,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: Managed Entries > ># Templates, Managed Entries, etc, testrealm >dn: cn=Templates,cn=Managed Entries,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: Templates > ># Definitions, Managed Entries, etc, testrealm >dn: cn=Definitions,cn=Managed Entries,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: Definitions > ># UPG Template, Templates, Managed Entries, etc, testrealm >dn: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testrealm >objectClass: mepTemplateEntry >objectClass: top >cn: UPG Template >mepRDNAttr: cn >mepStaticAttr: objectclass: posixgroup >mepStaticAttr: objectclass: ipaobject >mepStaticAttr: ipaUniqueId: autogenerate >mepMappedAttr: cn: $uid >mepMappedAttr: gidNumber: $uidNumber >mepMappedAttr: description: User private group for $uid > ># UPG Definition, Definitions, Managed Entries, etc, testrealm >dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=testrealm >objectClass: extensibleObject >objectClass: top >cn: UPG Definition >originscope: cn=users,cn=accounts,dc=testrealm >originfilter: (&(objectclass=posixAccount)(!(description=__no_upg__))) >managedbase: cn=groups,cn=accounts,dc=testrealm >managedtemplate: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=tes > trealm > ># NGP HGP Template, Templates, Managed Entries, etc, testrealm >dn: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testrealm >objectClass: mepTemplateEntry >objectClass: top >cn: NGP HGP Template >mepRDNAttr: cn >mepStaticAttr: ipaUniqueId: autogenerate >mepStaticAttr: objectclass: ipanisnetgroup >mepStaticAttr: objectclass: ipaobject >mepStaticAttr: nisDomainName: lab.eng.brq.redhat.com >mepMappedAttr: cn: $cn >mepMappedAttr: memberHost: $dn >mepMappedAttr: description: ipaNetgroup $cn > ># NGP Definition, Definitions, Managed Entries, etc, testrealm >dn: cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=testrealm >objectClass: extensibleObject >objectClass: top >cn: NGP Definition >originscope: cn=hostgroups,cn=accounts,dc=testrealm >originfilter: objectclass=ipahostgroup >managedbase: cn=ng,cn=alt,dc=testrealm >managedtemplate: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc > =testrealm > ># sudo, sysaccounts, etc, testrealm >dn: uid=sudo,cn=sysaccounts,cn=etc,dc=testrealm >objectClass: account >objectClass: simplesecurityobject >objectClass: top >uid: sudo > ># automember, etc, testrealm >dn: cn=automember,cn=etc,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: automember > ># Hostgroup, automember, etc, testrealm >dn: cn=Hostgroup,cn=automember,cn=etc,dc=testrealm >objectClass: autoMemberDefinition >objectClass: top >cn: Hostgroup >autoMemberScope: cn=computers,cn=accounts,dc=testrealm >autoMemberFilter: objectclass=ipaHost >autoMemberGroupingAttr: member:dn > ># Group, automember, etc, testrealm >dn: cn=Group,cn=automember,cn=etc,dc=testrealm >objectClass: autoMemberDefinition >objectClass: top >cn: Group >autoMemberScope: cn=users,cn=accounts,dc=testrealm >autoMemberFilter: objectclass=posixAccount >autoMemberGroupingAttr: member:dn > ># 5257147c-1e03-11e4-a16d-5254007acf68, hbac, testrealm >dn: ipaUniqueID=5257147c-1e03-11e4-a16d-5254007acf68,cn=hbac,dc=testrealm >objectClass: ipaassociation >objectClass: ipahbacrule >cn: allow_all >accessRuleType: allow >userCategory: all >hostCategory: all >sourceHostCategory: all >serviceCategory: all >ipaEnabledFlag: TRUE >description: Allow all users to access any host from any host >ipaUniqueID: 5257147c-1e03-11e4-a16d-5254007acf68 > ># CAcert, ipa, etc, testrealm >dn: cn=CAcert,cn=ipa,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: pkiCA >objectClass: top >cn: CAcert >cACertificate;binary:: MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQ > KEwlURVNUUkVBTE0xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNDA4MDcwNzE4 > MzdaFw0zNDA4MDcwNzE4MzdaMDQxEjAQBgNVBAoTCVRFU1RSRUFMTTEeMBwGA1UEAxMVQ2VydGlma > WNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RUs6PEzDqTm/n > rOTbLI0/thj8de1W9JGZPsG1LMU0MMoUc3JIBxByK7AbnIq0a+jov7Ghmccph5zpkBDf6kh5OOlGd > glngXmrBjQzr4j4mYp9vdcXsMkd1Tgq7YUnuTnNBDD0MzpQcxc6URo4hgkAbQQQwt+gApMb7XkTN1 > hurFdxTGsnyIzottKT8cXzMtzEBs6S3CbeN3ADZwThq2wJpgfIPOm8OL94zqF18O67GEPZu1sHyVA > sfqbwtVA9kkZNl3fIMF6ATOqt5TQ3/ImSy/IpL9bYNB8WmE1gTgOM4rdrZh+HFR439mbfhaxdzYJQ > PyXEmeHssK5ih7RW3O9QIDAQABo4G1MIGyMB8GA1UdIwQYMBaAFOBnA/HH5ihEDDU7vUNfEhRpqQq > 4MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTgZwPxx+YoRAw1O71D > XxIUaakKuDBPBggrBgEFBQcBAQRDMEEwPwYIKwYBBQUHMAGGM2h0dHA6Ly94ODYtNjQtdjA4LmxhY > i5lbmcuYnJxLnJlZGhhdC5jb206ODAvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAQEAnEaDfUDcWs > SCb/rLn8GCvbeEEF0E6yAyDJimoJGc8U7sBnacTWOfPvnyRjY1skYp1tpB8uwDB/r/IIIorGVcbmp > lSgXuAqK1BtinOYjj5vMn+96jzPOIoAHTfvSeJ/nfTHHays6UnOuyGoo1ONi5p4tvT6dPOUI6NAGG > /v5UTdraEGZGCMV1bNh/L6NDK22ISQQB6jWVflMekptlLVTg0c00Qn9hvANlB6ZioSwgxAabrKwFI > 3sjihykSeiUg/FwGp+yNWLXg8Obo/2nz6aMjfdbAN8KsFPDClopCguXYLcnQvgYUhfeHRhMC7PKYb > H8eazzN9lOXxw+vh+Ph5Gsyg== > ># x86-64-v08.lab.eng.brq.redhat.com, masters, ipa, etc, testrealm >dn: cn=x86-64-v08.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: x86-64-v08.lab.eng.brq.redhat.com > ># CA, x86-64-v08.lab.eng.brq.redhat.com, masters, ipa, etc, testrealm >dn: cn=CA,cn=x86-64-v08.