Merge branch 'master' into 'ansible-lint'
# Conflicts: # roles/codimd/tasks/0_apt_dependencies.yml
This commit is contained in:
commit
1a4e41d318
27 changed files with 1048 additions and 149 deletions
1
base.yml
1
base.yml
|
@ -3,3 +3,4 @@
|
|||
- hosts: all
|
||||
roles:
|
||||
- baseconfig
|
||||
- basesecurity
|
||||
|
|
28
hosts
28
hosts
|
@ -14,10 +14,11 @@ synapse.adm.auro.re
|
|||
codimd.adm.auro.re
|
||||
services-bdd.adm.auro.re
|
||||
phabricator.adm.auro.re
|
||||
horus-wiki ansible_host=10.128.0.51
|
||||
wiki.adm.auro.re
|
||||
www.adm.auro.re
|
||||
pad.adm.auro.re
|
||||
proxy.adm.auro.re
|
||||
matrix-services.adm.auro.re
|
||||
|
||||
[ovh-vm]
|
||||
re2o-server.adm.auro.re
|
||||
|
@ -25,13 +26,21 @@ re2o-ldap.adm.auro.re
|
|||
re2o-db.adm.auro.re
|
||||
serge.adm.auro.re
|
||||
|
||||
[ovh-testing-vm]
|
||||
re2o-test.adm.auro.re
|
||||
|
||||
[fleming-pve]
|
||||
freya.adm.auro.re
|
||||
odin.adm.auro.re
|
||||
#freya.adm.auro.re
|
||||
#odin.adm.auro.re
|
||||
|
||||
[fleming-vm-ldap-replica]
|
||||
ldap-replica-fleming1.adm.auro.re
|
||||
ldap-replica-fleming2.adm.auro.re
|
||||
#ldap-replica-fleming1.adm.auro.re
|
||||
#ldap-replica-fleming2.adm.auro.re
|
||||
|
||||
[pacaterie-pve]
|
||||
#merlin.adm.auro.re
|
||||
#leodagan.adm.auro.re
|
||||
#mordred.adm.auro.re
|
||||
|
||||
# everything at ovh
|
||||
[ovh:children]
|
||||
|
@ -39,11 +48,19 @@ ovh-pve
|
|||
ovh-container
|
||||
ovh-vm
|
||||
|
||||
# everything at ovh-testing
|
||||
[ovh-testing:children]
|
||||
ovh-testing-vm
|
||||
|
||||
# everything at fleming
|
||||
[fleming:children]
|
||||
fleming-pve
|
||||
fleming-vm-ldap-replica
|
||||
|
||||
# everything at pacaterie
|
||||
[pacaterie:children]
|
||||
pacaterie-pve
|
||||
|
||||
# every LXC container
|
||||
[container:children]
|
||||
ovh-container
|
||||
|
@ -57,6 +74,7 @@ fleming-vm-ldap-replica
|
|||
[pve:children]
|
||||
ovh-pve
|
||||
fleming-pve
|
||||
pacaterie-pve
|
||||
|
||||
# every LDAP replica
|
||||
[ldap-replica:children]
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
# Aurore servers inventory
|
||||
|
||||
[ovh-testing-pve]
|
||||
|
||||
[ovh-testing-container]
|
||||
|
||||
[ovh-testing-vm]
|
||||
re2o-test.adm.auro.re
|
||||
|
||||
# everything at ovh-testing
|
||||
[ovh-testing:children]
|
||||
ovh-testing-pve
|
||||
ovh-testing-container
|
||||
ovh-testing-vm
|
||||
|
||||
# every LXC container
|
||||
[container:children]
|
||||
ovh-testing-container
|
||||
|
||||
# every virtual machine
|
||||
[vm:children]
|
||||
ovh-testing-vm
|
||||
|
||||
# every PVE
|
||||
[pve:children]
|
||||
ovh-testing-pve
|
||||
|
|
@ -8,8 +8,15 @@
|
|||
- debian-backports
|
||||
- matrix-synapse
|
||||
- matrix-mxisd
|
||||
- matrix-appservice-discord
|
||||
- matrix-appservice-irc
|
||||
|
||||
# Install Matrix Riot on corresponding containers
|
||||
- hosts: riot.adm.auro.re
|
||||
roles:
|
||||
- matrix-riot
|
||||
|
||||
# Install Matrix services
|
||||
- hosts: matrix-services.adm.auro.re
|
||||
roles:
|
||||
- debian-backports
|
||||
|
|
|
@ -5,28 +5,25 @@
|
|||
reversed_proxy_subdomains:
|
||||
- name: re2o
|
||||
from: re2o.auro.re
|
||||
to: 10.128.0.10
|
||||
to: re2o-server.adm.auro.re
|
||||
- name: intranet
|
||||
from: intranet.auro.re
|
||||
to: 10.128.0.10
|
||||
to: re2o-server.adm.auro.re
|
||||
- name: pad
|
||||
from: pad.auro.re
|
||||
to: 10.128.0.54:9001
|
||||
to: pad.adm.auro.re:9001
|
||||
- name: phabricator
|
||||
from: phabricator.auro.re
|
||||
to: 10.128.0.50
|
||||
to: phabricator.adm.auro.re
|
||||
- name: wiki
|
||||
from: wiki.auro.re
|
||||
to: 10.128.0.51
|
||||
to: wiki.adm.auro.re
|
||||
- name: www
|
||||
from: www.auro.re
|
||||
to: 10.128.0.52
|
||||
- name: main
|
||||
from: auro.re
|
||||
to: 10.128.0.52
|
||||
to: www.adm.auro.re
|
||||
- name: re2o-test
|
||||
from: re2o-test.auro.re
|
||||
to: 10.128.0.100
|
||||
to: re2o-test.adm.auro.re
|
||||
- name: riot
|
||||
from: riot.auro.re
|
||||
to: riot.adm.auro.re
|
||||
|
|
25
roles/basesecurity/tasks/main.yml
Normal file
25
roles/basesecurity/tasks/main.yml
Normal file
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- name: Configure sysctl
|
||||
template:
|
||||
src: 'sysctl.d/local.conf.j2'
|
||||
dest: '/etc/sysctl.d/local.conf'
|
||||
mode: 0644
|
||||
|
||||
# Use this command to list setuid or setgid executables
|
||||
# find / -type f -perm /6000 -ls 2>/dev/null
|
||||
- name: Desactivate setuid/setgid on unused binaries
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
mode: u-s,g-s
|
||||
loop:
|
||||
- /usr/lib/openssh/sshkeysign # Not used
|
||||
- /usr/bin/gpasswd # No group auth
|
||||
- /usr/bin/passwd # Only root should change passwd
|
||||
- /usr/bin/expiry # With re2o
|
||||
- /usr/bin/newgrp # No group auth
|
||||
- /usr/bin/chage # With re2o
|
||||
- /usr/bin/chsh # With re2o
|
||||
- /usr/bin/chfn # With re2o
|
||||
- /bin/mount # Only root should mount
|
||||
- /bin/umount # Only root should umount
|
||||
ignore_errors: yes # Sometimes file won't exist
|
17
roles/basesecurity/templates/sysctl.d/local.conf.j2
Normal file
17
roles/basesecurity/templates/sysctl.d/local.conf.j2
Normal file
|
@ -0,0 +1,17 @@
|
|||
# {{ ansible_managed }}
|
||||
# See https://www.ssi.gouv.fr/uploads/2016/01/linux_configuration-fr-v1.2.pdf
|
||||
|
||||
# Disable core dump of setuid executables
|
||||
# So an user can't read privileged information in memory
|
||||
fs.suid_dumpable = 0
|
||||
|
||||
# Obfuscate kernel memory addresses
|
||||
kernel.kptr_restrict = 1
|
||||
|
||||
# Restrict dmesg access
|
||||
# This can leak specific harware failures to exploit
|
||||
kernel.dmesg_restrict = 1
|
||||
|
||||
# Do not load kernel modules after boot
|
||||
# Some modules have security issues and are used in exploits
|
||||
kernel.modules_disabled = 1
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
# Build front-end bundle
|
||||
# This can take very long and requires > 2GB of RAM
|
||||
- name: Build front-end for CodiMD
|
||||
command: npm run build
|
||||
command: NODE_ENV="production" yarn run build
|
||||
args:
|
||||
chdir: /var/local/codimd/codimd
|
||||
become: true
|
||||
|
|
|
@ -9,6 +9,11 @@
|
|||
dest: /etc/apt/preferences.d/nodejs
|
||||
mode: 0644
|
||||
|
||||
# TODO
|
||||
# apt-transport-https
|
||||
# curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
|
||||
# echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
|
||||
|
||||
# Install CodiMD dependencies
|
||||
- name: Install required packages
|
||||
apt:
|
||||
|
@ -20,7 +25,7 @@
|
|||
- nodejs
|
||||
- npm
|
||||
- build-essential
|
||||
- zlib1g-dev # uws module
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
- yarn
|
|
@ -6,19 +6,18 @@
|
|||
- include_tasks: 1_user_group.yml
|
||||
|
||||
# Download CodiMD
|
||||
# TODO : temporally disabled until 1.3.0 is out (because of uws bug)
|
||||
# - name: Clone CodiMD project
|
||||
# git:
|
||||
# repo: https://github.com/hackmdio/codimd.git
|
||||
# dest: /var/local/codimd/codimd
|
||||
# version: 1.2.1
|
||||
# become: true
|
||||
# become_user: codimd
|
||||
# notify: Build front-end for CodiMD
|
||||
- name: Clone CodiMD project
|
||||
git:
|
||||
repo: https://github.com/hackmdio/codimd.git
|
||||
dest: /var/local/codimd/codimd
|
||||
version: 1.3.0
|
||||
become: true
|
||||
become_user: codimd
|
||||
notify: Build front-end for CodiMD
|
||||
|
||||
# Setup dependencies and configs
|
||||
- name: Install CodiMD depedencies
|
||||
command: bin/setup
|
||||
command: NODE_ENV="production" bin/setup
|
||||
args:
|
||||
chdir: /var/local/codimd/codimd
|
||||
become: true
|
||||
|
@ -33,14 +32,6 @@
|
|||
group: codimd
|
||||
mode: 0600
|
||||
|
||||
# Update database
|
||||
- name: Migrate the db to the latest schema
|
||||
command: node_modules/.bin/sequelize db:migrate
|
||||
args:
|
||||
chdir: /var/local/codimd/codimd
|
||||
become: true
|
||||
become_user: codimd
|
||||
|
||||
# Configure
|
||||
- name: Configure CodiMD
|
||||
template:
|
||||
|
|
|
@ -49,7 +49,7 @@ cn: {0}core
|
|||
olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: k
|
||||
nowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.
