From d43ef61f9eac309f7fd70901a9e8bdd771258529 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 16 Sep 2019 12:28:42 +0200
Subject: [PATCH] sso: add openssh-ldap.schema, re: RT#7454

---
 modules/roles/files/sso/openssh-ldap.schema | 26 +++++++++++++++++++++
 modules/roles/manifests/sso.pp              |  5 ++++
 2 files changed, 31 insertions(+)
 create mode 100644 modules/roles/files/sso/openssh-ldap.schema

diff --git a/modules/roles/files/sso/openssh-ldap.schema b/modules/roles/files/sso/openssh-ldap.schema
new file mode 100644
index 000000000..43398cb53
--- /dev/null
+++ b/modules/roles/files/sso/openssh-ldap.schema
@@ -0,0 +1,26 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
+#                              useful with PKA-LDAP also
+#
+# Adjusted: Dennis Leeuw <dleeuw@made-it.com>
+#           Making the uid a MUST, but the sshPublicKey a MAY
+#           so we can add the objectClass and later add the key
+#
+# Author: Eric AUGE <eau@phear.org>
+#
+# Based on the proposal of : Mark Ruijter
+#
+
+
+# octetString SYNTAX
+attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
+	DESC 'MANDATORY: OpenSSH Public key'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+# printableString SYNTAX yes|no
+objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
+	DESC 'MANDATORY: OpenSSH LPK objectclass'
+	MUST uid
+	MAY sshPublicKey
+	)
diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index 147c5ff1e..052ddc1f5 100644
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -36,4 +36,9 @@ class roles::sso {
     source => 'puppet:///modules/roles/sso/default-slapd',
     notify => Service['slapd'],
   }
+
+  file { '/etc/ldap/schema/openssh-ldap.schema':
+    source => 'puppet:///modules/roles/sso/openssh-ldap.schema',
+    notify => Service['slapd'],
+  }
 }
-- 
2.20.1