Accepting request 354705 from home:stroeder:branches:network:ldap

Compared to my obsoleted request #339745: 1. sysconfdir now correctly is /etc/openldap 2. slapd starts with default configuration file (tested on openSUSE 13.2 and Tumbleweed) 3. added Recommends: cyrus-sasl 4. replaced README.dynamic-overlays by README.module-loading with updated text 5. added patch for OpenLDAP ITS#8336 OBS-URL: https://build.opensuse.org/request/show/354705 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=146
2016-01-21 13:36:42 +00:00
parent 429b456698
commit 605d80a7bb
24 changed files with 1919 additions and 392 deletions
--- a/sysconfig.openldap
+++ b/sysconfig.openldap
@@ -0,0 +1,158 @@
+## Path:           Network/LDAP
+## Description:    Basic Configuration of the OpenLDAP Directory Server
+
+## Type:           yesno
+## Default:        yes
+## ServiceRestart: ldap
+#
+# If set to "no" the LDAP server will not accept any "normal" LDAP connections
+# but just connections over "ldaps" or "ldapi". Setting this to "no" does only
+# make sense when either OPENLDAP_START_LDAPS or OPENLDAP_START_LDAPI is set 
+# "yes".
+#
+OPENLDAP_START_LDAP="yes"
+
+## Type:           yesno
+## Default:        no
+## ServiceRestart: ldap
+#
+# If set to "yes" the "ldap over ssl" feature of slapd will be enabled. Don't
+# forget to add the "TLSCertificateFile" and "TLSCertificateKeyFile" options 
+# to the /etc/openldap/slapd.conf (man slapd.conf).
+# Note: Don't confuse this with "START_TLS", the preferred method for 
+#       making encrypted LDAP connections, which is enabled as soon as You
+#       specify "TLSCertificateFile" and "TLSCertificateKeyFile" in your config
+#       file
+#
+OPENLDAP_START_LDAPS="no"
+
+## Type:           yesno
+## Default:        no
+## ServiceRestart: ldap
+#
+# If set to "yes", "ldap over IPC" feature of slapd will be enabled.
+# The ldap server creates a Unix domain socket as /var/run/slapd/ldapi.
+# Default: no
+#
+OPENLDAP_START_LDAPI="yes"
+
+## Type:           string
+## Default:        ""
+## ServiceRestart: ldap
+#
+# If not empty, additional parameters for slapd daemon.
+# Default: ""
+#
+OPENLDAP_SLAPD_PARAMS=""
+
+## Type:           string
+## Default:        ldap
+## ServiceRestart: ldap
+#
+# specifies a user, as which the openldap server should be executed
+# Default: ldap 
+#
+OPENLDAP_USER="ldap"
+
+## Type:           string
+## Default:        ldap
+## ServiceRestart: ldap
+#
+# specifies a group, as which the openldap server should be executed
+# Default: ldap 
+#
+OPENLDAP_GROUP="ldap"
+
+## Type:           yesno
+## Default:        yes
+## ServiceRestart: ldap
+#
+# If set to "yes" the init scripts will change the owner/group of the
+# different backend database directories (e.g. /var/lib/ldap) to the
+# user/group specified above
+#
+OPENLDAP_CHOWN_DIRS="yes"
+
+## Type:           string
+## Default:        ""
+## ServiceRestart: ldap
+#
+# Use this to specify the interfaces that the server such accept
+# LDAP connections from. The values are specified in the format
+# <address>:<port>, where address is an IP address and port is the
+# portnumber, the daemon should listen to (defaulting to 389).  If this
+# parameter is empty the server will attach to all interfaces. This 
+# parameter is only evaluated if "OPENLDAP_START_LDAP" is set to
+# "yes"
+# Default: "" 
+#
+OPENLDAP_LDAP_INTERFACES=""
+
+## Type:           string
+## Default:        ""
+## ServiceRestart: ldap
+#
+# Use this to specify the interfaces that the server such accept
+# LDAPS connections from. The values are specified in the format
+# <address>:<port>, where address is an IP address and port is the
+# portnumber, the daemon should listen to (defaulting to 636).  If this
+# parameter is empty the server will attach to all interfaces.  This
+# parameter is only evaluated if "OPENLDAP_START_LDAPS" is set to
+# "yes"
+# Default: "" 
+#
+OPENLDAP_LDAPS_INTERFACES=""
+
+## Type:           string
+## Default:        ""
+## ServiceRestart: ldap
+#
+# Use this to specify the paths of the Unix Domain Sockets that 
+# the server should create an accept incoming LDAPI connections
+# on. This parameter is only evaluated if "OPENLDAP_START_LDAPI"
+# is set to "yes".
+# Default: "" 
+#
+OPENLDAP_LDAPI_INTERFACES=""
+
+## Type:           yesno
+## Default:        "yes"
+## ServiceRestart: ldap
+#
+# If set to "no" the LDAP server will not try itself at a running SLP
+# daemon.
+# Default: "yes" 
+#
+OPENLDAP_REGISTER_SLP="no"
+
+## Type:           string
+## Default:        ""
+## ServiceRestart: ldap
+#
+# Set this to the name of the keytab, if you want to use a non-default
+# Kerberos Keytab. If OPENLDAP_CHOWN_DIRS is set to "yes" the permissions of
+# this file will be changed so that the group OPENLDAP_GROUP has read
+# access to the file. 
+# Example: OPENLDAP_KRB5_KEYTAB="FILE:/etc/openldap/krb5.keytab
+# Default: "" 
+#
+OPENLDAP_KRB5_KEYTAB=""
+
+## Type:           string
+## Default:        "files"
+## ServiceRestart: ldap
+#
+# Here you can configure which of the configuration backends you want to
+# use. Possible values are "files" for slapd.conf(5) styleconfiguration or
+# "ldap" for the slapd-config(5) LDAP based configuration backend.
+#
+OPENLDAP_CONFIG_BACKEND=""
+
+## Type:           yesno
+## Default:        "yes"
+## ServiceRestart: ldap
+#
+# Here you can configure if the slapd shall start with or without memory limit.
+#
+OPENLDAP_MEMORY_LIMIT="yes"
+