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=tes > trealm >objectClass: nsContainer >objectClass: ipaConfigObject >objectClass: top >ipaConfigString: enabledService >ipaConfigString: startOrder 50 >cn: CA > ># dogtagldap/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM, services, accounts, > testrealm >dn: krbprincipalname=dogtagldap/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM,cn > =services,cn=accounts,dc=testrealm >objectClass: krbprincipal >objectClass: krbprincipalaux >objectClass: krbticketpolicyaux >objectClass: ipaobject >objectClass: ipaservice >objectClass: pkiuser >objectClass: top >objectClass: ipakrbprincipal >managedBy: fqdn=x86-64-v08.lab.eng.brq.redhat.com,cn=computers,cn=accounts,dc= > testrealm >krbPrincipalName: dogtagldap/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM >ipaUniqueID: 6839b790-1e03-11e4-927d-5254007acf68 >userCertificate:: MIIDszCCApugAwIBAgIBCTANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKEwlU > RVNUUkVBTE0xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNDA4MDcwNzIwNDNaF > w0xNjA4MDcwNzIwNDNaMEAxEjAQBgNVBAoTCVRFU1RSRUFMTTEqMCgGA1UEAxMheDg2LTY0LXYwOC > 5sYWIuZW5nLmJycS5yZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfa > dAieM+r9uhs018aGF0M7qe2Xi3GuFaSBB/6/USTvevM1QY1SJky2SiI/vCJIMjQ8fQtq/z2LjMhlM > 0v0LQbnePhgisaj2EGBRqJFVlpxYWLJdiwrTxM0ux4bJk88fPUqt72tXzZBKGQ7MXKU96f/xitzwj > N7OaB3H4mIDI8xkLFD7RtrGZul2HPbRm4BKVA3S1nu5PAbBqXK95cDUdjs+EJ+BYC0SunI/ehbrdi > cqD7e0E9ThftminccLRpRJJi97MhSZ75Sd79Fdymf8KnI1+deldlo6yVABuOG1plDB7gcwxqOdX+X > 5OY02ogvRjtEfCxdILU0A70lkx72uKwIDAQABo4HDMIHAMB8GA1UdIwQYMBaAFOBnA/HH5ihEDDU7 > vUNfEhRpqQq4ME8GCCsGAQUFBwEBBEMwQTA/BggrBgEFBQcwAYYzaHR0cDovL3g4Ni02NC12MDgub > GFiLmVuZy5icnEucmVkaGF0LmNvbTo4MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFj > AUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFABRC1SzJbS3arjcFRF1G53WIhjWMA0GCSq > GSIb3DQEBCwUAA4IBAQAj0hVu8fNxi1I4f+kCPOTKuGn7U7RBcb0fGXVfcDYo5wgpwr/cpmFL9rh0 > EANiGHF9xHpelmIfy2+tA9l74QHWWTOH26I7WvK6SD/G+LlL+wDwMqRXxFJ+CA1osHo6cjRWIppCR > W6cYJzWVuHjR+QZR2TgA4H4osrScfJUVGbSaX8Z7q/TNpKCjs3NzA2aVBfx8DXyFFc94G0uta8gZH > w7Yvsrl19OVKwKs5Fa+gItgMgauc2Imc1SaVbC/3mltPHqZYr9l3f8Psa2YqipQtUWinDgpugS06L > RLYgi81X8OO5LyoFK/t8ZK2V6zp9JBOWnG7dZNMj6Q4be2vIf2uUB >ipaKrbPrincipalAlias: dogtagldap/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM > ># kerberos, testrealm >dn: cn=kerberos,dc=testrealm >objectClass: krbContainer >objectClass: top >cn: kerberos > ># TESTREALM, kerberos, testrealm >dn: cn=TESTREALM,cn=kerberos,dc=testrealm >cn: TESTREALM >objectClass: top >objectClass: krbrealmcontainer >objectClass: krbticketpolicyaux >krbSubTrees: dc=testrealm >krbSearchScope: 2 >krbSupportedEncSaltTypes: aes256-cts:normal >krbSupportedEncSaltTypes: aes256-cts:special >krbSupportedEncSaltTypes: aes128-cts:normal >krbSupportedEncSaltTypes: aes128-cts:special >krbSupportedEncSaltTypes: des3-hmac-sha1:normal >krbSupportedEncSaltTypes: des3-hmac-sha1:special >krbSupportedEncSaltTypes: arcfour-hmac:normal >krbSupportedEncSaltTypes: arcfour-hmac:special >krbMaxTicketLife: 86400 >krbMaxRenewableAge: 604800 >krbDefaultEncSaltTypes: aes256-cts:special >krbDefaultEncSaltTypes: aes128-cts:special >krbDefaultEncSaltTypes: des3-hmac-sha1:special >krbDefaultEncSaltTypes: arcfour-hmac:special > ># global_policy, TESTREALM, kerberos, testrealm >dn: cn=global_policy,cn=TESTREALM,cn=kerberos,dc=testrealm >objectClass: top >objectClass: nsContainer >objectClass: krbPwdPolicy >krbMinPwdLife: 3600 >krbPwdMinDiffChars: 0 >krbPwdMinLength: 8 >krbPwdHistoryLength: 0 >krbMaxPwdLife: 7776000 >krbPwdMaxFailure: 6 >krbPwdFailureCountInterval: 60 >krbPwdLockoutDuration: 600 >cn: global_policy > ># K/M@TESTREALM, TESTREALM, kerberos, testrealm >dn: krbPrincipalName=K/M@TESTREALM,cn=TESTREALM,cn=kerberos,dc=testrealm >objectClass: krbprincipal >objectClass: krbprincipalaux >objectClass: krbTicketPolicyAux >objectClass: ipakrbprincipal >objectClass: top >krbPrincipalName: K/M@TESTREALM >ipaKrbPrincipalAlias: K/M@TESTREALM >krbPrincipalExpiration: 19700101000000Z >krbTicketFlags: 192 >krbMaxTicketLife: 604800 >krbMaxRenewableAge: 1209600 >krbExtraData:: AAkBAAEAAAAAAA== >krbExtraData:: AAIvKeNTZGJfY3JlYXRpb25AVEVTVFJFQUxNAA== > ># krbtgt/TESTREALM@TESTREALM, TESTREALM, kerberos, testrealm >dn: krbPrincipalName=krbtgt/TESTREALM@TESTREALM,cn=TESTREALM,cn=kerberos,dc=te > strealm >objectClass: krbprincipal >objectClass: krbprincipalaux >objectClass: krbTicketPolicyAux >objectClass: ipakrbprincipal >objectClass: top >krbPrincipalName: krbtgt/TESTREALM@TESTREALM >ipaKrbPrincipalAlias: krbtgt/TESTREALM@TESTREALM >krbPrincipalExpiration: 19700101000000Z >krbTicketFlags: 128 >krbMaxTicketLife: 604800 >krbMaxRenewableAge: 1209600 >krbExtraData:: AAIwKeNTZGJfY3JlYXRpb25AVEVTVFJFQUxNAA== > ># kadmin/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM, TESTREALM, kerberos, te > strealm >dn: krbPrincipalName=kadmin/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM,cn=TES > TREALM,cn=kerberos,dc=testrealm >objectClass: krbprincipal >objectClass: krbprincipalaux >objectClass: krbTicketPolicyAux >objectClass: ipakrbprincipal >objectClass: top >krbPrincipalName: kadmin/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM >ipaKrbPrincipalAlias: kadmin/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM >krbLastPwdChange: 20140807072224Z >krbTicketFlags: 4 >krbMaxTicketLife: 10800 >krbExtraData:: AAIwKeNTa2RiNV91dGlsQFRFU1RSRUFMTQA= >krbLoginFailedCount: 0 > ># kadmin/admin@TESTREALM, TESTREALM, kerberos, testrealm >dn: krbPrincipalName=kadmin/admin@TESTREALM,cn=TESTREALM,cn=kerberos,dc=testre > alm >objectClass: krbprincipal >objectClass: krbprincipalaux >objectClass: krbTicketPolicyAux >objectClass: ipakrbprincipal >objectClass: top >krbPrincipalName: kadmin/admin@TESTREALM >ipaKrbPrincipalAlias: kadmin/admin@TESTREALM >krbLastPwdChange: 20140807072224Z >krbTicketFlags: 4 >krbMaxTicketLife: 10800 >krbExtraData:: AAIwKeNTa2RiNV91dGlsQFRFU1RSRUFMTQA= >krbLoginFailedCount: 0 > ># kadmin/changepw@TESTREALM, TESTREALM, kerberos, testrealm >dn: krbPrincipalName=kadmin/changepw@TESTREALM,cn=TESTREALM,cn=kerberos,dc=tes > trealm >objectClass: krbprincipal >objectClass: krbprincipalaux >objectClass: krbTicketPolicyAux >objectClass: ipakrbprincipal >objectClass: top >krbPrincipalName: kadmin/changepw@TESTREALM >ipaKrbPrincipalAlias: kadmin/changepw@TESTREALM >krbLastPwdChange: 20140807072224Z >krbTicketFlags: 8196 >krbMaxTicketLife: 300 >krbExtraData:: AAIxKeNTa2RiNV91dGlsQFRFU1RSRUFMTQA= >krbLoginFailedCount: 0 > ># ldap/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM, services, accounts, testr > ealm >dn: krbprincipalname=ldap/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM,cn=servi > ces,cn=accounts,dc=testrealm >ipaKrbPrincipalAlias: ldap/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM >objectClass: ipaobject >objectClass: top >objectClass: ipaservice >objectClass: pkiuser >objectClass: ipakrbprincipal >objectClass: krbprincipal >objectClass: krbprincipalaux >objectClass: krbTicketPolicyAux >managedBy: fqdn=x86-64-v08.lab.eng.brq.redhat.com,cn=computers,cn=accounts,dc= > testrealm >krbExtraData:: AAIyKeNTdHVzZXIyL2FkbWluQFRFU1RSRUFMTQA= >krbPrincipalName: ldap/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM >krbLastPwdChange: 20140807072226Z >ipaUniqueID: 9503dea4-1e03-11e4-b42a-5254007acf68 >krbLoginFailedCount: 0 >userCertificate:: MIIDszCCApugAwIBAgIBCDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKEwlU > RVNUUkVBTE0xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNDA4MDcwNzE5NTlaF > w0xNjA4MDcwNzE5NTlaMEAxEjAQBgNVBAoTCVRFU1RSRUFMTTEqMCgGA1UEAxMheDg2LTY0LXYwOC > 5sYWIuZW5nLmJycS5yZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3So > xLWzHxCXHMFQnmhgayO8XJTDHh1ql5z8dDEuTTY+QdXjcZt241DyfdWfZbZREwFZl4V6xWUowwrDp > enhHRWaIeUvl+63UC0qAHE3XsP6BwD2fOz4Hz+BwwRXyJaHkKmC9Djz0E9s0tnPXubx/1pUGzas4l > tpQ8ZauKecpU9RWHbGZ/WyAVjxhBh8wWRxxZH+VbbDNrVI9GNMkToUDw5hnK4eIFDL1DfOBWtMI1k > yzNDZ3mLYLuSCMufI9QHbS6j+H4BBn/HpS+PMe7muPm3BfDLGtpxXcMHEvsRTxlG/0mYD0YKT5AK4 > VnRemhx/1/tQRXy9u23lySv2KE5HYQwIDAQABo4HDMIHAMB8GA1UdIwQYMBaAFOBnA/HH5ihEDDU7 > vUNfEhRpqQq4ME8GCCsGAQUFBwEBBEMwQTA/BggrBgEFBQcwAYYzaHR0cDovL3g4Ni02NC12MDgub > GFiLmVuZy5icnEucmVkaGF0LmNvbTo4MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFj > AUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFON15RyNdIYVHzySWPdfzEgh/LKHMA0GCSq > GSIb3DQEBCwUAA4IBAQAJap2QqhEY75E0dbm2EwJuPybP7nYboTWN/Ff1f2JiMrHCi3QwlHuSvjOR > oQgYroPi8xp8+A6OTnA0Ji+/yKE9ty5U0JOi9i3RcYxQ3UwvYkAVFq50AuLW3N8618Ec75C0gNcMb > rFcUnP+QDzQifIcdGt1WJYyGNBM/nb/XY54+CKKtJt6t7cvvZsmsuJXcqlBxUSNiunzGzs7C1WBOz > WTszo347hFNbpwcNnNpCy0Z+MpK5ZkHfZhiVV0y/YVgtHFnjVazXuc6RBeOY9xvY28wiekQl7g8sL > QZkrnBL+zFkCZ+vQb2/WGZGy5QtViGsp4a4ITIcMBiM4mZdQkJ4E9 > ># x86-64-v08.lab.eng.brq.redhat.com, computers, accounts, testrealm >dn: fqdn=x86-64-v08.lab.eng.brq.redhat.com,cn=computers,cn=accounts,dc=testrea > lm >cn: x86-64-v08.lab.eng.brq.redhat.com >objectClass: top >objectClass: ipaobject >objectClass: nshost >objectClass: ipahost >objectClass: ipaservice >objectClass: pkiuser >objectClass: krbprincipalaux >objectClass: krbprincipal >objectClass: krbticketpolicyaux >objectClass: ipasshhost >objectClass: ipaSshGroupOfPubKeys >krbLastPwdChange: 20140807072228Z >fqdn: x86-64-v08.lab.eng.brq.redhat.com >managedBy: fqdn=x86-64-v08.lab.eng.brq.redhat.com,cn=computers,cn=accounts,dc= > testrealm >krbExtraData:: AAI0KeNTdHVzZXIyL2FkbWluQFRFU1RSRUFMTQA= >krbPrincipalName: host/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM >serverHostName: x86-64-v08 >ipaUniqueID: 972f30e8-1e03-11e4-b42a-5254007acf68 >krbLastSuccessfulAuth: 20140807073250Z >ipaSshPubKey: ssh-dss AAAAB3NzaC1kc3MAAACBALPkV1M5y/F7YTa+wfxTVpysWg6BPUppQyYP > m1QqErtT4XL/6YZjLNYMM8x0ZHl8Jq+cROXyn0eTy1ZLA5eGctYletOfWz5vJXtu/b3jpYqyX9f7W > 3Z4pfo2lH1uxnTQa/F0BXRJyDJJZnWN5dsAGgeEkCa8oIehlRHbHnExciKRAAAAFQDA+yhDK+a9t5 > KpdIqMjHtRAt2EUQAAAIA7tL4KcmFqsB6cbfK5iDD0IzOtFSzsp4p5/auTSr6kLiOVU2KkUM6gil5 > dMeK/VK0huYqBUmTUVKvk5/Cq4b1PwrdO9eD9WvvxKgtfCr5RqVhVY4yN3/5EaQ6gEPyy9IJHkwDt > y0EWNjJYc5uZ8R48NOxIn7SkR7JZsCLG/drrogAAAIBflwlkoLvTNCQcSDqbtbt8ijHnd69m6ozMp > HgXxAm+dItgfP3gUBn9kBq7J8Q3Onxdhi+jQQNrLBKFAel/44olZTNzNIct24CoAp6uk9HBoFITEl > 9lIM3Iv8c12SbhYXBA03RtwbjMr3W23FzVGf0TDdUYyka2PxkJBofKiA/Q5g== >ipaSshPubKey: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA364/60qxWE9euxhn7R+6K+i4EB+j > aGJ5GlL42IqIZakQ99TknwPbNKzv6CCUtvEwS7WWI6uzXHAeVWWxS9iO2/E+cameg5aQndYADGXsL > qddItOXATCNVEAfSMrk4vK+ioeS9flPokOHIHOjgtch/099zRzDjGFICnHMmkab/iQlYmuXdzo2/U > 6aH/VAfHhBEEl76P65340+y1jOtNoCvx+rGmTi4TfjCpHDUwK3+gnOdRBmw/YhSWKfavOat4ABQeb > E0QY0fRAeA1CibTHQImV8VFrSPn/eKnoCq9/DNYf/XljGonH3fujoBKoYR5wASj2GqHGd/h8XwiZx > eNU9IQ== >memberOf: cn=hostgrp1,cn=hostgroups,cn=accounts,dc=testrealm >memberOf: cn=hostgrp1,cn=ng,cn=alt,dc=testrealm >memberOf: ipauniqueid=ff4b64f8-1e03-11e4-9465-5254007acf68,cn=sudorules,cn=sud > o,dc=testrealm > ># KDC, x86-64-v08.lab.eng.brq.redhat.com, masters, ipa, etc, testrealm >dn: cn=KDC,cn=x86-64-v08.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=te > strealm >objectClass: nsContainer >objectClass: ipaConfigObject >objectClass: top >ipaConfigString: enabledService >ipaConfigString: startOrder 10 >cn: KDC > ># KPASSWD, x86-64-v08.lab.eng.brq.redhat.com, masters, ipa, etc, testrealm >dn: cn=KPASSWD,cn=x86-64-v08.