sso: add openssh-ldap.schema, re: RT#7454

diff --git a/modules/roles/files/sso/openssh-ldap.schema b/modules/roles/files/sso/openssh-ldap.schema
new file mode 100644 (file)
index 0000000..43398cb
--- /dev/null
+++ b/modules/roles/files/sso/openssh-ldap.schema
@@ -0,0 +1,26 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
+#                              useful with PKA-LDAP also
+#
+# Adjusted: Dennis Leeuw <dleeuw@made-it.com>
+#           Making the uid a MUST, but the sshPublicKey a MAY
+#           so we can add the objectClass and later add the key
+#
+# Author: Eric AUGE <eau@phear.org>
+#
+# Based on the proposal of : Mark Ruijter
+#
+
+
+# octetString SYNTAX
+attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
+       DESC 'MANDATORY: OpenSSH Public key'
+       EQUALITY octetStringMatch
+       SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+# printableString SYNTAX yes|no
+objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
+       DESC 'MANDATORY: OpenSSH LPK objectclass'
+       MUST uid
+       MAY sshPublicKey
+       )

diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index 147c5ff..052ddc1 100644 (file)
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -36,4 +36,9 @@ class roles::sso {
     source => 'puppet:///modules/roles/sso/default-slapd',
     notify => Service['slapd'],
   }
+
+  file { '/etc/ldap/schema/openssh-ldap.schema':
+    source => 'puppet:///modules/roles/sso/openssh-ldap.schema',
+    notify => Service['slapd'],
+  }
 }