From 270161dc4b79788ed933414f0ef0b85b78ca4713 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Wed, 15 Sep 2021 14:50:15 +0000
Subject: [PATCH] ldap-server: Add yubikey schema

---
 roles/ldap-server/files/yubikey.schema | 30 ++++++++++++++++++++++++++
 roles/ldap-server/tasks/main.yml       |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 roles/ldap-server/files/yubikey.schema

diff --git a/roles/ldap-server/files/yubikey.schema b/roles/ldap-server/files/yubikey.schema
new file mode 100644
index 0000000..39b9df1
--- /dev/null
+++ b/roles/ldap-server/files/yubikey.schema
@@ -0,0 +1,30 @@
+#
+# YubiKey LDAP schema
+#
+# Author: Michal Ludvig <michal@logix.cz>
+# Consider a small PayPal donation:
+#         http://logix.cz/michal/devel/yubikey-ldap/
+#
+
+# Common Logix OID structure
+# 1.3.6.1.4.1.40789.<Project>.<1=SNMP/2=LDAP>.<...>
+objectIdentifier lxYubiKeyPrj    1.3.6.1.4.1.40789.2012.11.1
+objectIdentifier lxYkSNMP        lxYubiKeyPrj:1
+objectIdentifier lxYkLDAP        lxYubiKeyPrj:2
+
+# YubiKey schema sub-tree
+objectIdentifier lxYkAttribute   lxYkLDAP:1
+objectIdentifier lxYkObjectClass lxYkLDAP:2
+
+attributetype ( lxYkAttribute:1
+  NAME 'yubiKeyId'
+  DESC 'Yubico YubiKey ID'
+  EQUALITY caseIgnoreIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+objectclass ( lxYkObjectClass:1
+  NAME 'yubiKeyUser'
+  DESC 'Yubico YubiKey User'
+  SUP top
+  AUXILIARY
+  MAY ( yubiKeyId ) )
diff --git a/roles/ldap-server/tasks/main.yml b/roles/ldap-server/tasks/main.yml
index 66b8645..e783acc 100644
--- a/roles/ldap-server/tasks/main.yml
+++ b/roles/ldap-server/tasks/main.yml
@@ -159,6 +159,7 @@
     - kerberos.schema         # centos krb5-server-ldap 1.15.1
     - openssh-lpk.schema      # via google, no original source found
     - rfc2307bis.schema       # rfc2307bis version 2
+    - yubikey.schema          # http://logix.cz/michal/devel/yubikey-ldap/
     - samba.schema            # centos samba 4.8.3
   notify: restart slapd