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,d > c=testrealm >objectClass: nsContainer >objectClass: ipaConfigObject >objectClass: top >ipaConfigString: enabledService >ipaConfigString: startOrder 20 >cn: KPASSWD > ># MEMCACHE, x86-64-v08.lab.eng.brq.redhat.com, masters, ipa, etc, testrealm >dn: cn=MEMCACHE,cn=x86-64-v08.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc, > dc=testrealm >objectClass: nsContainer >objectClass: ipaConfigObject >objectClass: top >ipaConfigString: enabledService >ipaConfigString: startOrder 39 >cn: MEMCACHE > ># HTTP/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM, services, accounts, testr > ealm >dn: krbprincipalname=HTTP/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM,cn=servi > ces,cn=accounts,dc=testrealm >ipaKrbPrincipalAlias: HTTP/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM >objectClass: ipaobject >objectClass: top >objectClass: ipaservice >objectClass: pkiuser >objectClass: ipakrbprincipal >objectClass: krbprincipal >objectClass: krbprincipalaux >objectClass: krbTicketPolicyAux >managedBy: fqdn=x86-64-v08.lab.eng.brq.redhat.com,cn=computers,cn=accounts,dc= > testrealm >krbExtraData:: AAJZKeNTdHVzZXIyL2FkbWluQFRFU1RSRUFMTQA= >krbLoginFailedCount: 0 >krbPrincipalName: HTTP/x86-64-v08.lab.eng.brq.redhat.com@TESTREALM >krbLastPwdChange: 20140807072305Z >ipaUniqueID: ac701bf2-1e03-11e4-927d-5254007acf68 >userCertificate:: MIIDszCCApugAwIBAgIBCjANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKEwlU > RVNUUkVBTE0xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNDA4MDcwNzIyMzVaF > w0xNjA4MDcwNzIyMzVaMEAxEjAQBgNVBAoTCVRFU1RSRUFMTTEqMCgGA1UEAxMheDg2LTY0LXYwOC > 5sYWIuZW5nLmJycS5yZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/n7 > 1h5525yntBvb1T4Ygv/CkAlrb/NIDOTg6yH9cZOT293SvBHmVBVvcESO3BmkAxyqdL5MNyqEPUZWa > PepoIw0ZQ5f+UwyxV78zt58KsQuXXTu8b5wNEd4LMK1RoXyOLwBQm0r/tPU0LKY6+S32rlUiNIUls > 1JZUNxDyLczrOetZCuF3SL0JlQwVeg/05DLy8lTn8A0quN40yv/Y41ccxjS0d9rZjTpxBMHhiUMDJ > fNSjkhIWUgfZlq4TypYCeIR5tMvV9JYOhRK8+oM1dAMXBjrH5z7LpPfSeTvSVijwvAfvfjfvToGGR > pUD9bNueaC7At2EFtidzim8NwwteCbQIDAQABo4HDMIHAMB8GA1UdIwQYMBaAFOBnA/HH5ihEDDU7 > vUNfEhRpqQq4ME8GCCsGAQUFBwEBBEMwQTA/BggrBgEFBQcwAYYzaHR0cDovL3g4Ni02NC12MDgub > GFiLmVuZy5icnEucmVkaGF0LmNvbTo4MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFj > AUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFOu7vUTdWxiX5G68b/do4hGVFdNyMA0GCSq > GSIb3DQEBCwUAA4IBAQAbK8H1/6U/MRO/IrMZptWD/Rq1i9YCMD+qA2TGDG80z3gpG0mvfaYRjoGq > Ihf9JGEgf7R8ARsVuiBm2CT8uBaTBKrK3cGh/O+9T/edYsyvrzI+iAMqKknElF2H9us6x3vSziZuD > rVwN9X93So78VO8TpSdSE3kSn2Vv48RMmKHSTSopTfyIU38XJQWOy4s4W45Hk+IDnf8ZK+cgErHo6 > HPV4Y6Rcj8GuBJvbN1E+sBKwnJu2Aeu+Euvn3iz2UBbc0KkYBZbAo/st0rwIUjkGKyQqxcNLcTUI8 > F+Uqp4+58m5AmiTLBGMGtqRL1fLQ919RDxqpOyMZ/WOenaOWwpCkj >krbLastSuccessfulAuth: 20140807072506Z > ># HTTP, x86-64-v08.lab.eng.brq.redhat.com, masters, ipa, etc, testrealm >dn: cn=HTTP,cn=x86-64-v08.lab.eng.brq.redhat.com,cn=masters,cn=ipa,cn=etc,dc=t > estrealm >objectClass: nsContainer >objectClass: ipaConfigObject >objectClass: top >ipaConfigString: enabledService >ipaConfigString: startOrder 40 >cn: HTTP > ># anonymous-limits, etc, testrealm >dn: cn=anonymous-limits,cn=etc,dc=testrealm >objectClass: nsContainer >objectClass: top >cn: anonymous-limits > ># profile, testrealm >dn: ou=profile,dc=testrealm >objectClass: top >objectClass: organizationalUnit >ou: profiles >ou: profile > ># replication, etc, testrealm >dn: cn=replication,cn=etc,dc=testrealm >objectClass: nsDS5Replica >objectClass: top >nsDS5ReplicaId: 3 >nsDS5ReplicaRoot: dc=testrealm >cn: replication > ># default, profile, testrealm >dn: cn=default,ou=profile,dc=testrealm >defaultServerList: x86-64-v08.lab.eng.brq.redhat.com >defaultSearchBase: dc=testrealm >objectClass: top >objectClass: DUAConfigProfile >serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=testrealm >serviceSearchDescriptor: group:cn=groups,cn=compat,dc=testrealm >searchTimeLimit: 15 >followReferrals: TRUE >objectclassMap: shadow:shadowAccount=posixAccount >bindTimeLimit: 5 >authenticationMethod: none >cn: default > ># HBAC Administrator, privileges, pbac, testrealm >dn: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrealm >objectClass: nestedgroup >objectClass: groupofnames >objectClass: top >member: cn=IT Security Specialist,cn=roles,cn=accounts,dc=testrealm >cn: HBAC Administrator >description: HBAC Administrator >memberOf: cn=manage hbac rule membership,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add hbac services,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add hbac service groups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage hbac service group membership,cn=permissions,cn=pbac,dc=te > strealm >memberOf: cn=modify hbac rule,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add hbac rule,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete hbac service groups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete hbac services,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete hbac rule,cn=permissions,cn=pbac,dc=testrealm > ># Modify Sudo rule, permissions, pbac, testrealm >dn: cn=Modify Sudo rule,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Modify Sudo rule > ># Delete Sudo rule, permissions, pbac, testrealm >dn: cn=Delete Sudo rule,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Delete Sudo rule > ># Manage HBAC rule