From 49f9f35f990b88abf296057f5d7f82ff405e3f6e Mon Sep 17 00:00:00 2001 From: Jonathan DeMasi Date: Sat, 24 Jan 2026 18:58:38 -0700 Subject: [PATCH] add openssh schema missing --- .../tasks/files/openssh-lpk.ldif | 22 +++++++++++++++++++ .../roles/openldap_server/tasks/schemas.yaml | 8 +++++++ 2 files changed, 30 insertions(+) create mode 100644 ansible/roles/openldap_server/tasks/files/openssh-lpk.ldif diff --git a/ansible/roles/openldap_server/tasks/files/openssh-lpk.ldif b/ansible/roles/openldap_server/tasks/files/openssh-lpk.ldif new file mode 100644 index 0000000..1cee2a4 --- /dev/null +++ b/ansible/roles/openldap_server/tasks/files/openssh-lpk.ldif @@ -0,0 +1,22 @@ +# +# LDAP Public Key Patch schema for use with openssh-ldappubkey +# useful with PKA-LDAP also +# +# Author: Eric AUGE +# +# Based on the proposal of : Mark Ruijter +# + + +# octetString SYNTAX +attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' + DESC 'MANDATORY: OpenSSH Public key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) + +# printableString SYNTAX yes|no +objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY + DESC 'MANDATORY: OpenSSH LPK objectclass' + MUST ( sshPublicKey $ uid ) + ) + diff --git a/ansible/roles/openldap_server/tasks/schemas.yaml b/ansible/roles/openldap_server/tasks/schemas.yaml index b1cf4b0..deefbc7 100644 --- a/ansible/roles/openldap_server/tasks/schemas.yaml +++ b/ansible/roles/openldap_server/tasks/schemas.yaml @@ -4,6 +4,14 @@ register: ldap_schemas changed_when: false +- name: Copy a configuration file to the destination + ansible.builtin.copy: + src: /files/openssh-lpk.ldif + dest: /etc/openldap/schemas/openssh-lpk.ldif + owner: ldap + group: ldap + mode: '0600' + #- name: Load cosine schema # command: > # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif