From 1a264ffc3f7d6081dc0aac7c414f7c33220b4770 Mon Sep 17 00:00:00 2001
From: Benoit Mortier <benoit.mortier@opensides.be>
Date: Tue, 28 Feb 2012 19:15:08 +0100
Subject: [PATCH] Fixes: #528 Possibility to use the pam_check_host_attr
 feature when using the trust model

---
 contrib/openldap/ldapns.schema | 23 +++++++++++++++++++++++
 contrib/openldap/trust.ldif    | 11 -----------
 contrib/openldap/trust.schema  | 21 ---------------------
 3 files changed, 23 insertions(+), 32 deletions(-)
 create mode 100644 contrib/openldap/ldapns.schema
 delete mode 100644 contrib/openldap/trust.ldif
 delete mode 100644 contrib/openldap/trust.schema

diff --git a/contrib/openldap/ldapns.schema b/contrib/openldap/ldapns.schema
new file mode 100644
index 000000000..21ae00c33
--- /dev/null
+++ b/contrib/openldap/ldapns.schema
@@ -0,0 +1,23 @@
+# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $
+
+# LDAP Name Service Additional Schema
+
+# http://www.iana.org/assignments/gssapi-service-names
+
+attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
+	DESC 'IANA GSS-API authorized service name'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
+	DESC 'Auxiliary object class for adding authorizedService attribute'
+	SUP top
+	AUXILIARY
+	MAY authorizedService )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject'
+	DESC 'Auxiliary object class for adding host attribute'
+	SUP top
+	AUXILIARY
+	MAY host )
+
diff --git a/contrib/openldap/trust.ldif b/contrib/openldap/trust.ldif
deleted file mode 100644
index 722eb2b5d..000000000
--- a/contrib/openldap/trust.ldif
+++ /dev/null
@@ -1,11 +0,0 @@
-dn: cn=trust,cn=schema,cn=config
-objectClass: olcSchemaConfig
-cn: trust
-olcAttributeTypes: {0}( 5.3.6.1.1.1.1.0 NAME 'trustModel' DESC 'Access scheme'
-  EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6
- .1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-olcAttributeTypes: {1}( 5.3.6.1.1.1.1.1 NAME 'accessTo' DESC 'Access to which 
- servers user is allowed' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs
- tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-olcObjectClasses: {0}( 5.3.6.1.1.1.2.0 NAME 'trustAccount' DESC 'Sets trust ac
- counts information' SUP top AUXILIARY MUST trustModel MAY accessTo )
diff --git a/contrib/openldap/trust.schema b/contrib/openldap/trust.schema
deleted file mode 100644
index 6b6fab0ce..000000000
--- a/contrib/openldap/trust.schema
+++ /dev/null
@@ -1,21 +0,0 @@
-# this file goes into /etc/openldap/schema or into your schema directory for your LDAP v3 server
-# make sure you have it, otherwise, Directory administrator will complain when changing user accounts
-# unless you don't do schema checking
-
-attributetype ( 5.3.6.1.1.1.1.0 NAME 'trustModel'
-	DESC 'Access scheme'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 5.3.6.1.1.1.1.1 NAME 'accessTo'
-	DESC 'Access to which servers user is allowed'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-objectclass ( 5.3.6.1.1.1.2.0 NAME 'trustAccount' SUP top AUXILIARY
-	DESC 'Sets trust accounts information'
-	MUST ( trustModel )
-	MAY ( accessTo ) )
-
-- 
GitLab