membership, permissions, pbac, testrealm >dn: cn=Manage HBAC rule membership,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Manage HBAC rule membership > ># User Administrator, roles, accounts, testrealm >dn: cn=User Administrator,cn=roles,cn=accounts,dc=testrealm >objectClass: groupofnames >objectClass: nestedgroup >objectClass: top >cn: User Administrator >description: Responsible for creating Users and Groups >memberOf: cn=user administrators,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=add users,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=change a user password,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add user to default group,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=unlock user accounts,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove users,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify users,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage user ssh public keys,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=group administrators,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=add groups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove groups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify groups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify group membership,cn=permissions,cn=pbac,dc=testrealm > ># Modify Group membership, privileges, pbac, testrealm >dn: cn=Modify Group membership,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >member: cn=helpdesk,cn=roles,cn=accounts,dc=testrealm >cn: Modify Group membership >description: Modify Group membership >memberOf: cn=modify group membership,cn=permissions,cn=pbac,dc=testrealm > ># Modify SELinux User Maps, permissions, pbac, testrealm >dn: cn=Modify SELinux User Maps,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >member: cn=SELinux User Map Administrators,cn=privileges,cn=pbac,dc=testrealm >cn: Modify SELinux User Maps > ># Password Policy Administrator, privileges, pbac, testrealm >dn: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=testrealm >objectClass: nestedgroup >objectClass: groupofnames >objectClass: top >member: cn=Security Architect,cn=roles,cn=accounts,dc=testrealm >cn: Password Policy Administrator >description: Password Policy Administrator >memberOf: cn=modify group password policy costemplate,cn=permissions,cn=pbac,d > c=testrealm >memberOf: cn=add group password policy costemplate,cn=permissions,cn=pbac,dc=t > estrealm >memberOf: cn=add group password policy,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete group password policy costemplate,cn=permissions,cn=pbac,d > c=testrealm >memberOf: cn=modify group password policy,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete group password policy,cn=permissions,cn=pbac,dc=testrealm > ># Remove SELinux User Maps, permissions, pbac, testrealm >dn: cn=Remove SELinux User Maps,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >member: cn=SELinux User Map Administrators,cn=privileges,cn=pbac,dc=testrealm >cn: Remove SELinux User Maps > ># Manage Sudo command group membership, permissions, pbac, testrealm >dn: cn=Manage Sudo command group membership,cn=permissions,cn=pbac,dc=testreal > m >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Manage Sudo command group membership > ># Add HBAC services, permissions, pbac, testrealm >dn: cn=Add HBAC services,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Add HBAC services > ># Modify Sudo command, permissions, pbac, testrealm >dn: cn=Modify Sudo command,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Modify Sudo command > ># Write IPA Configuration, permissions, pbac, testrealm >dn: cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >member: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=testrealm >cn: Write IPA Configuration > ># Add HBAC service groups, permissions, pbac, testrealm >dn: cn=Add HBAC service groups,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Add HBAC service groups > ># Add Sudo rule, permissions, pbac, testrealm >dn: cn=Add Sudo rule,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Add Sudo rule > ># Manage HBAC service group membership, permissions, pbac, testrealm >dn: cn=Manage HBAC service group membership,cn=permissions,cn=pbac,dc=testreal > m >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Manage HBAC service group membership > ># Add Sudo command group, permissions, pbac, testrealm >dn: cn=Add Sudo command group,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Add Sudo command group > ># Modify HBAC rule, permissions, pbac, testrealm >dn: cn=Modify HBAC rule,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Modify HBAC rule > ># Modify Group Password Policy costemplate, permissions, pbac, testrealm >dn: cn=Modify Group Password Policy costemplate,cn=permissions,cn=pbac,dc=test > realm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Modify Group Password Policy costemplate > ># Modify Users and Reset passwords, privileges, pbac, testrealm >dn: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >member: cn=helpdesk,cn=roles,cn=accounts,dc=testrealm >cn: Modify Users and Reset passwords >description: Modify Users and Reset passwords >memberOf: cn=change a user password,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify users,cn=permissions,cn=pbac,dc=testrealm > ># SELinux User Map Administrators, privileges, pbac, testrealm >dn: cn=SELinux User Map Administrators,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >cn: SELinux User Map Administrators >description: SELinux User Map Administrators >memberOf: cn=modify selinux user maps,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove selinux user maps,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add selinux user maps,cn=permissions,cn=pbac,dc=testrealm > ># IT Security Specialist, roles, accounts, testrealm >dn: cn=IT Security Specialist,cn=roles,cn=accounts,dc=testrealm >objectClass: groupofnames >objectClass: nestedgroup >objectClass: top >cn: IT Security Specialist >description: IT Security Specialist >memberOf: cn=netgroups administrators,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=add netgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove netgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify netgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify netgroup membership,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=hbac administrator,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=manage hbac rule membership,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add hbac services,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add hbac service groups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage hbac service group membership,cn=permissions,cn=pbac,dc=te > strealm >memberOf: cn=modify hbac rule,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add hbac rule,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete hbac service groups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete hbac services,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete hbac rule,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=sudo administrator,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=modify sudo rule,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete sudo rule,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage sudo command group membership,cn=permissions,cn=pbac,dc=te > strealm >memberOf: cn=modify sudo command,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add sudo rule,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add sudo command group,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete sudo command group,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add sudo command,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete sudo command,cn=permissions,cn=pbac,dc=testrealm > ># IT Specialist, roles, accounts, testrealm >dn: cn=IT Specialist,cn=roles,cn=accounts,dc=testrealm >objectClass: groupofnames >objectClass: nestedgroup >objectClass: top >cn: IT Specialist >description: IT Specialist >memberOf: cn=host administrators,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=add hosts,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove hosts,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify hosts,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage host ssh public keys,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage host keytab,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=enroll a host,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add krbprincipalname to a host,cn=permissions,cn=pbac,dc=testreal > m >memberOf: cn=host group administrators,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=add hostgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove hostgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify hostgroups,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify hostgroup membership,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=service administrators,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=add services,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove services,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify services,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage service keytab,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=automount administrators,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=add automount maps,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove automount maps,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify automount maps,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add automount keys,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify automount keys,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove automount keys,cn=permissions,cn=pbac,dc=testrealm > ># Add krbPrincipalName to a host, permissions, pbac, testrealm >dn: cn=Add krbPrincipalName to a host,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >member: cn=Host Administrators,cn=privileges,cn=pbac,dc=testrealm >member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=testrealm >cn: Add krbPrincipalName to a host > ># Security Architect, roles, accounts, testrealm >dn: cn=Security Architect,cn=roles,cn=accounts,dc=testrealm >objectClass: groupofnames >objectClass: nestedgroup >objectClass: top >cn: Security Architect >description: Security Architect >memberOf: cn=delegation administrator,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=add roles,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove roles,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify roles,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify role membership,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify privilege membership,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=replication administrators,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=add replication agreements,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=modify replication