|
||||
121.1.15{32768} )
|
||||
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last
|
||||
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last
|
||||
(family) name(s) for which the entity is known by' SUP name )
|
||||
olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial nu
|
||||
mber of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
|
||||
|
@ -94,7 +94,7 @@ olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Nu
|
|||
mber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
|
||||
olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC
|
||||
2256: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
|
||||
olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
|
||||
olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
|
||||
DESC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.11
|
||||
5.121.1.22 )
|
||||
olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Ad
|
||||
|
@ -112,7 +112,7 @@ olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256:
|
|||
olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC22
|
||||
56: preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-
|
||||
VALUE )
|
||||
olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256:
|
||||
olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256:
|
||||
presentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.
|
||||
1466.115.121.1.43 SINGLE-VALUE )
|
||||
olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'R
|
||||
|
@ -120,14 +120,14 @@ olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'R
|
|||
X 1.3.6.1.4.1.1466.115.121.1.38 )
|
||||
olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a g
|
||||
roup' SUP distinguishedName )
|
||||
olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the
|
||||
olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the
|
||||
object)' SUP distinguishedName )
|
||||
olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupan
|
||||
t of role' SUP distinguishedName )
|
||||
olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.50
|
||||
9 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.
|
||||
6.1.4.1.1466.115.121.1.8 )
|
||||
olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509
|
||||
olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509
|
||||
CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.
|
||||
4.1.1466.115.121.1.8 )
|
||||
olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC22
|
||||
|
@ -143,7 +143,7 @@ olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: f
|
|||
irst name(s) for which the entity is known by' SUP name )
|
||||
olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of
|
||||
some or all of names, but not the surname(s).' SUP name )
|
||||
olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256:
|
||||
olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256:
|
||||
name qualifier indicating a generation' SUP name )
|
||||
olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256:
|
||||
X.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.1
|
||||
|
@ -151,20 +151,20 @@ olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256:
|
|||
olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN quali
|
||||
fier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR case
|
||||
IgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
|
||||
olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256:
|
||||
olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256:
|
||||
enhanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
|
||||
olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256:
|
||||
olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256:
|
||||
protocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.
|
||||
1466.115.121.1.42 )
|
||||
olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique
|
||||
olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique
|
||||
member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.1
|
||||
21.1.34 )
|
||||
olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: hous
|
||||
e identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN
|
||||
TAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
|
||||
olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256:
|
||||
olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256:
|
||||
supported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
|
||||
olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256:
|
||||
olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256:
|
||||
delta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
|
||||
olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD'
|
||||
SUP name )
|
||||
|
@ -172,20 +172,20 @@ olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudon
|
|||
ym for the object' SUP name )
|
||||
olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mail
|
||||
box' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBST
|
||||
R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
|
||||
R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
|
||||
)
|
||||
olcAttributeTypes: {49}( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainCompo
|
||||
nent' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match S
|
||||
UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN
|
||||
GLE-VALUE )
|
||||
olcAttributeTypes: {50}( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
|
||||
olcAttributeTypes: {50}( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
|
||||
DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match S
|
||||
UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
olcAttributeTypes: {51}( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress'
|
||||
'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs'
|
||||
olcAttributeTypes: {51}( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress'
|
||||
'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs'
|
||||
EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.
|
||||
6.1.4.1.1466.115.121.1.26{128} )
|
||||
olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP
|
||||
olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP
|
||||
top STRUCTURAL MUST c MAY ( searchGuide $ description ) )
|
||||
olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SU
|
||||
P top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ descriptio
|
||||
|
@ -195,7 +195,7 @@ olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organiz
|
|||
$ businessCategory $ x121Address $ registeredAddress $ destinationIndicato
|
||||
r $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ tel
|
||||
ephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street
|
||||
$ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
|
||||
$ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
|
||||
$ st $ l $ description ) )
|
||||
olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an o
|
||||
rganizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchG
|
||||
|
@ -215,9 +215,9 @@ olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an
|
|||
lAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
|
||||
olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an o
|
||||
rganizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ register
|
||||
edAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
|
||||
edAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
|
||||
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ fac
|
||||
simileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $
|
||||
simileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $
|
||||
street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOffic
|
||||
eName $ ou $ st $ l $ description ) )
|
||||
olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of
|
||||
|
@ -230,24 +230,24 @@ olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an r
|
|||
onaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ stree
|
||||
t $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
|
||||
$ st $ l ) )
|
||||
olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an
|
||||
olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an
|
||||
application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ de
|
||||
scription ) )
|
||||
olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an
|
||||
olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an
|
||||
application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MA
|
||||
Y ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
|
||||
olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory syste
|
||||
m agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformati
|
||||
on )
|
||||
olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP
|
||||
top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $
|
||||
olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP
|
||||
top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $
|
||||
description ) )
|
||||
olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC22
|
||||
56: a strong authentication user' SUP top AUXILIARY MUST userCertificate )
|
||||
olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256
|
||||
: a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList
|
||||
$ certificateRevocationList $ cACertificate ) MAY crossCertificatePair )
|
||||
olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a
|
||||
olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a
|
||||
group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST (
|
||||
uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ de
|
||||
scription ) )
|
||||
|
@ -263,7 +263,7 @@ olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdNam
|
|||
e ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Add
|
||||
ress $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $
|
||||
telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationali
|
||||
SDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode
|
||||
SDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode
|
||||
$ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
|
||||
olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' S
|
||||
UP top AUXILIARY MAY userCertificate )
|
||||
|
@ -278,7 +278,7 @@ olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'R
|
|||
olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObjec
|
||||
t' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPasswo
|
||||
rd )
|
||||
olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247:
|
||||
olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247:
|
||||
domain component object' SUP top AUXILIARY MUST dc )
|
||||
olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid ob
|
||||
ject' SUP top AUXILIARY MUST uid )
|
||||
|
@ -328,7 +328,7 @@ olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' D
|
|||
olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DE
|
||||
SC 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNT
|
||||
AX 1.3.6.1.4.1.1466.115.121.1.12 )
|
||||
olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
|
||||
olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
|
||||
DESC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBS
|
||||
TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
||||
olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'home
|
||||
|
@ -340,7 +340,7 @@ olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'R
|
|||
.1466.115.121.1.12 )
|
||||
olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNT
|
||||
AX 1.3.6.1.4.1.1466.115.121.1.39 )
|
||||
olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY
|
||||
olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY
|
||||
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY
|
||||
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
@ -370,9 +370,9 @@ olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTel
|
|||
mberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115
|
||||
.121.1.50 )
|
||||
olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCou
|
||||
ntryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch
|
||||
ntryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
||||
olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
|
||||
olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
|
||||
DESC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.
|
||||
1.1466.115.121.1.15{256} )
|
||||
olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME 'organizationalStat
|
||||
|
@ -401,7 +401,7 @@ olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQual
|
|||
olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
|
||||
DESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.12
|
||||
1.1.23 )
|
||||
olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC
|
||||
olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC
|
||||
'RFC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.
|
||||
1466.115.121.1.12 )
|
||||
olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC12
|
||||
|
@ -412,16 +412,16 @@ olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
|
|||
olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPi
|
||||
lotPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rf
|
||||
c822Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber
|
||||
$ homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod
|
||||
$ businessCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
|
||||
$ homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod
|
||||
$ businessCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
|
||||
pagerTelephoneNumber $ organizationalStatus $ mailPreferenceOption $ person
|
||||
alSignature ) )
|
||||
olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRU
|
||||
CTURAL MUST userid MAY ( description $ seeAlso $ localityName $ organizatio
|
||||
nName $ organizationalUnitName $ host ) )
|
||||
olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STR
|
||||
UCTURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $
|
||||
localityName $ organizationName $ organizationalUnitName $ documentTitle $
|
||||
UCTURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $
|
||||
localityName $ organizationName $ organizationalUnitName $ documentTitle $
|
||||
documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
|
||||
olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTU
|
||||
RAL MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNum
|
||||
|
@ -452,7 +452,7 @@ olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
|
|||
ciatedDomain )
|
||||
olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP
|
||||
country STRUCTURAL MUST friendlyCountryName )
|
||||
olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
|
||||
olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
|
||||
SUP ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
|
||||
olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa S
|
||||
TRUCTURAL MAY dSAQuality )
|
||||
|
@ -470,13 +470,13 @@ modifyTimestamp: 20150225150906Z
|
|||
dn: cn={2}nis,cn=schema,cn=config
|
||||
objectClass: olcSchemaConfig
|
||||
cn: {2}nis
|
||||
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field;
|
||||
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field;
|
||||
the common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings
|
||||
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||
olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absol
|
||||
ute path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4
|
||||
.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||
olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to
|
||||
olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to
|
||||
the login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121
|
||||
.1.26 SINGLE-VALUE )
|
||||
olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY int
|
||||
|
@ -496,14 +496,14 @@ olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerM
|
|||
olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExac
|
||||
tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
|
||||
1.1.26 )
|
||||
olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY
|
||||
olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY
|
||||
caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146
|
||||
6.115.121.1.26 )
|
||||
olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Net
|
||||
group triple' SYNTAX 1.3.6.1.1.1.0.0 )
|
||||
olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY inte
|
||||
gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name
|
||||
olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name
|
||||
)
|
||||
olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY i
|
||||
ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||
|
@ -539,7 +539,7 @@ olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction o
|
|||
f a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( use
|
||||
rPassword $ memberUid $ description ) )
|
||||
olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an
|
||||
Internet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $
|
||||
Internet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $
|
||||
ipServiceProtocol ) MAY description )
|
||||
olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction o
|
||||
f an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ descrip
|
||||
|
@ -547,24 +547,24 @@ olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction o
|
|||
olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an
|
||||
ONC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description
|
||||
) MAY description )
|
||||
olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a
|
||||
host, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $
|
||||
olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a
|
||||
host, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $
|
||||
description $ manager ) )
|
||||
olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of
|
||||
an IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNe
|
||||
tmaskNumber $ l $ description $ manager ) )
|
||||
olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction
|
||||
olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction
|
||||
of a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberN
|
||||
isNetgroup $ description ) )
|
||||
olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstrac
|
||||
tion of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
|
||||
olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in
|
||||
olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in
|
||||
a NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY de
|
||||
scription )
|
||||
olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device
|
||||
with a MAC address' SUP top AUXILIARY MAY macAddress )
|
||||
olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A devic
|
||||
e with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter )
|
||||
e with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter )
|
||||
)
|
||||
structuralObjectClass: olcSchemaConfig
|
||||
entryUUID: fc8f6894-514b-1034-9c32-0faf5bc7ead5
|
||||
|
@ -608,7 +608,7 @@ olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RF
|
|||
C2798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.14
|
||||
66.115.121.1.5 )
|
||||
olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RF
|
||||
C2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL
|
||||
C2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL
|
||||
MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayNam
|
||||
e $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddre
|
||||
ss $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ page
|
||||
|
@ -625,16 +625,16 @@ modifyTimestamp: 20150225150906Z
|
|||
dn: cn={4}samba,cn=schema,cn=config
|
||||
objectClass: olcSchemaConfig
|
||||
cn: {4}samba
|
||||
olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC
|
||||
olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC
|
||||
'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1
|
||||
15.121.1.26{32} SINGLE-VALUE )
|
||||
olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC
|
||||
olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC
|
||||
'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6
|
||||
.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
|
||||
olcAttributeTypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC '
|
||||
Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.
|
||||
1.26{16} SINGLE-VALUE )
|
||||
olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC
|
||||
olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC
|
||||
'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.
|
||||
1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DES
|
||||
|
@ -646,7 +646,7 @@ olcAttributeTypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DE
|
|||
olcAttributeTypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC '
|
||||
Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.
|
||||
121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC
|
||||
olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC
|
||||
'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.11
|
||||
5.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC
|
||||
|
@ -656,12 +656,12 @@ olcAttributeTypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
|
|||
DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1
|
||||
.1466.115.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
|
||||
DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX
|
||||
DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX
|
||||
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC
|
||||
'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.
|
||||
1.26{42} SINGLE-VALUE )
|
||||
olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC
|
||||
olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC
|
||||
'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTA
|
||||
X 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
|
||||
olcAttributeTypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DES
|
||||
|
@ -694,8 +694,8 @@ olcAttributeTypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
|
|||
olcAttributeTypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'S
|
||||
ecurity ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12
|
||||
1.1.26{64} )
|
||||
olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC
|
||||
'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC
|
||||
'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
olcAttributeTypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DES
|
||||
C 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.
|
||||
|
@ -707,10 +707,10 @@ olcAttributeTypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'N
|
|||
ext NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4
|
||||
.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBa
|
||||
se' DESC 'Base at which the samba RID generation algorithm should operate'
|
||||
se' DESC 'Base at which the samba RID generation algorithm should operate'
|
||||
EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC
|
||||
'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
||||
olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC
|
||||
'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
||||
SINGLE-VALUE )
|
||||
olcAttributeTypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC
|
||||
'Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY
|
||||
|
@ -739,10 +739,10 @@ olcAttributeTypes: {36}( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength
|
|||
olcAttributeTypes: {37}( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' D
|
||||
ESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
|
||||
EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC
|
||||
'Maximum password age, in seconds (default: -1 => never expire passwords)'
|
||||
olcAttributeTypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC
|
||||
'Maximum password age, in seconds (default: -1 => never expire passwords)'
|
||||
EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC
|
||||
olcAttributeTypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC
|
||||
'Minimum password age, in seconds (default: 0 => allow immediate password c
|
||||
hange)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V
|
||||
ALUE )
|
||||
|
@ -759,25 +759,25 @@ olcAttributeTypes: {43}( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DES
|
|||
C 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUA
|
||||
LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {44}( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwd
|
||||
Change' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY
|
||||
Change' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY
|
||||
integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {45}( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPasswor
|
||||
d' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY
|
||||
d' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY
|
||||
octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
|
||||
olcAttributeTypes: {46}( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTex
|
||||
tPassword' DESC 'Previous clear text password (used for trusted domain pass
|
||||
words)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
|
||||
olcAttributeTypes: {47}( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC
|
||||
'Type of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
olcAttributeTypes: {47}( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC
|
||||
'Type of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
olcAttributeTypes: {48}( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes'
|
||||
DESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX
|
||||
DESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX
|
||||
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {49}( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection'
|
||||
olcAttributeTypes: {49}( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection'
|
||||
DESC 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1
|
||||
15.121.1.27 SINGLE-VALUE )
|
||||
olcAttributeTypes: {50}( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DE
|
||||
SC 'Fully qualified name of the domain with which a trust exists' EQUALITY
|
||||
SC 'Fully qualified name of the domain with which a trust exists' EQUALITY
|
||||
caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
||||
olcAttributeTypes: {51}( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC '
|
||||
NetBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.
|
||||
|
@ -793,7 +793,7 @@ olcAttributeTypes: {54}( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifi
|
|||
xactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALU
|
||||
E )
|
||||
olcAttributeTypes: {55}( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrust
|
||||
Info' DESC 'Forest trust information for a trusted domain object' EQUALITY
|
||||
Info' DESC 'Forest trust information for a trusted domain object' EQUALITY
|
||||
caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
|
||||
olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'S
|
||||
amba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MA
|
||||
|
@ -803,7 +803,7 @@ olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'S
|
|||
baLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sa
|
||||
mbaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCo
|
||||
unt $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours ) )
|
||||
olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC
|
||||
olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC
|
||||
'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ samba
|
||||
GroupType ) MAY ( displayName $ description $ sambaSIDList ) )
|
||||
olcObjectClasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DES
|
||||
|
@ -816,7 +816,7 @@ olcObjectClasses: {3}( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassw
|
|||
olcObjectClasses: {4}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba
|
||||
Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID )
|
||||
MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithm
|
||||
icRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd
|
||||
icRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd
|
||||
$ sambaMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObse
|
||||
rvationWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachi
|
||||
nePwdChange ) )
|
||||
|
@ -833,7 +833,7 @@ olcObjectClasses: {8}( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samb
|
|||
olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba
|
||||
Share Section' SUP top STRUCTURAL MUST sambaShareName MAY description )
|
||||
olcObjectClasses: {10}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DES
|
||||
C 'Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY
|
||||
C 'Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY
|
||||
( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringLis
|
||||
toption $ description ) )
|
||||
olcObjectClasses: {11}( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DE
|
||||
|
@ -871,12 +871,12 @@ olcAttributeTypes: {5}( 1.3.6.1.4.1.3317.4.3.1.5 NAME 'radiusCallbackNumber'
|
|||
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S
|
||||
INGLE-VALUE )
|
||||
olcAttributeTypes: {6}( 1.3.6.1.4.1.3317.4.3.1.6 NAME 'radiusCalledStationId
|
||||
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
)
|
||||
olcAttributeTypes: {7}( 1.3.6.1.4.1.3317.4.3.1.7 NAME 'radiusCallingStationI
|
||||
d' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
)
|
||||
olcAttributeTypes: {8}( 1.3.6.1.4.1.3317.4.3.1.8 NAME 'radiusClass' DESC ''
|
||||
olcAttributeTypes: {8}( 1.3.6.1.4.1.3317.4.3.1.8 NAME 'radiusClass' DESC ''
|
||||
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
olcAttributeTypes: {9}( 1.3.6.1.4.1.3317.4.3.1.45 NAME 'radiusClientIPAddres
|
||||
s' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
|
@ -911,10 +911,10 @@ olcAttributeTypes: {18}( 1.3.6.1.4.1.3317.4.3.1.17 NAME 'radiusFramedMTU' DE
|
|||
olcAttributeTypes: {19}( 1.3.6.1.4.1.3317.4.3.1.18 NAME 'radiusFramedProtoco
|
||||
l' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE )
|
||||
olcAttributeTypes: {20}( 1.3.6.1.4.1.3317.4.3.1.19 NAME 'radiusFramedRoute'
|
||||
olcAttributeTypes: {20}( 1.3.6.1.4.1.3317.4.3.1.19 NAME 'radiusFramedRoute'
|
||||
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
olcAttributeTypes: {21}( 1.3.6.1.4.1.3317.4.3.1.20 NAME 'radiusFramedRouting
|
||||
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE )
|
||||
olcAttributeTypes: {22}( 1.3.6.1.4.1.3317.4.3.1.46 NAME 'radiusGroupName' DE
|
||||
SC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
@ -922,16 +922,16 @@ olcAttributeTypes: {23}( 1.3.6.1.4.1.3317.4.3.1.47 NAME 'radiusHint' DESC ''
|
|||
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA
|
||||
LUE )
|
||||
olcAttributeTypes: {24}( 1.3.6.1.4.1.3317.4.3.1.48 NAME 'radiusHuntgroupName
|
||||
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
)
|
||||
olcAttributeTypes: {25}( 1.3.6.1.4.1.3317.4.3.1.21 NAME 'radiusIdleTimeout'
|
||||
olcAttributeTypes: {25}( 1.3.6.1.4.1.3317.4.3.1.21 NAME 'radiusIdleTimeout'
|
||||
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI
|
||||
NGLE-VALUE )
|
||||
olcAttributeTypes: {26}( 1.3.6.1.4.1.3317.4.3.1.22 NAME 'radiusLoginIPHost'
|
||||
olcAttributeTypes: {26}( 1.3.6.1.4.1.3317.4.3.1.22 NAME 'radiusLoginIPHost'
|
||||
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI
|
||||
NGLE-VALUE )
|
||||
olcAttributeTypes: {27}( 1.3.6.1.4.1.3317.4.3.1.23 NAME 'radiusLoginLATGroup
|
||||
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE )
|
||||
olcAttributeTypes: {28}( 1.3.6.1.4.1.3317.4.3.1.24 NAME 'radiusLoginLATNode'
|
||||
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S
|
||||
|
@ -949,15 +949,15 @@ olcAttributeTypes: {32}( 1.3.6.1.4.1.3317.4.3.1.28 NAME 'radiusLoginTCPPort'
|
|||
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S
|
||||
INGLE-VALUE )
|
||||
olcAttributeTypes: {33}( 1.3.6.1.4.1.3317.4.3.1.29 NAME 'radiusPasswordRetry
|
||||
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE )
|
||||
olcAttributeTypes: {34}( 1.3.6.1.4.1.3317.4.3.1.30 NAME 'radiusPortLimit' DE
|
||||
SC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING
|
||||
LE-VALUE )
|
||||
olcAttributeTypes: {35}( 1.3.6.1.4.1.3317.4.3.1.49 NAME 'radiusProfileDn' DE
|
||||
SC '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
|
||||
SC '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
|
||||
SINGLE-VALUE )
|
||||
olcAttributeTypes: {36}( 1.3.6.1.4.1.3317.4.3.1.31 NAME 'radiusPrompt' DESC
|
||||
olcAttributeTypes: {36}( 1.3.6.1.4.1.3317.4.3.1.31 NAME 'radiusPrompt' DESC
|
||||
'' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
|
||||
VALUE )
|
||||
olcAttributeTypes: {37}( 1.3.6.1.4.1.3317.4.3.1.50 NAME 'radiusProxyToRealm'
|
||||
|
@ -969,7 +969,7 @@ olcAttributeTypes: {38}( 1.3.6.1.4.1.3317.4.3.1.51 NAME 'radiusReplicateToRe
|
|||
olcAttributeTypes: {39}( 1.3.6.1.4.1.3317.4.3.1.52 NAME 'radiusRealm' DESC '
|
||||
' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V
|
||||
ALUE )
|
||||
olcAttributeTypes: {40}( 1.3.6.1.4.1.3317.4.3.1.32 NAME 'radiusServiceType'
|
||||
olcAttributeTypes: {40}( 1.3.6.1.4.1.3317.4.3.1.32 NAME 'radiusServiceType'
|
||||
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI
|
||||
NGLE-VALUE )
|
||||
olcAttributeTypes: {41}( 1.3.6.1.4.1.3317.4.3.1.33 NAME 'radiusSessionTimeou
|
||||
|
@ -998,7 +998,7 @@ olcAttributeTypes: {48}( 1.3.6.1.4.1.3317.4.3.1.40 NAME 'radiusTunnelServerE
|
|||
1.1.26 )
|
||||
olcAttributeTypes: {49}( 1.3.6.1.4.1.3317.4.3.1.41 NAME 'radiusTunnelType' D
|
||||
ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
olcAttributeTypes: {50}( 1.3.6.1.4.1.3317.4.3.1.42 NAME 'radiusVSA' DESC ''
|
||||
olcAttributeTypes: {50}( 1.3.6.1.4.1.3317.4.3.1.42 NAME 'radiusVSA' DESC ''
|
||||
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
olcAttributeTypes: {51}( 1.3.6.1.4.1.3317.4.3.1.43 NAME 'radiusTunnelClientE
|
||||
ndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12
|
||||
|
@ -1013,7 +1013,7 @@ olcAttributeTypes: {54}( 1.3.6.1.4.1.3317.4.3.1.55 NAME 'radiusUserCategory'
|
|||
INGLE-VALUE )
|
||||
olcAttributeTypes: {55}( 1.3.6.1.4.1.3317.4.3.1.56 NAME 'radiusStripUserName
|
||||
' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
||||
olcAttributeTypes: {56}( 1.3.6.1.4.1.3317.4.3.1.57 NAME 'dialupAccess' DESC
|
||||
olcAttributeTypes: {56}( 1.3.6.1.4.1.3317.4.3.1.57 NAME 'dialupAccess' DESC
|
||||
'' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
|
||||
VALUE )
|
||||
olcAttributeTypes: {57}( 1.3.6.1.4.1.3317.4.3.1.58 NAME 'radiusExpiration' D
|
||||
|
@ -1024,7 +1024,7 @@ olcAttributeTypes: {58}( 1.3.6.1.4.1.3317.4.3.1.59 NAME 'radiusCheckItem' DE
|
|||
olcAttributeTypes: {59}( 1.3.6.1.4.1.3317.4.3.1.60 NAME 'radiusReplyItem' DE
|
||||
SC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
olcObjectClasses: {0}( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' DESC ''
|
||||
SUP top AUXILIARY MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $
|
||||
SUP top AUXILIARY MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $
|
||||
radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNu
|
||||
mber $ radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiu
|
||||
sClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFrame
|
||||
|
@ -1183,3 +1183,4 @@ createTimestamp: 20150305013830Z
|
|||
entryCSN: 20160607103125.521039Z#000000#000#000000
|
||||
modifiersName: cn=config
|
||||
modifyTimestamp: 20160607103125Z
|
||||
|
||||
|
|
4
roles/matrix-appservice-discord/handlers/main.yml
Normal file
4
roles/matrix-appservice-discord/handlers/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
# Reload systemd daemons when a service file changes
|
||||
- name: Reload systemd daemons
|
||||
command: systemctl daemon-reload
|
20
roles/matrix-appservice-discord/tasks/0_apt_dependencies.yml
Normal file
20
roles/matrix-appservice-discord/tasks/0_apt_dependencies.yml
Normal file
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
- name: Configure NodeJS pin
|
||||
when:
|
||||
- ansible_distribution == 'Debian'
|
||||
- ansible_distribution_release == 'stretch'
|
||||
template:
|
||||
src: apt/nodejs.j2
|
||||
dest: /etc/apt/preferences.d/nodejs
|
||||
mode: 0644
|
||||
|
||||
- name: Install required packages
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
with_items:
|
||||
- git
|
||||
- nodejs
|
||||
- npm
|
||||
- build-essential
|
26
roles/matrix-appservice-discord/tasks/1_user_group.yml
Normal file
26
roles/matrix-appservice-discord/tasks/1_user_group.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
# Security #1
|
||||
- name: Create matrix-appservice-discord system group
|
||||
group:
|
||||
name: matrix-appservice-discord
|
||||
system: yes
|
||||
state: present
|
||||
|
||||
# Security #2
|
||||
- name: Create matrix-appservice-discord user
|
||||
user:
|
||||
name: matrix-appservice-discord
|
||||
group: matrix-appservice-discord
|
||||
home: /var/local/matrix-appservice-discord
|
||||
comment: Matrix Appservice Discord
|
||||
system: yes
|
||||
state: present
|
||||
|
||||
# Security #3
|
||||
- name: Secure matrix-appservice-discord home directory
|
||||
file:
|
||||
path: /var/local/matrix-appservice-discord
|
||||
state: directory
|
||||
owner: matrix-appservice-discord
|
||||
group: matrix-appservice-discord
|
||||
mode: 0750
|
57
roles/matrix-appservice-discord/tasks/main.yml
Normal file
57
roles/matrix-appservice-discord/tasks/main.yml
Normal file
|
@ -0,0 +1,57 @@
|
|||
---
|
||||
# Install APT dependencies
|
||||
- include_tasks: 0_apt_dependencies.yml
|
||||
|
||||
# Create CodiMD user and group
|
||||
- include_tasks: 1_user_group.yml
|
||||
|
||||
# Download CodiMD
|
||||
- name: Clone matrix-appservice-discord project
|
||||
git:
|
||||
repo: https://github.com/Half-Shot/matrix-appservice-discord.git
|
||||
dest: /var/local/matrix-appservice-discord/matrix-appservice-discord
|
||||
version: v0.4.0
|
||||
become: true
|
||||
become_user: matrix-appservice-discord
|
||||
|
||||
# Setup dependencies
|
||||
- name: Install matrix-appservice-discord depedencies
|
||||
command: npm ci
|
||||
args:
|
||||
chdir: /var/local/matrix-appservice-discord/matrix-appservice-discord
|
||||
become: true
|
||||
become_user: matrix-appservice-discord
|
||||
|
||||
# Typescript into javascript
|
||||
- name: Compile matrix-appservice-discord
|
||||
command: npm run build
|
||||
args:
|
||||
chdir: /var/local/matrix-appservice-discord/matrix-appservice-discord
|
||||
become: true
|
||||
become_user: matrix-appservice-discord
|
||||
|
||||
# Configure
|
||||
- name: Configure matrix-appservice-discord
|
||||
template:
|
||||
src: config.yaml.j2
|
||||
dest: /var/local/matrix-appservice-discord/matrix-appservice-discord/config.yaml
|
||||
owner: matrix-appservice-discord
|
||||
group: matrix-appservice-discord
|
||||
mode: 0600
|
||||
|
||||
# Service file
|
||||
- name: Install matrix-appservice-discord systemd unit
|
||||
template:
|
||||
src: 'systemd/matrix-appservice-discord.service.j2'
|
||||
dest: '/etc/systemd/system/matrix-appservice-discord.service'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: Reload systemd daemons
|
||||
|
||||
# Run
|
||||
#- name: Ensure that matrix-appservice-discord is started
|
||||
# service:
|
||||
# name: matrix-appservice-discord
|
||||
# state: started
|
||||
# enabled: true
|
5
roles/matrix-appservice-discord/templates/apt/nodejs.j2
Normal file
5
roles/matrix-appservice-discord/templates/apt/nodejs.j2
Normal file
|
@ -0,0 +1,5 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
Package: node* libuv1*
|
||||
Pin: release a=stretch-backports
|
||||
Pin-Priority: 600
|
85
roles/matrix-appservice-discord/templates/config.yaml.j2
Normal file
85
roles/matrix-appservice-discord/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,85 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
bridge:
|
||||
# Domain part of the bridge, e.g. matrix.org
|
||||
domain: "auro.re"
|
||||
# This should be your publically facing URL because Discord may use it to
|
||||
# fetch media from the media store.
|
||||
homeserverUrl: "https://auro.re"
|
||||
# Interval at which to process users in the 'presence queue'. If you have
|
||||
# 5 users, one user will be processed every 500 milliseconds according to the
|
||||
# value below. This has a minimum value of 250.
|
||||
# WARNING: This has a high chance of spamming the homeserver with presence
|
||||
# updates since it will send one each time somebody changes state or is online.
|
||||
presenceInterval: 500
|
||||
# Disable setting presence for 'ghost users' which means Discord users on Matrix
|
||||
# will not be shown as away or online.
|
||||
disablePresence: false
|
||||
# Disable sending typing notifications when somebody on Discord types.
|
||||
disableTypingNotifications: false
|
||||
# Disable deleting messages on Discord if a message is redacted on Matrix.
|
||||
disableDeletionForwarding: false
|
||||
# Enable users to bridge rooms using !discord commands. See
|
||||
# https://t2bot.io/discord for instructions.
|
||||
enableSelfServiceBridging: false
|
||||
# Disable sending of read receipts for Matrix events which have been
|
||||
# successfully bridged to Discord.
|
||||
disableReadReceipts: false
|
||||
# Authentication configuration for the discord bot.
|
||||
auth:
|
||||
clientID: "12345"
|
||||
botToken: "foobar"
|
||||
logging:
|
||||
# What level should the logger output to the console at.
|
||||
console: "warn" #silly, verbose, info, http, warn, error, silent
|
||||
lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
|
||||
files:
|
||||
- file: "warn.log" # Will capture warnings
|
||||
level: "warn"
|
||||
- file: "botlogs.log" # Will capture logs from DiscordBot
|
||||
level: "info"
|
||||
enable:
|
||||
- "DiscordBot"
|
||||
database:
|
||||
userStorePath: "user-store.db"
|
||||
roomStorePath: "room-store.db"
|
||||
# You may either use SQLite or Postgresql for the bridge database, which contains
|
||||
# important mappings for events and user puppeting configurations.
|
||||
# Use the filename option for SQLite, or connString for Postgresql.
|
||||
# If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
|
||||
# WARNING: You will almost certainly be fine with sqlite unless your bridge
|
||||
# is in heavy demand and you suffer from IO slowness.
|
||||
filename: "discord.db"
|
||||
# connString: "postgresql://user:password@localhost/database_name"
|
||||
room:
|
||||
# Set the default visibility of alias rooms, defaults to "public".
|
||||
# One of: "public", "private"
|
||||
defaultVisibility: "public"
|
||||
channel:
|
||||
# Pattern of the name given to bridged rooms.
|
||||
# Can use :guild for the guild name and :name for the channel name.
|
||||
namePattern: "[Discord] :guild :name"
|
||||
# Changes made to rooms when a channel is deleted.
|
||||
deleteOptions:
|
||||
# Prefix the room name with a string.
|
||||
#namePrefix: "[Deleted]"
|
||||
# Prefix the room topic with a string.
|
||||
#topicPrefix: "This room has been deleted"
|
||||
# Disable people from talking in the room by raising the event PL to 50
|
||||
disableMessaging: false
|
||||
# Remove the discord alias from the room.
|
||||
unsetRoomAlias: true
|
||||
# Remove the room from the directory.
|
||||
unlistFromDirectory: true
|
||||
# Set the room to be unavaliable for joining without an invite.
|
||||
setInviteOnly: true
|
||||
# Make all the discord users leave the room.
|
||||
ghostsLeave: true
|
||||
limits:
|
||||
# Delay in milliseconds between discord users joining a room.
|
||||
roomGhostJoinDelay: 6000
|
||||
# Delay in milliseconds before sending messages to discord to avoid echos.
|
||||
# (Copies of a sent message may arrive from discord before we've
|
||||
# fininished handling it, causing us to echo it back to the room)
|
||||
discordSendDelay: 750
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
[Unit]
|
||||
Description=A bridge between Matrix and Discord
|
||||
After=syslog.target network-online.target mysql.service postgresql.service
|
||||
Conflicts=shutdown.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=matrix-appservice-discord
|
||||
Group=matrix-appservice-discord
|
||||
WorkingDirectory=/var/local/matrix-appservice-discord/matrix-appservice-discord
|
||||
Environment="NODE_ENV=production"
|
||||
ExecStart=/usr/bin/nodejs /var/local/matrix-appservice-discord/matrix-appservice-discord/app.js
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
4
roles/matrix-appservice-irc/handlers/main.yml
Normal file
4
roles/matrix-appservice-irc/handlers/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
# Reload systemd daemons when a service file changes
|
||||
- name: Reload systemd daemons
|
||||
command: systemctl daemon-reload
|
20
roles/matrix-appservice-irc/tasks/0_apt_dependencies.yml
Normal file
20
roles/matrix-appservice-irc/tasks/0_apt_dependencies.yml
Normal file
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
- name: Configure NodeJS pin
|
||||
when:
|
||||
- ansible_distribution == 'Debian'
|
||||
- ansible_distribution_release == 'stretch'
|
||||
template:
|
||||
src: apt/nodejs.j2
|
||||
dest: /etc/apt/preferences.d/nodejs
|
||||
mode: 0644
|
||||
|
||||
- name: Install required packages
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
with_items:
|
||||
- git
|
||||
- nodejs
|
||||
- npm
|
||||
- build-essential
|
26
roles/matrix-appservice-irc/tasks/1_user_group.yml
Normal file
26
roles/matrix-appservice-irc/tasks/1_user_group.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
# Security #1
|
||||
- name: Create matrix-appservice-irc system group
|
||||
group:
|
||||
name: matrix-appservice-irc
|
||||
system: yes
|
||||
state: present
|
||||
|
||||
# Security #2
|
||||
- name: Create matrix-appservice-irc user
|
||||
user:
|
||||
name: matrix-appservice-irc
|
||||
group: matrix-appservice-irc
|
||||
home: /var/local/matrix-appservice-irc
|
||||
comment: Matrix Appservice IRC
|
||||
system: yes
|
||||
state: present
|
||||
|
||||
# Security #3
|
||||
- name: Secure matrix-appservice-irc home directory
|
||||
file:
|
||||
path: /var/local/matrix-appservice-irc
|
||||
state: directory
|
||||
owner: matrix-appservice-irc
|
||||
group: matrix-appservice-irc
|
||||
mode: 0750
|
48
roles/matrix-appservice-irc/tasks/main.yml
Normal file
48
roles/matrix-appservice-irc/tasks/main.yml
Normal file
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
# Install APT dependencies
|
||||
- include_tasks: 0_apt_dependencies.yml
|
||||
|
||||
# Create matrix-appservice-irc user and group
|
||||
- include_tasks: 1_user_group.yml
|
||||
|
||||
- name: Clone matrix-appservice-irc project
|
||||
git:
|
||||
repo: https://github.com/matrix-org/matrix-appservice-irc.git
|
||||
dest: /var/local/matrix-appservice-irc/matrix-appservice-irc
|
||||
version: 0.11.2
|
||||
become: true
|
||||
become_user: matrix-appservice-irc
|
||||
|
||||
# Setup dependencies
|
||||
- name: Install matrix-appservice-irc depedencies
|
||||
command: npm install
|
||||
args:
|
||||
chdir: /var/local/matrix-appservice-irc/matrix-appservice-irc
|
||||
become: true
|
||||
become_user: matrix-appservice-irc
|
||||
|
||||
# Configure
|
||||
- name: Configure matrix-appservice-irc
|
||||
template:
|
||||
src: config.yaml.j2
|
||||
dest: /var/local/matrix-appservice-irc/matrix-appservice-irc/config.yaml
|
||||
owner: matrix-appservice-irc
|
||||
group: matrix-appservice-irc
|
||||
mode: 0600
|
||||
|
||||
# Service file
|
||||
- name: Install matrix-appservice-irc systemd unit
|
||||
template:
|
||||
src: 'systemd/matrix-appservice-irc.service.j2'
|
||||
dest: '/etc/systemd/system/matrix-appservice-irc.service'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: Reload systemd daemons
|
||||
|
||||
# Run
|
||||
#- name: Ensure that matrix-appservice-irc is started
|
||||
# service:
|
||||
# name: matrix-appservice-irc
|
||||
# state: started
|
||||
# enabled: true
|
5
roles/matrix-appservice-irc/templates/apt/nodejs.j2
Normal file
5
roles/matrix-appservice-irc/templates/apt/nodejs.j2
Normal file
|
@ -0,0 +1,5 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
Package: node* libuv1*
|
||||
Pin: release a=stretch-backports
|
||||
Pin-Priority: 600
|
443
roles/matrix-appservice-irc/templates/config.yaml.j2
Normal file
443
roles/matrix-appservice-irc/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,443 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
homeserver:
|
||||
# The URL to the home server for client-server API calls, also used to form the
|
||||
# media URLs as displayed in bridged IRC channels:
|
||||
url: "https://auro.re"
|
||||
#
|
||||
# The URL of the homeserver hosting media files. This is only used to transform
|
||||
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
|
||||
# default, this is the homeserver URL, specified above.
|
||||
#
|
||||
# media_url: "http://media.repo:8008"
|
||||
|
||||
# Drop Matrix messages which are older than this number of seconds, according to
|
||||
# the event's origin_server_ts.
|
||||
# If the bridge is down for a while, the homeserver will attempt to send all missed
|
||||
# events on reconnection. These events may be hours old, which can be confusing to
|
||||
# IRC users if they are then bridged. This option allows these old messages to be
|
||||
# dropped.
|
||||
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
|
||||
# clock times and hence produce different origin_server_ts values, which may be old
|
||||
# enough to cause *all* events from the homeserver to be dropped.
|
||||
# Default: 0 (don't ever drop)
|
||||
dropMatrixMessagesAfterSecs: 300 # 5 minutes
|
||||
|
||||
# The 'domain' part for user IDs on this home server. Usually (but not always)
|
||||
# is the "domain name" part of the HS URL.
|
||||
domain: "auro.re"
|
||||
|
||||
# Should presence be enabled for matrix clients on this bridge. If disabled on the
|
||||
# homeserver then it should also be disabled here to avoid excess traffic.
|
||||
# Default: true
|
||||
enablePresence: true
|
||||
|
||||
# Configuration specific to the IRC service
|
||||
ircService:
|
||||
servers:
|
||||
# The address of the server to connect to.
|
||||
irc.crans.org:
|
||||
# A human-readable short name. This is used to label IRC status rooms
|
||||
# where matrix users control their connections.
|
||||
# E.g. 'ExampleNet IRC Bridge status'.
|
||||
# It is also used in the Third Party Lookup API as the instance `desc`
|
||||
# property, where each server is an instance.
|
||||
name: "Crans IRC Bridge status"
|
||||
|
||||
additionalAddresses: [ ]
|
||||
#
|
||||
# [DEPRECATED] Use `name`, above, instead.
|
||||
# A human-readable description string
|
||||
# description: "Example.com IRC network"
|
||||
|
||||
# An ID for uniquely identifying this server amongst other servers being bridged.
|
||||
networkId: "crans"
|
||||
|
||||
# URL to an icon used as the network icon whenever this network appear in
|
||||
# a network list. (Like in the riot room directory, for instance.)
|
||||
# icon: https://example.com/images/hash.png
|
||||
|
||||
# The port to connect to. Optional.
|
||||
port: 6697
|
||||
# Whether to use SSL or not. Default: false.
|
||||
ssl: true
|
||||
# Whether or not IRC server is using a self-signed cert or not providing CA Chain
|
||||
sslselfsign: false
|
||||
# Should the connection attempt to identify via SASL (if a server or user password is given)
|
||||
# If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
|
||||
sasl: false
|
||||
# Whether to allow expired certs when connecting to the IRC server.
|
||||
# Usually this should be off. Default: false.
|
||||
allowExpiredCerts: false
|
||||
# A specific CA to trust instead of the default CAs. Optional.
|
||||
#ca: |
|
||||
# -----BEGIN CERTIFICATE-----
|
||||
# ...
|
||||
# -----END CERTIFICATE-----
|
||||
|
||||
#
|
||||
# The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
|
||||
# password: 'pa$$w0rd'
|
||||
#
|
||||
# Whether or not to send connection/error notices to real Matrix users. Default: true.
|
||||
sendConnectionMessages: true
|
||||
|
||||
quitDebounce:
|
||||
# Whether parts due to net-splits are debounced for delayMs, to allow
|
||||
# time for the netsplit to resolve itself. A netsplit is detected as being
|
||||
# a QUIT rate higher than quitsPerSecond. Default: false.
|
||||
enabled: false
|
||||
# The maximum number of quits per second acceptable above which a netsplit is
|
||||
# considered ongoing. Default: 5.
|
||||
quitsPerSecond: 5
|
||||
# The time window in which to wait before bridging a QUIT to Matrix that occurred during
|
||||
# a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS
|
||||
# is not sent many requests to leave rooms all at once if a netsplit occurs and many
|
||||
# people to not rejoin.
|
||||
# If the user with the same IRC nick as the one who sent the quit rejoins a channel
|
||||
# they are considered back online and the quit is not bridged, so long as the rejoin
|
||||
# occurs before the randomly-jittered timeout is not reached.
|
||||
# Default: 3600000, = 1h
|
||||
delayMinMs: 3600000 # 1h
|
||||
# Default: 7200000, = 2h
|
||||
delayMaxMs: 7200000 # 2h
|
||||
|
||||
# A map for conversion of IRC user modes to Matrix power levels. This enables bridging
|
||||
# of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has
|
||||
# been given multiple modes, the one that maps to the highest power level will be used.
|
||||
modePowerMap:
|
||||
o: 50
|
||||
|
||||
botConfig:
|
||||
# Enable the presence of the bot in IRC channels. The bot serves as the entity
|
||||
# which maps from IRC -> Matrix. You can disable the bot entirely which
|
||||
# means IRC -> Matrix chat will be shared by active "M-Nick" connections
|
||||
# in the room. If there are no users in the room (or if there are users
|
||||
# but their connections are not on IRC) then nothing will be bridged to
|
||||
# Matrix. If you're concerned about the bot being treated as a "logger"
|
||||
# entity, then you may want to disable the bot. If you want IRC->Matrix
|
||||
# but don't want to have TCP connections to IRC unless a Matrix user speaks
|
||||
# (because your client connection limit is low), then you may want to keep
|
||||
# the bot enabled. Default: true.
|
||||
# NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned
|
||||
# on, else there will be no users and no bot in a channel (meaning no
|
||||
# messages to Matrix!) until a Matrix user speaks which makes a client
|
||||
# join the target IRC channel.
|
||||
# NBB: The bridge bot IRC client will still join the target IRC network so
|
||||
# it can service bridge-specific queries from the IRC-side e.g. so
|
||||
# real IRC clients have a way to change their Matrix display name.
|
||||
# See https://github.com/matrix-org/matrix-appservice-irc/issues/55
|
||||
enabled: true
|
||||
# The nickname to give the AS bot.
|
||||
nick: "AuroreBot"
|
||||
# The password to give to NickServ or IRC Server for this nick. Optional.
|
||||
# password: "helloworld"
|
||||
#
|
||||
# Join channels even if there are no Matrix users on the other side of
|
||||
# the bridge. Set to false to prevent the bot from joining channels which have no
|
||||
# real matrix users in them, even if there is a mapping for the channel.
|
||||
# Default: true
|
||||
joinChannelsIfNoUsers: true
|
||||
|
||||
# Configuration for PMs / private 1:1 communications between users.
|
||||
privateMessages:
|
||||
# Enable the ability for PMs to be sent to/from IRC/Matrix.
|
||||
# Default: true.
|
||||
enabled: true
|
||||
# Prevent Matrix users from sending PMs to the following IRC nicks.
|
||||
# Optional. Default: [].
|
||||
# exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED
|
||||
|
||||
# Should created Matrix PM rooms be federated? If false, only users on the
|
||||
# HS attached to this AS will be able to interact with this room.
|
||||
# Optional. Default: true.
|
||||
federate: true
|
||||
|
||||
# Configuration for mappings not explicitly listed in the 'mappings'
|
||||
# section.
|
||||
dynamicChannels:
|
||||
# Enable the ability for Matrix users to join *any* channel on this IRC
|
||||
# network.
|
||||
# Default: false.
|
||||
enabled: true
|
||||
# Should the AS create a room alias for the new Matrix room? The form of
|
||||
# the alias can be modified via 'aliasTemplate'. Default: true.
|
||||
createAlias: true
|
||||
# Should the AS publish the new Matrix room to the public room list so
|
||||
# anyone can see it? Default: true.
|
||||
published: false
|
||||
# What should the join_rule be for the new Matrix room? If 'public',
|
||||
# anyone can join the room. If 'invite', only users with an invite can
|
||||
# join the room. Note that if an IRC channel has +k or +i set on it,
|
||||
# join_rules will be set to 'invite' until these modes are removed.
|
||||
# Default: "public".
|
||||
joinRule: public
|
||||
# This will set the m.room.related_groups state event in newly created rooms
|
||||
# with the given groupId. This means flares will show up on IRC users in those rooms.
|
||||
# This should be set to the same thing as namespaces.users.group_id in irc_registration.
|
||||
# This does not alter existing rooms.
|
||||
# Leaving this option empty will not set the event.
|
||||
groupId: +myircnetwork:localhost
|
||||
# Should created Matrix rooms be federated? If false, only users on the
|
||||
# HS attached to this AS will be able to interact with this room.
|
||||
# Default: true.
|
||||
federate: true
|
||||
# The room alias template to apply when creating new aliases. This only
|
||||
# applies if createAlias is 'true'. The following variables are exposed:
|
||||
# $SERVER => The IRC server address (e.g. "irc.example.com")
|
||||
# $CHANNEL => The IRC channel (e.g. "#python")
|
||||
# This MUST have $CHANNEL somewhere in it.
|
||||
# Default: '#irc_$SERVER_$CHANNEL'
|
||||
aliasTemplate: "#irc_crans_$CHANNEL"
|
||||
# A list of user IDs which the AS bot will send invites to in response
|
||||
# to a !join. Only applies if joinRule is 'invite'. Default: []
|
||||
# whitelist:
|
||||
# - "@foo:example.com"
|
||||
# - "@bar:example.com"
|
||||
#
|
||||
# Prevent the given list of channels from being mapped under any
|
||||
# circumstances.
|
||||
# exclude: ["#foo", "#bar"]
|
||||
|
||||
# Configuration for controlling how Matrix and IRC membership lists are
|
||||
# synced.
|
||||
membershipLists:
|
||||
# Enable the syncing of membership lists between IRC and Matrix. This
|
||||
# can have a significant effect on performance on startup as the lists are
|
||||
# synced. This must be enabled for anything else in this section to take
|
||||
# effect. Default: false.
|
||||
enabled: true
|
||||
|
||||
# Syncing membership lists at startup can result in hundreds of members to
|
||||
# process all at once. This timer drip feeds membership entries at the
|
||||
# specified rate. Default: 10000. (10s)
|
||||
floodDelayMs: 10000
|
||||
|
||||
global:
|
||||
ircToMatrix:
|
||||
# Get a snapshot of all real IRC users on a channel (via NAMES) and
|
||||
# join their virtual matrix clients to the room.
|
||||
initial: false
|
||||
# Make virtual matrix clients join and leave rooms as their real IRC
|
||||
# counterparts join/part channels. Default: false.
|
||||
incremental: true
|
||||
|
||||
matrixToIrc:
|
||||
# Get a snapshot of all real Matrix users in the room and join all of
|
||||
# them to the mapped IRC channel on startup. Default: false.
|
||||
initial: false
|
||||
# Make virtual IRC clients join and leave channels as their real Matrix
|
||||
# counterparts join/leave rooms. Make sure your 'maxClients' value is
|
||||
# high enough! Default: false.
|
||||
incremental: true
|
||||
|
||||
# Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect.
|
||||
rooms:
|
||||
|
||||
# Apply specific rules to IRC channels. Only IRC-to-matrix takes effect.
|
||||
channels:
|
||||
|
||||
mappings:
|
||||
# 1:many mappings from IRC channels to room IDs on this IRC server.
|
||||
# The matrix room must already exist. Your matrix client should expose
|
||||
# the room ID in a "settings" page for the room.
|
||||
# "#thepub": ["!kieouiJuedJoxtVdaG:localhost"]
|
||||
|
||||
# Configuration for virtual matrix users. The following variables are
|
||||
# exposed:
|
||||
# $NICK => The IRC nick
|
||||
# $SERVER => The IRC server address (e.g. "irc.example.com")
|
||||
matrixClients:
|
||||
# The user ID template to use when creating virtual matrix users. This
|
||||
# MUST have $NICK somewhere in it.
|
||||
# Optional. Default: "@$SERVER_$NICK".
|
||||
# Example: "@irc.example.com_Alice:example.com"
|
||||
userTemplate: "@irc_$NICK"
|
||||
# The display name to use for created matrix clients. This should have
|
||||
# $NICK somewhere in it if it is specified. Can also use $SERVER to
|
||||
# insert the IRC domain.
|
||||
# Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)"
|
||||
displayName: "$NICK (IRC)"
|
||||
# Number of tries a client can attempt to join a room before the request
|
||||
# is discarded. You can also use -1 to never retry or 0 to never give up.
|
||||
# Optional. Default: -1
|
||||
joinAttempts: -1
|
||||
|
||||
# Configuration for virtual IRC users. The following variables are exposed:
|
||||
# $LOCALPART => The user ID localpart ("alice" in @alice:localhost)
|
||||
# $USERID => The user ID
|
||||
# $DISPLAY => The display name of this user, with excluded characters
|
||||
# (e.g. space) removed. If the user has no display name, this
|
||||
# falls back to $LOCALPART.
|
||||
ircClients:
|
||||
# The template to apply to every IRC client nick. This MUST have either
|
||||
# $DISPLAY or $USERID or $LOCALPART somewhere in it.
|
||||
# Optional. Default: "M-$DISPLAY". Example: "M-Alice".
|
||||
nickTemplate: "$DISPLAY[m]"
|
||||
# True to allow virtual IRC clients to change their nick on this server
|
||||
# by issuing !nick <server> <nick> commands to the IRC AS bot.
|
||||
# This is completely freeform: it will NOT follow the nickTemplate.
|
||||
allowNickChanges: true
|
||||
# The max number of IRC clients that will connect. If the limit is
|
||||
# reached, the client that spoke the longest time ago will be
|
||||
# disconnected and replaced.
|
||||
# Optional. Default: 30.
|
||||
maxClients: 30
|
||||
# IPv6 configuration.
|
||||
ipv6:
