|
general
|
|
|
noofoperations |
Specifies the number of operation(s) to be performed by the kerberize tool, where each operation is defined under [operation-n] section. For example:
noofoperations = 2
|
|
operation-1
|
|
|
principal operation |
Specifies the type of the principal operation. The possible values are and . If the value is , the operation enables Kerberos for the matching DN and if the value is , it disables the matching DN from using the Kerberos protocol. For example:
principal-operation = add
|
|
realm |
Identifies the default realm to be used for this operation. A Kerberos principal will either be added or removed from this realm, based on the type of the principal-operation specified. For example:
realm = EXAMPLE.COM
|
|
base |
Specifies the base DN, where the search of DNs should start. If this option is not provided, it searches the entire tree. For example:
base = ou=users,o=org
|
|
scope |
Specifies the scope for searching the DNs on which the operation is to be applied. The possible values are (base object), (one level) and (subtree). For example:
scope = sub
|
|
filter |
Specifies the filter to be used for searching the DN on an LDAP Server. Filter should conform to the string representation for search filters. If not provided, the default filter, (objectClass=*), is used. For example:
1. filter = (objectClass=*) matches all the DNs2. filter = (&(objectClass=inetOrgPerson) (cn=*)) matches all users
|
|
principal-name |
Specifies the regular expression that provides the Kerberos principal name to be added or removed, by evaluating the regular expression value. For example:
[^...]({cn}){sn} generates a principal which contains firstthree characters of cn attriubte and the complete sn attribute value of the eDirectory DN, in that order.
|
|
password |
Specifies a default value, a random value, or a regular expression. For example:
password = {RAND}
This expression generates a four-character random value as the password. |
|
policy |
Specifies the (password) policy DN to be used by the principal. The password policy DN should be existing; if it does not, the operation does not succeed. For example:
policy = cn=passwd-policy,o=org
|
|
tktpolicy |
Specifies the ticket policy DN to be used by the principal. The ticket policy DN should be existing, failing which the operation will not succeed. For example:
tktpolicy = cn=ticket-policy,o=org
|
|
up |
Specifies whether Universal Password is enabled. The possible values are and . For example:
up = true
If the value is , the existing Universal password is set as kerberos password. To make this work, you must enable Universal Password in eDirectory. |
|
expire |
Expiration time of the principal. Use the format yyyymmddhhmmssz. |
|
pw expire |
Expiration time of the password of the principal. Use the format yyyymmddhhmmssz. |
|
dn |
Specifies the DN of the entry that is to be overridden. For example:
dn = cn=user1,ou=users,o=org
|
|
noofoverrides |
Specifies the number of overrides to be used. Among the DNs identified based on the search filter and scope, some of them can have different values than that of the values specified in [operation-n] section. These overriding rules can be specified in "override-m" subsection. For example:
noofoverrides = 3
|
|
override-m |
Some eDirectory users can be overridden with specific values.
The override section takes the following parameters:
-
dn
-
principal-name
-
password
-
expire
-
pwexpire
-
policy
-
tktpolicy
-
up
|