agreements,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=remove replication agreements,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=password policy administrator,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=modify group password policy costemplate,cn=permissions,cn=pbac,d > c=testrealm >memberOf: cn=add group password policy costemplate,cn=permissions,cn=pbac,dc=t > estrealm >memberOf: cn=add group password policy,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete group password policy costemplate,cn=permissions,cn=pbac,d > c=testrealm >memberOf: cn=modify group password policy,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete group password policy,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=write ipa configuration,cn=privileges,cn=pbac,dc=testrealm >memberOf: cn=write ipa configuration,cn=permissions,cn=pbac,dc=testrealm > ># Add HBAC rule, permissions, pbac, testrealm >dn: cn=Add HBAC rule,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Add HBAC rule > ># Add Group Password Policy costemplate, permissions, pbac, testrealm >dn: cn=Add Group Password Policy costemplate,cn=permissions,cn=pbac,dc=testrea > lm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Add Group Password Policy costemplate > ># Add Group Password Policy, permissions, pbac, testrealm >dn: cn=Add Group Password Policy,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Add Group Password Policy > ># Delete Sudo command group, permissions, pbac, testrealm >dn: cn=Delete Sudo command group,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Delete Sudo command group > ># Add Sudo command, permissions, pbac, testrealm >dn: cn=Add Sudo command,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Add Sudo command > ># Delete Group Password Policy costemplate, permissions, pbac, testrealm >dn: cn=Delete Group Password Policy costemplate,cn=permissions,cn=pbac,dc=test > realm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Delete Group Password Policy costemplate > ># Delete HBAC service groups, permissions, pbac, testrealm >dn: cn=Delete HBAC service groups,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Delete HBAC service groups > ># Delete Sudo command, permissions, pbac, testrealm >dn: cn=Delete Sudo command,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Delete Sudo command > ># Sudo Administrator, privileges, pbac, testrealm >dn: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=testrealm >objectClass: nestedgroup >objectClass: groupofnames >objectClass: top >member: cn=IT Security Specialist,cn=roles,cn=accounts,dc=testrealm >cn: Sudo Administrator >description: Sudo Administrator >memberOf: cn=modify sudo rule,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete sudo rule,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=manage sudo command group membership,cn=permissions,cn=pbac,dc=te > strealm >memberOf: cn=modify sudo command,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add sudo rule,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add sudo command group,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete sudo command group,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=add sudo command,cn=permissions,cn=pbac,dc=testrealm >memberOf: cn=delete sudo command,cn=permissions,cn=pbac,dc=testrealm > ># Modify Group Password Policy, permissions, pbac, testrealm >dn: cn=Modify Group Password Policy,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Modify Group Password Policy > ># Delete HBAC services, permissions, pbac, testrealm >dn: cn=Delete HBAC services,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Delete HBAC services > ># Write IPA Configuration, privileges, pbac, testrealm >dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: nestedgroup >member: cn=Security Architect,cn=roles,cn=accounts,dc=testrealm >cn: Write IPA Configuration >description: Write IPA Configuration > ># Add SELinux User Maps, permissions, pbac, testrealm >dn: cn=Add SELinux User Maps,cn=permissions,cn=pbac,dc=testrealm >objectClass: top >objectClass: groupofnames >objectClass: ipapermission >member: cn=SELinux User Map Administrators,cn=privileges,cn=pbac,dc=testrealm >cn: Add SELinux User Maps > ># Delete Group Password Policy, permissions, pbac, testrealm >dn: cn=Delete Group Password Policy,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Delete Group Password Policy > ># Delete HBAC rule, permissions, pbac, testrealm >dn: cn=Delete HBAC rule,cn=permissions,cn=pbac,dc=testrealm >objectClass: groupofnames >objectClass: ipapermission >objectClass: top >member: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=testrealm >cn: Delete HBAC rule > ># vsftpd, hbacservices, hbac, testrealm >dn: cn=vsftpd,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: vsftpd >description: vsftpd >ipaUniqueID: e86e0326-1e03-11e4-aa5b-5254007acf68 >memberOf: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=testrealm > ># pure-ftpd, hbacservices, hbac, testrealm >dn: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: pure-ftpd >description: pure-ftpd >ipaUniqueID: e873b7b2-1e03-11e4-aa5b-5254007acf68 >memberOf: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=testrealm > ># ftp, hbacservicegroups, hbac, testrealm >dn: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=testrealm >objectClass: ipaobject >objectClass: ipahbacservicegroup >objectClass: nestedGroup >objectClass: groupOfNames >objectClass: top >member: cn=ftp,cn=hbacservices,cn=hbac,dc=testrealm >member: cn=proftpd,cn=hbacservices,cn=hbac,dc=testrealm >member: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=testrealm >member: cn=vsftpd,cn=hbacservices,cn=hbac,dc=testrealm >member: cn=gssftp,cn=hbacservices,cn=hbac,dc=testrealm >cn: ftp >description: Default group of ftp related services >ipaUniqueID: e8781be0-1e03-11e4-aa5b-5254007acf68 > ># gssftp, hbacservices, hbac, testrealm >dn: cn=gssftp,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: gssftp >description: gssftp >ipaUniqueID: e88fd406-1e03-11e4-aa5b-5254007acf68 > ># proftpd, hbacservices, hbac, testrealm >dn: cn=proftpd,cn=hbacservices,cn=hbac,dc=testrealm >objectClass: ipahbacservice >objectClass: ipaobject >cn: proftpd >description: proftpd >ipaUniqueID: e8a61f54-1e03-11e4-aa5b-5254007acf68 > ># trusts, testrealm >dn: cn=trusts,dc=testrealm >objectClass: top >objectClass: nsContainer >cn: trusts > ># adtrust agents, sysaccounts, etc, testrealm >dn: cn=adtrust agents,cn=sysaccounts,cn=etc,dc=testrealm >objectClass: GroupOfNames >objectClass: top >cn: adtrust agents > ># trust admins, groups, accounts, testrealm >dn: cn=trust admins,cn=groups,cn=accounts,dc=testrealm >cn: trust admins >objectClass: top >objectClass: groupofnames >objectClass: ipausergroup >objectClass: nestedgroup >objectClass: ipaobject >member: uid=admin,cn=users,cn=accounts,dc=testrealm >description: Trusts administrators group >ipaUniqueID: eab7a10a-1e03-11e4-9b4b-5254007acf68 > ># hostgrp1, hostgroups, accounts, testrealm >dn: cn=hostgrp1,cn=hostgroups,cn=accounts,dc=testrealm >objectClass: ipaobject >objectClass: ipahostgroup >objectClass: nestedGroup >objectClass: groupOfNames >objectClass: top >objectClass: mepOriginEntry >description: test hostgroup 1 >cn: hostgrp1 >ipaUniqueID: fd83a0ea-1e03-11e4-a6e2-5254007acf68 >memberOf: cn=hostgrp1,cn=ng,cn=alt,dc=testrealm >memberOf: ipauniqueid=ff4b64f8-1e03-11e4-9465-5254007acf68,cn=sudorules,cn=sud > o,dc=testrealm >mepManagedEntry: cn=hostgrp1,cn=ng,cn=alt,dc=testrealm >member: fqdn=x86-64-v08.lab.eng.brq.redhat.com,cn=computers,cn=accounts,dc=tes > trealm > ># hostgrp1, ng, alt, testrealm >dn: cn=hostgrp1,cn=ng,cn=alt,dc=testrealm >objectClass: ipanisnetgroup >objectClass: ipaobject >objectClass: mepManagedEntry >objectClass: ipaAssociation >objectClass: top >nisDomainName: lab.eng.brq.redhat.com >cn: hostgrp1 >memberHost: cn=hostgrp1,cn=hostgroups,cn=accounts,dc=testrealm >description: ipaNetgroup hostgrp1 >mepManagedBy: cn=hostgrp1,cn=hostgroups,cn=accounts,dc=testrealm >ipaUniqueID: fd8fa21e-1e03-11e4-a6e2-5254007acf68 > ># ff4b64f8-1e03-11e4-9465-5254007acf68, sudorules, sudo, testrealm >dn: ipaUniqueID=ff4b64f8-1e03-11e4-9465-5254007acf68,cn=sudorules,cn=sudo,dc=t > estrealm >objectClass: ipaassociation >objectClass: ipasudorule >cn: sudorule1 >ipaEnabledFlag: TRUE >ipaUniqueID: ff4b64f8-1e03-11e4-9465-5254007acf68 >memberUser: uid=tuser2,cn=users,cn=accounts,dc=testrealm >memberHost: cn=hostgrp1,cn=hostgroups,cn=accounts,dc=testrealm >memberAllowCmd: sudocmd=/bin/date,cn=sudocmds,cn=sudo,dc=testrealm > ># tuser2, users, accounts, testrealm >dn: uid=tuser2,cn=users,cn=accounts,dc=testrealm >displayName: test user2 >cn: tuser2 >objectClass: top >objectClass: person >objectClass: organizationalperson >objectClass: inetorgperson >objectClass: inetuser >objectClass: posixaccount >objectClass: krbprincipalaux >objectClass: krbticketpolicyaux >objectClass: ipaobject >objectClass: ipasshuser >objectClass: ipaSshGroupOfPubKeys >objectClass: mepOriginEntry >loginShell: /bin/sh >sn: user2 >gecos: test user2 >homeDirectory: /home/tuser2 >krbPwdPolicyReference: cn=global_policy,cn=TESTREALM,cn=kerberos,dc=testrealm >mail: tuser2@lab.eng.brq.redhat.com >krbPrincipalName: tuser2@TESTREALM >givenName: test >uid: tuser2 >initials: tu >ipaUniqueID: 0016c62a-1e04-11e4-b0bd-5254007acf68 >uidNumber: 964600001 >gidNumber: 964600001 >krbPasswordExpiration: 20141105072545Z >krbLastPwdChange: 20140807072545Z >krbExtraData:: AAL5KeNTa2FkbWluZEBURVNUUkVBTE0A >memberOf: cn=ipausers,cn=groups,cn=accounts,dc=testrealm >memberOf: ipauniqueid=ff4b64f8-1e03-11e4-9465-5254007acf68,cn=sudorules,cn=sud > o,dc=testrealm >mepManagedEntry: cn=tuser2,cn=groups,cn=accounts,dc=testrealm >krbLastSuccessfulAuth: 20140807072547Z >krbTicketFlags: 128 >krbLoginFailedCount: 0 > ># tuser2, groups, accounts, testrealm >dn: cn=tuser2,cn=groups,cn=accounts,dc=testrealm >objectClass: posixgroup >objectClass: ipaobject >objectClass: mepManagedEntry >objectClass: top >cn: tuser2 >gidNumber: 964600001 >description: User private group for tuser2 >mepManagedBy: uid=tuser2,cn=users,cn=accounts,dc=testrealm >ipaUniqueID: 0057611c-1e04-11e4-b0bd-5254007acf68 > ># x86-64-v08.lab.eng.brq.redhat.com + 389, posix-ids, dna, ipa, etc, testreal > m >dn: dnaHostname=x86-64-v08.lab.eng.brq.redhat.com+dnaPortNum=389,cn=posix-ids, > cn=dna,cn=ipa,cn=etc,dc=testrealm >objectClass: dnaSharedConfig >objectClass: top >dnaHostname: x86-64-v08.lab.eng.brq.redhat.com >dnaPortNum: 389 >dnaSecurePortNum: 636 >dnaRemainingValues: 199998 > ># /bin/date, sudocmds, sudo, testrealm >dn: sudocmd=/bin/date,cn=sudocmds,cn=sudo,dc=testrealm >objectClass: ipaobject >objectClass: ipasudocmd >sudoCmd: /bin/date >ipaUniqueID: 03e52ecc-1e04-11e4-9368-5254007acf68 > ># search result >search: 4 >result: 0 Success > ># numResponses: 230 ># numEntries: 229
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=924787">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1127270
:
924785
| 924787