|
||||
# Optional. Set to true to force IPv6 for outgoing connections.
|
||||
only: false
|
||||
# Optional. The IPv6 prefix to use for generating unique addresses for each
|
||||
# connected user. If not specified, all users will connect from the same
|
||||
# (default) address. This may require additional OS-specific work to allow
|
||||
# for the node process to bind to multiple different source addresses
|
||||
# e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library
|
||||
# https://github.com/matrix-org/freebindfree as Node does not expose setsockopt.
|
||||
# prefix: "2001:0db8:85a3::" # modify appropriately
|
||||
#
|
||||
# The maximum amount of time in seconds that the client can exist
|
||||
# without sending another message before being disconnected. Use 0 to
|
||||
# not apply an idle timeout. This value is ignored if this IRC server is
|
||||
# mirroring matrix membership lists to IRC. Default: 172800 (48 hours)
|
||||
idleTimeout: 10800
|
||||
# The number of millseconds to wait between consecutive reconnections if a
|
||||
# client gets disconnected. Setting to 0 will cause the scheduling to be
|
||||
# disabled, i.e. it will be scheduled immediately (with jitter.
|
||||
# Otherwise, the scheduling interval will be used such that one client
|
||||
# reconnect for this server will be handled every reconnectIntervalMs ms using
|
||||
# a FIFO queue.
|
||||
# Default: 5000 (5 seconds)
|
||||
reconnectIntervalMs: 5000
|
||||
# The number of concurrent reconnects if a user has been disconnected unexpectedly
|
||||
# (e.g. a netsplit). You should set this to a reasonably high number so that
|
||||
# bridges are not waiting an eternity to reconnect all its clients if
|
||||
# we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs
|
||||
# setting above which is for connecting on restart of the bridge. Set to 0 to
|
||||
# immediately try to reconnect all users.
|
||||
# Default: 50
|
||||
concurrentReconnectLimit: 50
|
||||
# The number of lines to allow being sent by the IRC client that has received
|
||||
# a large block of text to send from matrix. If the number of lines that would
|
||||
# be sent is > lineLimit, the text will instead be uploaded to matrix and the
|
||||
# resulting URI is treated as a file. As such, a link will be sent to the IRC
|
||||
# side instead of potentially spamming IRC and getting the IRC client kicked.
|
||||
# Default: 3.
|
||||
lineLimit: 3
|
||||
# A list of user modes to set on every IRC client. For example, "RiG" would set
|
||||
# +R, +i and +G on every IRC connection when they have successfully connected.
|
||||
# User modes vary wildly depending on the IRC network you're connecting to,
|
||||
# so check before setting this value. Some modes may not work as intended
|
||||
# through the bridge e.g. caller ID as there is no way to /ACCEPT.
|
||||
# Default: "" (no user modes)
|
||||
# userModes: "R"
|
||||
|
||||
# Configuration for an ident server. If you are running a public bridge it is
|
||||
# advised you setup an ident server so IRC mods can ban specific matrix users
|
||||
# rather than the application service itself.
|
||||
ident:
|
||||
# True to listen for Ident requests and respond with the
|
||||
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
|
||||
# Default: false.
|
||||
enabled: false
|
||||
# The port to listen on for incoming ident requests.
|
||||
# Ports below 1024 require root to listen on, and you may not want this to
|
||||
# run as root. Instead, you can get something like an Apache to yank up
|
||||
# incoming requests to 113 to a high numbered port. Set the port to listen
|
||||
# on instead of 113 here.
|
||||
# Default: 113.
|
||||
port: 1113
|
||||
# The address to listen on for incoming ident requests.
|
||||
# Default: 0.0.0.0
|
||||
address: "::"
|
||||
|
||||
# Configuration for logging. Optional. Default: console debug level logging
|
||||
# only.
|
||||
logging:
|
||||
# Level to log on console/logfile. One of error|warn|info|debug
|
||||
level: "info"
|
||||
# The file location to log to. This is relative to the project directory.
|
||||
logfile: "debug.log"
|
||||
# The file location to log errors to. This is relative to the project
|
||||
# directory.
|
||||
errfile: "errors.log"
|
||||
# Whether to log to the console or not.
|
||||
toConsole: true
|
||||
# The max number of files to keep. Files will be overwritten eventually due
|
||||
# to rotations.
|
||||
maxFiles: 5
|
||||
|
||||
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
|
||||
# $ npm install prom-client@6.3.0
|
||||
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
|
||||
metrics:
|
||||
# Whether to actually enable the metric endpoint. Default: false
|
||||
enabled: false
|
||||
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
|
||||
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
|
||||
remoteUserAgeBuckets:
|
||||
- "1h"
|
||||
- "1d"
|
||||
- "1w"
|
||||
|
||||
# The nedb database URI to connect to. This is the name of the directory to
|
||||
# dump .db files to. This is relative to the project directory.
|
||||
# Required.
|
||||
databaseUri: "nedb://data"
|
||||
|
||||
# Configuration options for the debug HTTP API. To access this API, you must
|
||||
# append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests.
|
||||
#
|
||||
# The debug API exposes the following endpoints:
|
||||
#
|
||||
# GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID.
|
||||
#
|
||||
# POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection.
|
||||
# Format: new line delimited commands as per IRC protocol.
|
||||
#
|
||||
debugApi:
|
||||
# True to enable the HTTP API endpoint. Default: false.
|
||||
enabled: false
|
||||
# The port to host the HTTP API.
|
||||
port: 11100
|
||||
|
||||
# Configuration for the provisioning API.
|
||||
#
|
||||
# GET /_matrix/provision/link
|
||||
# GET /_matrix/provision/unlink
|
||||
# GET /_matrix/provision/listlinks
|
||||
#
|
||||
provisioning:
|
||||
# True to enable the provisioning HTTP endpoint. Default: false.
|
||||
enabled: false
|
||||
# The number of seconds to wait before giving up on getting a response from
|
||||
# an IRC channel operator. If the channel operator does not respond within the
|
||||
# allotted time period, the provisioning request will fail.
|
||||
# Default: 300 seconds (5 mins)
|
||||
requestTimeoutSeconds: 300
|
||||
|
||||
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
|
||||
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
|
||||
# the database.
|
||||
#
|
||||
# To generate a .pem file:
|
||||
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
|
||||
#
|
||||
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
|
||||
# for storage in the database. Passwords are stored by using the admin room command
|
||||
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
|
||||
# the Matrix user, this password will be sent as the server password (PASS command).
|
||||
passwordEncryptionKeyPath: "passkey.pem"
|
||||
|
||||
# Config for Matrix -> IRC bridging
|
||||
matrixHandler:
|
||||
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
|
||||
eventCacheSize: 4096
|
||||
|
||||
# Options here are generally only applicable to large-scale bridges and may have
|
||||
# consequences greater than other options in this configuration file.
|
||||
advanced:
|
||||
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
|
||||
# however for large bridges it is important to rate limit the bridge to avoid
|
||||
# accidentally overloading the homeserver. Defaults to 1000, which should be
|
||||
# enough for the vast majority of use cases.
|
||||
maxHttpSockets: 1000
|
|
@ -0,0 +1,17 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
[Unit]
|
||||
Description=A bridge between Matrix and IRC
|
||||
After=syslog.target network-online.target mysql.service postgresql.service
|
||||
Conflicts=shutdown.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=matrix-appservice-irc
|
||||
Group=matrix-appservice-irc
|
||||
WorkingDirectory=/var/local/matrix-appservice-irc/matrix-appservice-irc
|
||||
ExecStart=/usr/bin/nodejs /var/local/matrix-appservice-irc/matrix-appservice-irc/app.js -c config.yaml -f my_registration_file.yaml -p 9999
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -32,3 +32,19 @@
|
|||
state: link
|
||||
loop: "{{ reversed_proxy_subdomains }}"
|
||||
notify: Reload NGINX service
|
||||
|
||||
# Install main site
|
||||
- name: Configure NGINX main site
|
||||
template:
|
||||
src: nginx-sites-available-main.j2
|
||||
dest: /etc/nginx/sites-available/main
|
||||
mode: 0644
|
||||
notify: Reload NGINX service
|
||||
|
||||
# Activate main site
|
||||
- name: Activate main site
|
||||
file:
|
||||
src: /etc/nginx/sites-available/main
|
||||
dest: /etc/nginx/sites-enabled/main
|
||||
state: link
|
||||
notify: Reload NGINX service
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
server {
|
||||
server_name auro.re;
|
||||
include "snippets/proxy-common.conf";
|
||||
|
||||
location / {
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
include "snippets/proxy-common-ssl.conf";
|
||||
server_name auro.re;
|
||||
|
||||
# Separate log files
|
||||
access_log /var/log/nginx/main.access.log;
|
||||
error_log /var/log/nginx/main.error.log;
|
||||
|
||||
# Use LetsEncrypt SSL
|
||||
ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem;
|
||||
|
||||
location / {
|
||||
proxy_redirect off;
|
||||
proxy_pass http://www.adm.auro.re;
|
||||
proxy_set_header Host auro.re;
|
||||
proxy_set_header P-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
||||
# "A man is not dead while his name is still spoken." -- Going Postal
|
||||
add_header X-Clacks-Overhead "GNU Terry Pratchett";
|
||||
}
|
||||
|
||||
# For Matrix identity server
|
||||
location /_matrix/identity {
|
||||
proxy_pass http://synapse.adm.auro.re:8090/_matrix/identity;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
|
||||
# For Matrix Synapse
|
||||
location /_matrix {
|
||||
proxy_pass http://synapse.adm.auro.re:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8448 ssl default_server;
|
||||
listen [::]:8448 ssl default_server;
|
||||
server_name auro.re;
|
||||
|
||||
# Separate log files
|
||||
access_log /var/log/nginx/main.access.log;
|
||||
error_log /var/log/nginx/main.error.log;
|
||||
|
||||
# Use LetsEncrypt SSL
|
||||
ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem;
|
||||
|
||||
# For Matrix Synapse federation
|
||||
location / {
|
||||
proxy_pass http://synapse.adm.auro.re:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue