SHA256
1
0
forked from jengelh/openldap2

Accepting request 358571 from network:ldap

1

OBS-URL: https://build.opensuse.org/request/show/358571
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openldap2?expand=0&rev=116
This commit is contained in:
Dominique Leuenberger 2016-02-18 10:05:45 +00:00 committed by Git OBS Bridge
commit b6f26f6acb
15 changed files with 566 additions and 3458 deletions

View File

@ -1,100 +0,0 @@
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index 4938b85..b9bec75 100644
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -2,7 +2,11 @@
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
-include %SYSCONFDIR%/schema/core.schema
+include /etc/openldap/schema/core.schema
+include /etc/openldap/schema/cosine.schema
+include /etc/openldap/schema/inetorgperson.schema
+include /etc/openldap/schema/rfc2307bis.schema
+include /etc/openldap/schema/yast.schema
# Define global ACLs to disable default read access.
@@ -10,13 +14,13 @@ include %SYSCONFDIR%/schema/core.schema
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
-pidfile %LOCALSTATEDIR%/run/slapd.pid
-argsfile %LOCALSTATEDIR%/run/slapd.args
+pidfile /run/slapd/slapd.pid
+argsfile /run/slapd/slapd.args
# Load dynamic backend modules:
-# modulepath %MODULEDIR%
+# modulepath /usr/lib/openldap
# moduleload back_bdb.la
-# moduleload back_hdb.la
+moduleload back_hdb.la
# moduleload back_ldap.la
# Sample security restrictions
@@ -26,20 +30,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
-# Root DSE: allow anyone to read it
-# Subschema (sub)entry DSE: allow anyone to read it
-# Other DSEs:
-# Allow self write access
-# Allow authenticated users read access
-# Allow anonymous users to authenticate
-# Directives needed to implement policy:
-# access to dn.base="" by * read
-# access to dn.base="cn=Subschema" by * read
-# access to *
-# by self write
-# by users read
-# by anonymous auth
-#
+# Root DSE: allow anyone to read it
+# Subschema (sub)entry DSE: allow anyone to read it
+# Other DSEs:
+# Allow self write access to user password
+# Allow anonymous users to authenticate
+# Allow read access to everything else
+# Directives needed to implement policy:
+access to dn.base=""
+ by * read
+
+access to dn.base="cn=Subschema"
+ by * read
+
+access to attrs=userPassword,userPKCS12
+ by self write
+ by * auth
+
+access to attrs=shadowLastChange
+ by self write
+ by * read
+
+access to *
+ by * read
+
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
@@ -50,8 +64,10 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
# BDB database definitions
#######################################################################
-database bdb
+database hdb
suffix "dc=my-domain,dc=com"
+checkpoint 1024 5
+cachesize 10000
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
@@ -60,6 +76,6 @@ rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
-directory %LOCALSTATEDIR%/openldap-data
+directory /var/lib/ldap
# Indices to maintain
index objectClass eq

View File

@ -1,25 +0,0 @@
From fd7bfbc0df0ade534bea84914d385ecf2a73f678 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Tue, 8 Dec 2015 18:17:24 +0000
Subject: ITS#8336 fix page_search_root assert on FreeDB
Let "illegal" branch pages thru on the FreeDB - the condition
is only temporary and will be fixed by the time rebalance finishes.
diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
index fa0c9e5..a624cba 100644
--- a/libraries/liblmdb/mdb.c
+++ b/libraries/liblmdb/mdb.c
@@ -5279,7 +5279,11 @@ mdb_page_search_root(MDB_cursor *mc, MDB_val *key, int flags)
indx_t i;
DPRINTF(("branch page %"Z"u has %u keys", mp->mp_pgno, NUMKEYS(mp)));
- mdb_cassert(mc, NUMKEYS(mp) > 1);
+ /* Don't assert on branch pages in the FreeDB. We can get here
+ * while in the process of rebalancing a FreeDB branch page; we must
+ * let that proceed. ITS#8336
+ */
+ mdb_cassert(mc, !mc->mc_dbi || NUMKEYS(mp) > 1);
DPRINTF(("found index 0 to page %"Z"u", NODEPGNO(NODEPTR(mp, 0))));
if (flags & (MDB_PS_FIRST|MDB_PS_LAST)) {

11
ldapns.ldif Normal file
View File

@ -0,0 +1,11 @@
dn: cn=ldapns,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: ldapns
olcAttributeTypes: {0}( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DES
C 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.
3.6.1.4.1.1466.115.121.1.15{256} )
olcObjectClasses: {0}( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject
' DESC 'Auxiliary object class for adding authorizedService attribute' SUP
top AUXILIARY MAY authorizedService )
olcObjectClasses: {1}( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxil
iary object class for adding host attribute' SUP top AUXILIARY MAY host )

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:34d78e5598a2b0360d26a9050fcdbbe198c65493b013bb607839d5598b6978c8
size 5654057

3
openldap-2.4.44.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400
size 5658830

File diff suppressed because it is too large Load Diff

View File

@ -1,616 +0,0 @@
#
# spec file for package openldap2-client
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define run_test_suite 0
%define version_main 2.4.43
%if %{suse_version} >= 1310 && %{suse_version} != 1315
%define _rundir /run/slapd
%else
%define _rundir /var/run/slapd
%endif
Name: openldap2-client
Summary: The OpenLDAP commandline client tools
License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Clients
Version: %{version_main}
Release: 0
Url: http://www.openldap.org
Source: openldap-%{version_main}.tgz
Source3: DB_CONFIG
Source4: sasl-slapd.conf
Source5: README.module-loading
Source6: schema2ldif
Source7: baselibs.conf
Source9: ldapns.schema
Source10: rfc2307bis.schema
Source11: yast.schema
Source12: slapd.conf.example
Source13: start
Source14: slapd.service
Source15: SuSEfirewall2.openldap
Source16: sysconfig.openldap
Patch2: 0002-slapd.conf.dif
Patch3: 0003-LDAPI-socket-location.dif
Patch5: 0005-pie-compile.dif
Patch6: 0006-No-Build-date-and-time-in-binaries.dif
Patch7: 0007-Recover-on-DB-version-change.dif
Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
Patch11: 0011-openldap-re24-its7796.patch
Patch12: 0012-openldap-re24-its8336.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: cyrus-sasl-devel
BuildRequires: groff
BuildRequires: libopenssl-devel
BuildRequires: libtool
Requires: libldap-2_4-2 = %{version_main}
Recommends: cyrus-sasl
%if "%{name}" == "openldap2"
BuildRequires: db-devel
BuildRequires: openslp-devel
BuildRequires: unixODBC-devel
Conflicts: openldap
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
%if %{suse_version} >= 1310 && %{suse_version} != 1315
# avoid cycle with krb5
BuildRequires: krb5-mini
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
%endif
%else
Conflicts: openldap-client
%endif
# For /usr/bin/strings
Requires(pre): binutils
%if "%{name}" == "openldap2"
%description
OpenLDAP is a client and server reference implementation of the
Lightweight Directory Access Protocol v3 (LDAPv3).
The server provides several database backends and overlays.
%package -n openldap2-back-perl
Summary: OpenLDAP Perl Back-End
Group: Productivity/Networking/LDAP/Servers
Requires: openldap2 = %{version_main}
Requires: perl = %{perl_version}
%description -n openldap2-back-perl
The OpenLDAP Perl back-end allows you to execute Perl code specific to
different LDAP operations.
%package -n openldap2-back-sock
Summary: OpenLDAP Socket Back-End
Group: Productivity/Networking/LDAP/Servers
Requires: openldap2 = %{version_main}
Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz
%description -n openldap2-back-sock
The OpenLDAP socket back-end allows you to handle LDAP requests and
results with an external process listening on a Unix domain socket.
%package -n openldap2-back-meta
Summary: OpenLDAP Meta Back-End
Group: Productivity/Networking/LDAP/Servers
Requires: openldap2 = %{version_main}
Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz
%description -n openldap2-back-meta
The OpenLDAP Meta back-end is able to perform basic LDAP proxying with
respect to a set of remote LDAP servers. The information contained in
these servers can be presented as belonging to a single Directory
Information Tree (DIT).
%package -n openldap2-back-sql
Summary: OpenLDAP SQL Back-End
Group: Productivity/Networking/LDAP/Servers
Requires: openldap2 = %{version_main}
%description -n openldap2-back-sql
The primary purpose of this OpenLDAP backend is to present information
stored in a Relational (SQL) Database as an LDAP subtree without the need
to do any programming.
%package -n openldap2-contrib
Summary: OpenLDAP Contrib Modules
Group: Productivity/Networking/LDAP/Servers
Requires: openldap2 = %{version_main}
%description -n openldap2-contrib
Various overlays found in contrib/:
allop
allowed Generates attributes indicating access rights
autogroup
cloak
denyop
lastbind writes last bind timestamp to entry
noopsrch handles no-op search control
nops
pw-sha2 generates/validates SHA-2 password hashes
pw-pbkdf2 generates/validates PBKDF2 password hashes
smbk5pwd generates Samba3 password hashes (heimdal krb disabled)
%package -n openldap2-doc
Summary: OpenLDAP Documentation
Group: Documentation/Other
Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README
%if 0%{?suse_version} > 1110
BuildArch: noarch
%endif
%description -n openldap2-doc
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
Authors:
--------
The OpenLDAP Project <project@openldap.org>
%else
%description
This package contains the OpenLDAP client utilities.
%package -n openldap2-devel
Summary: Libraries, Header Files and Documentation for OpenLDAP
Group: Development/Libraries/C and C++
# bug437293
%ifarch ppc64
Obsoletes: openldap2-devel-64bit
%endif
#
Conflicts: openldap-devel
Requires: libldap-2_4-2 = %{version_main}
Recommends: cyrus-sasl-devel
%description -n openldap2-devel
This package provides the OpenLDAP libraries, header files, and
documentation.
%package -n openldap2-devel-static
Summary: Static libraries for the OpenLDAP libraries
Group: Development/Libraries/C and C++
Requires: cyrus-sasl-devel
Requires: libopenssl-devel
Requires: openldap2-devel = %version
%description -n openldap2-devel-static
This package provides the static versions of the OpenLDAP libraries
for development.
%package -n libldap-2_4-2
Summary: OpenLDAP Client Libraries
Group: Productivity/Networking/LDAP/Clients
%description -n libldap-2_4-2
This package contains the OpenLDAP client libraries.
%endif
%prep
%setup -q -n openldap-%{version_main}
%patch2 -p1
%patch3 -p1
#%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
cp %{SOURCE5} .
%build
# %{?suse_update_config:%{suse_update_config -f build}}
#libtoolize --force
#autoreconf
# export CFLAGS="${RPM_OPT_FLAGS} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
export CFLAGS="-Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
export STRIP=""
./configure \
--prefix=/usr \
--sysconfdir=%{_sysconfdir} \
--libdir=%{_libdir} \
--libexecdir=%{_libdir} \
--localstatedir=%{_rundir} \
--enable-wrappers=no \
--enable-spasswd \
--enable-modules \
--enable-shared \
--enable-dynamic \
--with-tls=openssl \
--with-cyrus-sasl \
--enable-crypt \
--enable-ipv6=yes \
%if "%{name}" == "openldap2"
--enable-aci \
--enable-bdb=mod \
--enable-hdb=mod \
--enable-rewrite \
--enable-ldap=mod \
--enable-meta=mod \
--enable-monitor=mod \
--enable-perl=mod \
--enable-sock=mod \
--enable-sql=mod \
--enable-mdb=mod \
--enable-relay=mod \
--enable-slp \
--enable-overlays=mod \
--enable-syncprov=mod \
--enable-ppolicy=mod \
%else
--disable-slapd \
%endif
--enable-lmpasswd \
--with-yielding-select \
|| cat config.log
make depend
make %{?_smp_mflags}
%if "%{name}" == "openldap2"
# Build selected contrib overlays
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
do
make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
done
# One more level up needed because of passwd/sha2
# slapo-smbk5pwd only for Samba password hashes
make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""
%endif
%check
%if %run_test_suite
# calculate the base port to be use in the test-suite
SLAPD_BASEPORT=10000
if [ -f /.buildenv ] ; then
. /.buildenv
SLAPD_BASEPORT=$(($SLAPD_BASEPORT + ${BUILD_INCARNATION:-0} * 10))
fi
export SLAPD_BASEPORT
%ifnarch %arm alpha
rm -f tests/scripts/test019-syncreplication-cascade
rm -f tests/scripts/test022-ppolicy
rm -f tests/scripts/test023-refint
rm -f tests/scripts/test033-glue-syncrepl
#rm -f tests/scripts/test036-meta-concurrency
#rm -f tests/scripts/test039-glue-ldap-concurrency
rm -f tests/scripts/test043-delta-syncrepl
#rm -f tests/scripts/test045-syncreplication-proxied
rm -f tests/scripts/test048-syncrepl-multiproxy
rm -f tests/scripts/test050-syncrepl-multimaster
rm -f tests/scripts/test058-syncrepl-asymmetric
make SLAPD_DEBUG=0 test
%endif
%endif
%install
mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}/openldap
mkdir -p ${RPM_BUILD_ROOT}/usr/lib/openldap
mkdir -p ${RPM_BUILD_ROOT}/usr/sbin
mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir}
make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
# Additional symbolic link to slapd executable in /usr/sbin/
%if "%{name}" == "openldap2"
ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd
%endif
%if "%{name}" == "openldap2"
# Install selected contrib overlays
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
do
make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
done
# slapo-smbk5pwd only for Samba password hashes
make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
%endif
install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start
install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir}
mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d
mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2
install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2/slapd.conf
install -m 755 -d ${RPM_BUILD_ROOT}/var/lib/ldap
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so*
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so*
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so*
install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif
%if "%{name}" == "openldap2"
%define DOCDIR %{_defaultdocdir}/%{name}
mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates
install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap
install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG
install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example
install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap
rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d`
rm -rf doc/guide/release
install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \
${RPM_BUILD_ROOT}/%{DOCDIR}/images \
${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
install -m 644 doc/guide/admin/* ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide
install -m 644 doc/guide/images/*.gif ${RPM_BUILD_ROOT}/%{DOCDIR}/images
install -m 644 doc/drafts/* ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
install -m 644 ANNOUNCEMENT \
COPYRIGHT \
LICENSE \
README \
CHANGES \
%{SOURCE5} \
${RPM_BUILD_ROOT}/%{DOCDIR}
install -m 644 servers/slapd/slapd.ldif \
${RPM_BUILD_ROOT}/%{DOCDIR}/slapd.ldif.default
rm -f ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example
rm -f ${RPM_BUILD_ROOT}/etc/openldap/schema/README
rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif*
rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example
mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
# Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO
# /usr/sbin/service exists only since openSUSE 12.3:
%if 0%{?suse_version} > 1220
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcslapd
%else
ln -s /sbin/service %{buildroot}%{_sbindir}/rcslapd
%endif
%endif
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-null.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-passwd.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-shell.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5
# Remove *.la files, libtool does not handle this correct
rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la
#put filelists into files
cat >openldap2.filelist <<EOF
/var/adm/fillup-templates/sysconfig.openldap
%config /etc/sysconfig/SuSEfirewall2.d/services/openldap
/usr/sbin/slap*
/usr/sbin/rcslapd
%dir /etc/sasl2
%dir /etc/openldap
%dir %attr(0770, ldap, ldap) /etc/openldap/slapd.d
%dir /etc/openldap/schema
%config /etc/openldap/schema/*.schema
%config /etc/openldap/schema/*.ldif
%config(noreplace) %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf
%config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG
%config /var/lib/ldap/DB_CONFIG.example
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.example
%config(noreplace) /etc/sasl2/slapd.conf
%dir /usr/lib/openldap
%dir /%{_libdir}/openldap
%{_libdir}/openldap/back_bdb*
%{_libdir}/openldap/back_hdb*
%{_libdir}/openldap/back_ldap*
%{_libdir}/openldap/back_mdb*
%{_libdir}/openldap/back_monitor*
%{_libdir}/openldap/back_relay*
%{_libdir}/openldap/accesslog*
%{_libdir}/openldap/auditlog*
%{_libdir}/openldap/collect*
%{_libdir}/openldap/constraint*
%{_libdir}/openldap/dds*
%{_libdir}/openldap/deref*
%{_libdir}/openldap/dyngroup*
%{_libdir}/openldap/dynlist*
%{_libdir}/openldap/memberof*
%{_libdir}/openldap/pcache*
%{_libdir}/openldap/ppolicy*
%{_libdir}/openldap/refint*
%{_libdir}/openldap/retcode*
%{_libdir}/openldap/rwm*
%{_libdir}/openldap/seqmod*
%{_libdir}/openldap/sssvlv*
%{_libdir}/openldap/syncprov*
%{_libdir}/openldap/translucent*
%{_libdir}/openldap/unique*
%{_libdir}/openldap/valsort*
%{_libdir}/slapd
/usr/lib/openldap/start
%{_unitdir}/slapd.service
%dir %attr(0750, ldap, ldap) /var/lib/ldap
%ghost %attr(0750, ldap, ldap) %{_rundir}
%doc %{_mandir}/man8/sl*
%doc %{_mandir}/man5/slapd.*
%doc %{_mandir}/man5/slapd-bdb.*
%doc %{_mandir}/man5/slapd-config.*
%doc %{_mandir}/man5/slapd-hdb.*
%doc %{_mandir}/man5/slapd-ldbm.*
%doc %{_mandir}/man5/slapd-ldap.*
%doc %{_mandir}/man5/slapd-ldif.*
%doc %{_mandir}/man5/slapd-mdb.*
%doc %{_mandir}/man5/slapd-monitor.*
%doc %{_mandir}/man5/slapd-relay.*
%doc %{_mandir}/man5/slapo-*
%dir %{DOCDIR}
%doc %{DOCDIR}/ANNOUNCEMENT
%doc %{DOCDIR}/COPYRIGHT
%doc %{DOCDIR}/LICENSE
%doc %{DOCDIR}/README*
%doc %{DOCDIR}/CHANGES
%doc %{DOCDIR}/slapd.ldif.default
EOF
#
#
cat > openldap2-client.filelist <<EOF
%dir /etc/openldap
%config(noreplace) /etc/openldap/ldap.conf
/etc/openldap/ldap.conf.default
/usr/bin/ldapadd
/usr/bin/ldapcompare
/usr/bin/ldapdelete
/usr/bin/ldapexop
/usr/bin/ldapmodify
/usr/bin/ldapmodrdn
/usr/bin/ldapsearch
/usr/bin/ldappasswd
/usr/bin/ldapurl
/usr/bin/ldapwhoami
/usr/sbin/schema2ldif
%doc %{_mandir}/man1/ldap*
%doc %{_mandir}/man5/ldap.conf*
%doc %{_mandir}/man5/ldif.*
EOF
cat > libldap.filelist <<EOF
%{_libdir}/liblber*2.4.so.*
%{_libdir}/libldap*2.4.so.*
EOF
cat > openldap2-devel.filelist <<EOF
/usr/include/*.h
%{_libdir}/liblber.so
%{_libdir}/libldap*.so
%doc %{_mandir}/man3/ber*
%doc %{_mandir}/man3/lber*
%doc %{_mandir}/man3/ld_errno*
%doc %{_mandir}/man3/ldap*
EOF
cat > openldap2-devel-static.filelist <<-EOF
%_libdir/liblber.a
%_libdir/libldap*.a
EOF
cat > openldap2-back-perl.filelist <<EOF
%{_libdir}/openldap/back_perl*
%doc %{_mandir}/man5/slapd-perl.*
EOF
cat > openldap2-back-sock.filelist <<EOF
%{_libdir}/openldap/back_sock*
%doc %{_mandir}/man5/slapd-sock.*
EOF
cat > openldap2-back-meta.filelist <<EOF
%{_libdir}/openldap/back_meta*
%doc %{_mandir}/man5/slapd-meta.*
EOF
cat > openldap2-back-sql.filelist <<EOF
%{_libdir}/openldap/back_sql*
%doc %{_mandir}/man5/slapd-sql.*
%doc servers/slapd/back-sql/examples
%doc servers/slapd/back-sql/docs/bugs
%doc servers/slapd/back-sql/docs/install
EOF
cat > openldap2-contrib.filelist <<EOF
%{_libdir}/openldap/allowed.*
%{_libdir}/openldap/allop.*
%{_libdir}/openldap/autogroup.*
%{_libdir}/openldap/lastbind.*
%{_libdir}/openldap/noopsrch.*
%{_libdir}/openldap/nops.*
%{_libdir}/openldap/pw-sha2.*
%{_libdir}/openldap/pw-pbkdf2.*
%{_libdir}/openldap/denyop.*
%{_libdir}/openldap/cloak.*
%{_libdir}/openldap/smbk5pwd.*
EOF
cat >openldap2-doc.filelist <<EOF
%dir %{DOCDIR}
%doc %{DOCDIR}/drafts
%doc %{DOCDIR}/adminguide
%doc %{DOCDIR}/images
EOF
#remove files from other spec file
%if "%{name}" == "openldap2"
cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \
openldap2-devel-static.filelist |
%else
cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-sock.filelist \
openldap2-back-meta.filelist openldap2-back-sql.filelist \
openldap2-doc.filelist openldap2-contrib.filelist |
%endif
grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
rm -rf ${RPM_BUILD_ROOT}${name}
done
%if "%{name}" == "openldap2"
%pre
/usr/sbin/groupadd -g 70 -o -r ldap || :
/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || :
if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then
touch %{_rundir}/enable_slapd_service
fi
%service_add_pre slapd.service
%post
if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
fi
%{fillup_only -n openldap ldap}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%service_add_post slapd.service
if [ -f %{_rundir}/enable_slapd_service ]; then
/usr/bin/systemctl --quiet enable slapd
fi
%preun
%service_del_preun slapd.service
%postun
%service_del_postun slapd.service
%files -f openldap2.filelist
%defattr(-,root,root)
%files -n openldap2-back-perl -f openldap2-back-perl.filelist
%defattr(-,root,root)
%files -n openldap2-back-sock -f openldap2-back-sock.filelist
%defattr(-,root,root)
%files -n openldap2-back-meta -f openldap2-back-meta.filelist
%defattr(-,root,root)
%files -n openldap2-back-sql -f openldap2-back-sql.filelist
%defattr(-,root,root)
%files -n openldap2-doc -f openldap2-doc.filelist
%defattr(-,root,root)
%files -n openldap2-contrib -f openldap2-contrib.filelist
%defattr(-,root,root)
%else
%post -n libldap-2_4-2 -p /sbin/ldconfig
%postun -n libldap-2_4-2 -p /sbin/ldconfig
%files -f openldap2-client.filelist
%defattr(-,root,root)
%files -n libldap-2_4-2 -f libldap.filelist
%defattr(-,root,root)
%files -n openldap2-devel -f openldap2-devel.filelist
%defattr(-,root,root)
%files -n openldap2-devel-static -f openldap2-devel-static.filelist
%defattr(-,root,root)
%endif
%changelog

View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Mon Feb 8 14:40:32 UTC 2016 - hguo@suse.com
- Remove openldap2-client.spec and openldap2-client.changes
openldap2.spec now builds client utilities and libraries.
Thus pre_checkin.sh is removed.
- Move ldap.conf and its manual page from openldap2-client package
to libldap-2_4-2 package, which is more appropriate.
- Use RPM_OPT_FLAGS in build flags.
- Macros dealing with old/unsupported distributions are removed.
- Remove 0002-slapd.conf.dif and install improved slapd.conf from
new source file slapd.conf.
- Install slapd.conf.olctemplate to assist in preparing slapd.d
for OLC.
- Be explicit in sysconfig that by default openldap will use
static file configuration.
- Add the following schemas in LDIF format:
* rfc2307bis.ldif
* ldapns.ldif
* yast.ldif
- Other minor clean-ups in the spec file.
-------------------------------------------------------------------
Mon Feb 8 13:24:49 UTC 2016 - mpluskal@suse.com
- Use optflags when building
-------------------------------------------------------------------
Sat Feb 6 12:10:53 UTC 2016 - michael@stroeder.com
- Upgrade to upstream 2.4.44 release with accumulated bug fixes.
- Specify source with FTP URL
- Removed obsolete 0012-openldap-re24-its8336.patch
-------------------------------------------------------------------
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com

View File

@ -17,7 +17,7 @@
%define run_test_suite 0
%define version_main 2.4.43
%define version_main 2.4.44
%if %{suse_version} >= 1310 && %{suse_version} != 1315
%define _rundir /run/slapd
@ -26,13 +26,15 @@
%endif
Name: openldap2
Summary: The OpenLDAP Server
Summary: An open source implementation of the Lightweight Directory Access Protocol
License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Clients
Group: Productivity/Networking/LDAP/Servers
Version: %{version_main}
Release: 0
Url: http://www.openldap.org
Source: openldap-%{version_main}.tgz
Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
Source1: slapd.conf
Source2: slapd.conf.olctemplate
Source3: DB_CONFIG
Source4: sasl-slapd.conf
Source5: README.module-loading
@ -46,7 +48,9 @@ Source13: start
Source14: slapd.service
Source15: SuSEfirewall2.openldap
Source16: sysconfig.openldap
Patch2: 0002-slapd.conf.dif
Source17: ldapns.ldif
Source18: rfc2307bis.ldif
Source19: yast.ldif
Patch3: 0003-LDAPI-socket-location.dif
Patch5: 0005-pie-compile.dif
Patch6: 0006-No-Build-date-and-time-in-binaries.dif
@ -55,34 +59,27 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
Patch11: 0011-openldap-re24-its7796.patch
Patch12: 0012-openldap-re24-its8336.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: cyrus-sasl-devel
BuildRequires: db-devel
BuildRequires: groff
BuildRequires: libopenssl-devel
BuildRequires: libtool
Requires: libldap-2_4-2 = %{version_main}
Recommends: cyrus-sasl
%if "%{name}" == "openldap2"
BuildRequires: db-devel
BuildRequires: openslp-devel
BuildRequires: unixODBC-devel
Conflicts: openldap
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
%if %{suse_version} >= 1310 && %{suse_version} != 1315
# avoid cycle with krb5
BuildRequires: krb5-mini
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
%endif
%else
Conflicts: openldap-client
%endif
Requires: libldap-2_4-2 = %{version_main}
Recommends: cyrus-sasl
Conflicts: openldap
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
# For /usr/bin/strings
Requires(pre): binutils
%if "%{name}" == "openldap2"
%description
OpenLDAP is a client and server reference implementation of the
Lightweight Directory Access Protocol v3 (LDAPv3).
@ -157,19 +154,21 @@ Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README
%if 0%{?suse_version} > 1110
BuildArch: noarch
%endif
%description -n openldap2-doc
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts.
Authors:
--------
The OpenLDAP Project <project@openldap.org>
%else
%description
This package contains the OpenLDAP client utilities.
%package -n openldap2-client
Summary: OpenLDAP client utilities
Group: Productivity/Networking/LDAP/Clients
Requires: libldap-2_4-2 = %{version_main}
%description -n openldap2-client
OpenLDAP client utilities such as ldapadd, ldapsearch, ldapmodify.
%package -n openldap2-devel
Summary: Libraries, Header Files and Documentation for OpenLDAP
@ -205,13 +204,9 @@ Group: Productivity/Networking/LDAP/Clients
%description -n libldap-2_4-2
This package contains the OpenLDAP client libraries.
%endif
%prep
%setup -q -n openldap-%{version_main}
%patch2 -p1
%patch3 -p1
#%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
@ -219,15 +214,10 @@ This package contains the OpenLDAP client libraries.
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
cp %{SOURCE5} .
%build
# %{?suse_update_config:%{suse_update_config -f build}}
#libtoolize --force
#autoreconf
# export CFLAGS="${RPM_OPT_FLAGS} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
export CFLAGS="-Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
export CFLAGS="%{optflags} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
export STRIP=""
./configure \
--prefix=/usr \
@ -244,7 +234,6 @@ export STRIP=""
--with-cyrus-sasl \
--enable-crypt \
--enable-ipv6=yes \
%if "%{name}" == "openldap2"
--enable-aci \
--enable-bdb=mod \
--enable-hdb=mod \
@ -261,15 +250,11 @@ export STRIP=""
--enable-overlays=mod \
--enable-syncprov=mod \
--enable-ppolicy=mod \
%else
--disable-slapd \
%endif
--enable-lmpasswd \
--with-yielding-select \
|| cat config.log
make depend
make %{?_smp_mflags}
%if "%{name}" == "openldap2"
# Build selected contrib overlays
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
do
@ -278,7 +263,6 @@ done
# One more level up needed because of passwd/sha2
# slapo-smbk5pwd only for Samba password hashes
make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""
%endif
%check
%if %run_test_suite
@ -312,10 +296,7 @@ mkdir -p ${RPM_BUILD_ROOT}/usr/sbin
mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir}
make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
# Additional symbolic link to slapd executable in /usr/sbin/
%if "%{name}" == "openldap2"
ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd
%endif
%if "%{name}" == "openldap2"
# Install selected contrib overlays
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
do
@ -323,7 +304,6 @@ do
done
# slapo-smbk5pwd only for Samba password hashes
make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
%endif
install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start
install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir}
mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d
@ -334,20 +314,28 @@ chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so*
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so*
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so*
install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif
%if "%{name}" == "openldap2"
%define DOCDIR %{_defaultdocdir}/%{name}
mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates
install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap
install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE17} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE18} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE19} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
# Install default and sample configuration files
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
install -m 644 %{SOURCE2} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
# Install default database optimisations
install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG
install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example
install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap
rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d`
rm -rf doc/guide/release
%define DOCDIR %{_defaultdocdir}/%{name}
install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \
${RPM_BUILD_ROOT}/%{DOCDIR}/images \
${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
@ -368,14 +356,9 @@ rm -f ${RPM_BUILD_ROOT}/etc/openldap/schema/README
rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif*
rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example
mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
# Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO
# /usr/sbin/service exists only since openSUSE 12.3:
%if 0%{?suse_version} > 1220
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcslapd
%else
ln -s /sbin/service %{buildroot}%{_sbindir}/rcslapd
%endif
%endif
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5
@ -386,26 +369,57 @@ rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5
# Remove *.la files, libtool does not handle this correct
rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la
#put filelists into files
cat >openldap2.filelist <<EOF
/var/adm/fillup-templates/sysconfig.openldap
%config /etc/sysconfig/SuSEfirewall2.d/services/openldap
/usr/sbin/slap*
/usr/sbin/rcslapd
%dir /etc/sasl2
%dir /etc/openldap
%dir %attr(0770, ldap, ldap) /etc/openldap/slapd.d
%dir /etc/openldap/schema
%config /etc/openldap/schema/*.schema
%config /etc/openldap/schema/*.ldif
%config(noreplace) %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf
%pre
/usr/sbin/groupadd -g 70 -o -r ldap || :
/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || :
if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then
touch %{_rundir}/enable_slapd_service
fi
%service_add_pre slapd.service
%post
if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
fi
%{fillup_only -n openldap ldap}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%service_add_post slapd.service
if [ -f %{_rundir}/enable_slapd_service ]; then
/usr/bin/systemctl --quiet enable slapd
fi
%post -n libldap-2_4-2 -p /sbin/ldconfig
%postun -n libldap-2_4-2 -p /sbin/ldconfig
%preun
%service_del_preun slapd.service
%postun
%service_del_postun slapd.service
%files
%defattr(-,root,root)
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openldap
%config %{_sysconfdir}/openldap/schema/*.schema
%config %{_sysconfdir}/openldap/schema/*.ldif
%config(noreplace) /etc/sasl2/slapd.conf
%config(noreplace) %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf
%config(noreplace) %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf.olctemplate
%config %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf.default
%config %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf.example
%config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG
%config /var/lib/ldap/DB_CONFIG.example
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.example
%config(noreplace) /etc/sasl2/slapd.conf
%dir /usr/lib/openldap
%dir /%{_libdir}/openldap
%dir %{_libdir}/openldap
%dir %{_libexecdir}/openldap
%dir %{_sysconfdir}/sasl2
%dir %{_sysconfdir}/openldap
%dir %attr(0770, ldap, ldap) %{_sysconfdir}/openldap/slapd.d
%dir %{_sysconfdir}/openldap/schema
/var/adm/fillup-templates/sysconfig.openldap
%{_sbindir}/slap*
%{_sbindir}/rcslapd
%{_libdir}/openldap/back_bdb*
%{_libdir}/openldap/back_hdb*
%{_libdir}/openldap/back_ldap*
@ -433,7 +447,7 @@ cat >openldap2.filelist <<EOF
%{_libdir}/openldap/unique*
%{_libdir}/openldap/valsort*
%{_libdir}/slapd
/usr/lib/openldap/start
%{_libexecdir}/openldap/start
%{_unitdir}/slapd.service
%dir %attr(0750, ldap, ldap) /var/lib/ldap
%ghost %attr(0750, ldap, ldap) %{_rundir}
@ -456,65 +470,39 @@ cat >openldap2.filelist <<EOF
%doc %{DOCDIR}/README*
%doc %{DOCDIR}/CHANGES
%doc %{DOCDIR}/slapd.ldif.default
EOF
#
#
cat > openldap2-client.filelist <<EOF
%dir /etc/openldap
%config(noreplace) /etc/openldap/ldap.conf
/etc/openldap/ldap.conf.default
/usr/bin/ldapadd
/usr/bin/ldapcompare
/usr/bin/ldapdelete
/usr/bin/ldapexop
/usr/bin/ldapmodify
/usr/bin/ldapmodrdn
/usr/bin/ldapsearch
/usr/bin/ldappasswd
/usr/bin/ldapurl
/usr/bin/ldapwhoami
/usr/sbin/schema2ldif
%doc %{_mandir}/man1/ldap*
%doc %{_mandir}/man5/ldap.conf*
%doc %{_mandir}/man5/ldif.*
EOF
cat > libldap.filelist <<EOF
%{_libdir}/liblber*2.4.so.*
%{_libdir}/libldap*2.4.so.*
EOF
cat > openldap2-devel.filelist <<EOF
/usr/include/*.h
%{_libdir}/liblber.so
%{_libdir}/libldap*.so
%doc %{_mandir}/man3/ber*
%doc %{_mandir}/man3/lber*
%doc %{_mandir}/man3/ld_errno*
%doc %{_mandir}/man3/ldap*
EOF
cat > openldap2-devel-static.filelist <<-EOF
%_libdir/liblber.a
%_libdir/libldap*.a
EOF
cat > openldap2-back-perl.filelist <<EOF
%files -n openldap2-back-perl
%defattr(-,root,root)
%{_libdir}/openldap/back_perl*
%doc %{_mandir}/man5/slapd-perl.*
EOF
cat > openldap2-back-sock.filelist <<EOF
%files -n openldap2-back-sock
%defattr(-,root,root)
%{_libdir}/openldap/back_sock*
%doc %{_mandir}/man5/slapd-sock.*
EOF
cat > openldap2-back-meta.filelist <<EOF
%files -n openldap2-back-meta
%defattr(-,root,root)
%{_libdir}/openldap/back_meta*
%doc %{_mandir}/man5/slapd-meta.*
EOF
cat > openldap2-back-sql.filelist <<EOF
%files -n openldap2-back-sql
%defattr(-,root,root)
%{_libdir}/openldap/back_sql*
%doc %{_mandir}/man5/slapd-sql.*
%doc servers/slapd/back-sql/examples
%doc servers/slapd/back-sql/docs/bugs
%doc servers/slapd/back-sql/docs/install
EOF
cat > openldap2-contrib.filelist <<EOF
%files -n openldap2-doc
%defattr(-,root,root)
%dir %{DOCDIR}
%doc %{DOCDIR}/drafts
%doc %{DOCDIR}/adminguide
%doc %{DOCDIR}/images
%files -n openldap2-contrib
%defattr(-,root,root)
%{_libdir}/openldap/allowed.*
%{_libdir}/openldap/allop.*
%{_libdir}/openldap/autogroup.*
@ -526,91 +514,45 @@ cat > openldap2-contrib.filelist <<EOF
%{_libdir}/openldap/denyop.*
%{_libdir}/openldap/cloak.*
%{_libdir}/openldap/smbk5pwd.*
EOF
cat >openldap2-doc.filelist <<EOF
%dir %{DOCDIR}
%doc %{DOCDIR}/drafts
%doc %{DOCDIR}/adminguide
%doc %{DOCDIR}/images
EOF
#remove files from other spec file
%if "%{name}" == "openldap2"
cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \
openldap2-devel-static.filelist |
%else
cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-sock.filelist \
openldap2-back-meta.filelist openldap2-back-sql.filelist \
openldap2-doc.filelist openldap2-contrib.filelist |
%endif
grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
rm -rf ${RPM_BUILD_ROOT}${name}
done
%if "%{name}" == "openldap2"
%pre
/usr/sbin/groupadd -g 70 -o -r ldap || :
/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || :
if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then
touch %{_rundir}/enable_slapd_service
fi
%service_add_pre slapd.service
%post
if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
fi
%{fillup_only -n openldap ldap}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%service_add_post slapd.service
if [ -f %{_rundir}/enable_slapd_service ]; then
/usr/bin/systemctl --quiet enable slapd
fi
%preun
%service_del_preun slapd.service
%postun
%service_del_postun slapd.service
%files -f openldap2.filelist
%files -n openldap2-client
%defattr(-,root,root)
%doc %{_mandir}/man1/ldap*
%doc %{_mandir}/man5/ldif.*
%dir /etc/openldap
/usr/sbin/schema2ldif
/usr/bin/ldapadd
/usr/bin/ldapcompare
/usr/bin/ldapdelete
/usr/bin/ldapexop
/usr/bin/ldapmodify
/usr/bin/ldapmodrdn
/usr/bin/ldapsearch
/usr/bin/ldappasswd
/usr/bin/ldapurl
/usr/bin/ldapwhoami
%files -n openldap2-back-perl -f openldap2-back-perl.filelist
%files -n libldap-2_4-2
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/openldap/ldap.conf
%doc %{_mandir}/man5/ldap.conf*
%{_sysconfdir}/openldap/ldap.conf.default
%{_libdir}/liblber*2.4.so.*
%{_libdir}/libldap*2.4.so.*
%files -n openldap2-back-sock -f openldap2-back-sock.filelist
%files -n openldap2-devel
%defattr(-,root,root)
%doc %{_mandir}/man3/ber*
%doc %{_mandir}/man3/lber*
%doc %{_mandir}/man3/ld_errno*
%doc %{_mandir}/man3/ldap*
%{_includedir}/*.h
%{_libdir}/liblber.so
%{_libdir}/libldap*.so
%files -n openldap2-back-meta -f openldap2-back-meta.filelist
%files -n openldap2-devel-static
%defattr(-,root,root)
%files -n openldap2-back-sql -f openldap2-back-sql.filelist
%defattr(-,root,root)
%files -n openldap2-doc -f openldap2-doc.filelist
%defattr(-,root,root)
%files -n openldap2-contrib -f openldap2-contrib.filelist
%defattr(-,root,root)
%else
%post -n libldap-2_4-2 -p /sbin/ldconfig
%postun -n libldap-2_4-2 -p /sbin/ldconfig
%files -f openldap2-client.filelist
%defattr(-,root,root)
%files -n libldap-2_4-2 -f libldap.filelist
%defattr(-,root,root)
%files -n openldap2-devel -f openldap2-devel.filelist
%defattr(-,root,root)
%files -n openldap2-devel-static -f openldap2-devel-static.filelist
%defattr(-,root,root)
%endif
%_libdir/liblber.a
%_libdir/libldap*.a
%changelog

View File

@ -1,14 +0,0 @@
#!/bin/bash
echo -n "Generating openldap2-client "
cp openldap2.changes openldap2-client.changes
cp openldap2.spec openldap2-client.spec
perl -pi -e "s/^Name:.*openldap2$/Name: openldap2-client/g" openldap2-client.spec
perl -pi -e "s/^Summary:.*Server$/Summary: The OpenLDAP commandline client tools/" openldap2-client.spec
osc service localrun format_spec_file
echo "Done."

146
rfc2307bis.ldif Normal file
View File

@ -0,0 +1,146 @@
dn: cn=rfc2307bis,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: rfc2307bis
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field;
the common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absol
ute path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4
.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to
the login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121
.1.26 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY int
egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY intege
rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integ
erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY intege
rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExac
tIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY
caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146
6.115.121.1.26 )
olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Net
group triple' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1
.26 )
olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Service
port number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI
NGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Ser
vice protocol name' SUP name )
olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'IP p
rotocol number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'ONC RPC
number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V
ALUE )
olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IPv4 add
resses as a dotted decimal omitting leading zeros or IPv6 addresses
as defined in RFC2373' SUP name )
olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP ne
twork as a dotted decimal, eg. 192.168, omitting leading zeros' SUP
name SINGLE-VALUE )
olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP ne
tmask as a dotted decimal, eg. 255.255.255.0, omitting leading zeros
' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V
ALUE )
olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC addres
s in maximal, colon separated hex notation, eg. 00:00:92:90:ee:e2' E
QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.boo
tparamd parameter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.26 )
olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image n
ame' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Name of a
A generic NIS map' SUP name )
olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'A generic
NIS entry' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch S
YNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {25}( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' DESC 'NIS publ
ic key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING
LE-VALUE )
olcAttributeTypes: {26}( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' DESC 'NIS secr
et key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING
LE-VALUE )
olcAttributeTypes: {27}( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {28}( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'auto
mount Map Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {29}( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automoun
t Key value' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {30}( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC '
Automount information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substr
ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction
of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ u
idNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ ge
cos $ description ) )
olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional
attributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPass
word $ description $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarni
ng $ shadowInactive $ shadowExpire $ shadowFlag ) )
olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction o
f a group of accounts' SUP top AUXILIARY MUST gidNumber MAY ( userPassword
$ memberUid $ description ) )
olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an
Internet Protocol service. Maps an IP port and protocol (such as tc
p or udp) to one or more names; the distinguished value of th
e cn attribute denotes the services canonical name' SUP top STRUCTUR
AL MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY description )
olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction o
f an IP protocol. Maps a protocol number to one or more names. The d
istinguished value of the cn attribute denotes the protocols canonic
al name' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber ) MAY description
)
olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an
Open Network Computing (ONC) [RFC1057] Remote Procedure Call (RPC) b
inding. This class maps an ONC RPC number to a name. The distin
guished value of the cn attribute denotes the RPC services canonical
name' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber ) MAY description )
olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a
host, an IP device. The distinguished value of the cn attribute deno
tes the hosts canonical name. Device SHOULD be used as a structural
class' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( userPassword $ l
$ description $ manager ) )
olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of
a network. The distinguished value of the cn attribute denotes the
networks canonical name' SUP top STRUCTURAL MUST ipNetworkNumber MAY ( cn $
ipNetmaskNumber $ l $ description $ manager ) )
olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction
of a netgroup. May refer to other netgroups' SUP top STRUCTURAL MUST cn MAY
( nisNetgroupTriple $ memberNisNetgroup $ description ) )
olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstrac
tion of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in
a NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY de
scription )
olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device
with a MAC address; device SHOULD be used as a structural class' SU
P top AUXILIARY MAY macAddress )
olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A devic
e with boot parameters; device SHOULD be used as a structural class'
SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
olcObjectClasses: {13}( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' DESC 'An object
with a public and secret key' SUP top AUXILIARY MUST ( cn $ nisPublicKey $
nisSecretKey ) MAY ( uidNumber $ description ) )
olcObjectClasses: {14}( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'Associ
ates a NIS domain with a naming context' SUP top AUXILIARY MUST nisDomain )
olcObjectClasses: {15}( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTU
RAL MUST automountMapName MAY description )
olcObjectClasses: {16}( 1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount in
formation' SUP top STRUCTURAL MUST ( automountKey $ automountInformation )
MAY description )
olcObjectClasses: {17}( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top S
TRUCTURAL MAY cn )

87
slapd.conf Normal file
View File

@ -0,0 +1,87 @@
# This file (slapd.conf) is the static configuration file of OpenLDAP server daemon.
#
# OpenLDAP daemon (slapd.service) supports two configuration styles:
# - Simple configuration with this file
# - Online configuration (OLC)
#
# You may choose the configuration style by setting it in:
# /etc/sysconfig/openldap OPENLDAP_CONFIG_BACKEND="files|ldap"
# If the value is set to "files", this configuration file will be used.
# If the value is set to "ldap", this configuration file will be entirely ignored, and
# the OLC configuration from /etc/openldap/slapd.d will be loaded.
#
# If you decide to use online configuration, please read the additional instructions in:
# /etc/openldap/slapd.conf.olctemplate
#
# Feel free to customise this file according to your needs, and start OpenLDAP
# server daemon by executing:
# systemctl start slapd.service
#
# To verify that LDAP service is running properly, try the following command:
# ldapsearch -x -D cn=Manager,dc=my-domain,dc=com -w secret -s base namingContexts
#
# See slapd.conf(5) for details on configuration options.
# See /etc/openldap/slapd.conf.example for more examples.
# This file should NOT be world readable.
#
pidfile /run/slapd/slapd.pid
argsfile /run/slapd/slapd.args
# The following schema files are often useful
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
# Load backend modules such as databas engines
modulepath /usr/lib64/openldap
moduleload back_mdb.la
#moduleload back_hdb.la
#moduleload back_bdb.la
# Very important: define ACL to authorise client access
# The default settings permit rootdn to read and write, while other users
# may read the entire database or change their own password.
# If no ACL is present, everyone will be allowed to read the database.
# rootdn can always read and write everything.
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attrs=userPassword,userPKCS12
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
# Define a LDAP database
database mdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# Please avoid using clear text for root password
# See slappasswd(8) for instructions on creating a salted+hashed password
rootpw secret
# The database directory must exist prior to the start of OpenLDAP daemon
# The directory should be owned by ldap user and permission 0700 is recommended
directory /var/lib/ldap
# Indices to maintain
index objectClass eq
# Using TLS to secure communication between LDAP clients and the server is strongly recommended
# To enable TLS, first visit /etc/sysconfig/openldap and set OPENLDAP_START_LDAPS="yes", then
# set and uncomment the following lines:
#TLSProtocolMin 3.1
#TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH
#TLSCACertificateFile /my/ca.crt
#TLSCertificateFile /my/tls.crt
#TLSCertificateKeyFile /my/tls.key

46
slapd.conf.olctemplate Normal file
View File

@ -0,0 +1,46 @@
# This file (slapd.conf.olctemplate) is a template for creating the initial
# online configuration for OpenLDAP server daemon.
#
# In order to use online configuration for OpenLDAP server daemon, make sure to set:
# /etc/sysconfig/openldap OPENLDAP_CONFIG_BACKEND="ldap"
#
# Before starting the OpenLDAP daemon (slapd.conf) with onlne configuration for
# the very first time, you have to prepare the online configuration directory
# from this template file - first, make necessary customisations if you wish, and then
# run:
# cd /etc/openldap && slaptest -f slapd.conf.olctemplate -F slapd.d
#
# Then you may start OpenLDAP daemon:
# systemctl start slapd.service
#
# To verify that LDAP service is running properly, try the following command:
# ldapsearch -x -D cn=admin,cn=config -w secret -b cn=config
#
# See slapd.conf(5) for details on configuration options.
# See /etc/openldap/slapd.conf.example for more examples.
# This file should NOT be world readable.
#
pidfile /run/slapd/slapd.pid
argsfile /run/slapd/slapd.args
# The following schema files are often useful
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
# Load backend modules such as database engines
modulepath /usr/lib64/openldap
moduleload back_mdb.la
#moduleload back_hdb.la
#moduleload back_bdb.la
# Define the config database that holds all online configurations
database config
rootdn "cn=admin,cn=config"
# Please avoid using clear text for root password
# See slappasswd(8) for instructions on creating a salted+hashed password
rootpw secret

View File

@ -146,7 +146,7 @@ OPENLDAP_KRB5_KEYTAB=""
# use. Possible values are "files" for slapd.conf(5) styleconfiguration or
# "ldap" for the slapd-config(5) LDAP based configuration backend.
#
OPENLDAP_CONFIG_BACKEND=""
OPENLDAP_CONFIG_BACKEND="files"
## Type: yesno
## Default: "yes"

99
yast.ldif Normal file
View File

@ -0,0 +1,99 @@
dn: cn=yast,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: yast
olcObjectIdentifier: {0}SUSE 1.3.6.1.4.1.7057
olcObjectIdentifier: {1}SUSE.YaST SUSE:10.1
olcObjectIdentifier: {2}SUSE.YaST.ModuleConfig SUSE:10.1.2
olcObjectIdentifier: {3}SUSE.YaST.ModuleConfig.OC SUSE.YaST.ModuleConfig:1
olcObjectIdentifier: {4}SUSE.YaST.ModuleConfig.Attr SUSE.YaST.ModuleConfig:2
olcAttributeTypes: {0}( SUSE.YaST.ModuleConfig.Attr:2 NAME 'suseDefaultBase'
DESC 'Base DN where new Objects should be created by default' EQUALITY dis
tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: {1}( SUSE.YaST.ModuleConfig.Attr:3 NAME 'suseNextUniqueId
' DESC 'Next unused unique ID, can be used to generate directory wide uniqe
IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.
1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {2}( SUSE.YaST.ModuleConfig.Attr:4 NAME 'suseMinUniqueId'
DESC 'lower Border for Unique IDs' EQUALITY integerMatch ORDERING integerO
rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {3}( SUSE.YaST.ModuleConfig.Attr:5 NAME 'suseMaxUniqueId'
DESC 'upper Border for Unique IDs' EQUALITY integerMatch ORDERING integerO
rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( SUSE.YaST.ModuleConfig.Attr:6 NAME 'suseDefaultTempl
ate' DESC 'The DN of a template that should be used by default' EQUALITY di
stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: {5}( SUSE.YaST.ModuleConfig.Attr:7 NAME 'suseSearchFilter
' DESC 'Search filter to localize Objects' SYNTAX 1.3.6.1.4.1.1466.115.121.
1.15 SINGLE-VALUE )
olcAttributeTypes: {6}( SUSE.YaST.ModuleConfig.Attr:11 NAME 'suseDefaultValu
e' DESC 'an Attribute-Value-Assertions to define defaults for specific Attr
ibutes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {7}( SUSE.YaST.ModuleConfig.Attr:12 NAME 'suseNamingAttri
bute' DESC 'AttributeType that should be used as the RDN' EQUALITY caseIgno
reIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {8}( SUSE.YaST.ModuleConfig.Attr:15 NAME 'suseSecondaryGr
oup' DESC 'seconday group DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.
1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {9}( SUSE.YaST.ModuleConfig.Attr:16 NAME 'suseMinPassword
Length' DESC 'minimum Password length for new users' EQUALITY integerMatch
ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V
ALUE )
olcAttributeTypes: {10}( SUSE.YaST.ModuleConfig.Attr:17 NAME 'suseMaxPasswor
dLength' DESC 'maximum Password length for new users' EQUALITY integerMatch
ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-
VALUE )
olcAttributeTypes: {11}( SUSE.YaST.ModuleConfig.Attr:18 NAME 'susePasswordHa
sh' DESC 'Hash method to use for new users' EQUALITY caseIgnoreIA5Match SYN
TAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {12}( SUSE.YaST.ModuleConfig.Attr:19 NAME 'suseSkelDir' D
ESC '' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {13}( SUSE.YaST.ModuleConfig.Attr:20 NAME 'susePlugin' DE
SC 'plugin to use upon user/ group creation' EQUALITY caseIgnoreMatch SYNTA
X 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {14}( SUSE.YaST.ModuleConfig.Attr:21 NAME 'suseMapAttribu
te' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {15}( SUSE.YaST.ModuleConfig.Attr:22 NAME 'suseImapServer
' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN
GLE-VALUE )
olcAttributeTypes: {16}( SUSE.YaST.ModuleConfig.Attr:23 NAME 'suseImapAdmin'
DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING
LE-VALUE )
olcAttributeTypes: {17}( SUSE.YaST.ModuleConfig.Attr:24 NAME 'suseImapDefaul
tQuota' DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
olcAttributeTypes: {18}( SUSE.YaST.ModuleConfig.Attr:25 NAME 'suseImapUseSsl
' DESC '' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-
VALUE )
olcObjectClasses: {0}( SUSE.YaST.ModuleConfig.OC:2 NAME 'suseModuleConfigura
tion' DESC 'Contains configuration of Management Modules' SUP top STRUCTURA
L MUST cn MAY suseDefaultBase )
olcObjectClasses: {1}( SUSE.YaST.ModuleConfig.OC:3 NAME 'suseUserConfigurati
on' DESC 'Configuration of user management tools' SUP suseModuleConfigurati
on STRUCTURAL MAY ( suseMinPasswordLength $ suseMaxPasswordLength $ susePas
swordHash $ suseSkelDir $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqu
eId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute ) )
olcObjectClasses: {2}( SUSE.YaST.ModuleConfig.OC:4 NAME 'suseObjectTemplate'
DESC 'Base Class for Object-Templates' SUP top STRUCTURAL MUST cn MAY ( su
sePlugin $ suseDefaultValue $ suseNamingAttribute ) )
olcObjectClasses: {3}( SUSE.YaST.ModuleConfig.OC:5 NAME 'suseUserTemplate' D
ESC 'User object template' SUP suseObjectTemplate STRUCTURAL MUST cn MAY su
seSecondaryGroup )
olcObjectClasses: {4}( SUSE.YaST.ModuleConfig.OC:6 NAME 'suseGroupTemplate'
DESC 'Group object template' SUP suseObjectTemplate STRUCTURAL MUST cn )
olcObjectClasses: {5}( SUSE.YaST.ModuleConfig.OC:7 NAME 'suseGroupConfigurat
ion' DESC 'Configuration of user management tools' SUP suseModuleConfigurat
ion STRUCTURAL MAY ( suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $
suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute ) )
olcObjectClasses: {6}( SUSE.YaST.ModuleConfig.OC:8 NAME 'suseCaConfiguration
' DESC 'Configuration of CA management tools' SUP suseModuleConfiguration S
TRUCTURAL )
olcObjectClasses: {7}( SUSE.YaST.ModuleConfig.OC:9 NAME 'suseDnsConfiguratio
n' DESC 'Configuration of mail server management tools' SUP suseModuleConfi
guration STRUCTURAL )
olcObjectClasses: {8}( SUSE.YaST.ModuleConfig.OC:10 NAME 'suseDhcpConfigurat
ion' DESC 'Configuration of DHCP server management tools' SUP suseModuleCon
figuration STRUCTURAL )
olcObjectClasses: {9}( SUSE.YaST.ModuleConfig.OC:11 NAME 'suseMailConfigurat
ion' DESC 'Configuration of IMAP user management tools' SUP suseModuleConfi
guration STRUCTURAL MUST ( suseImapServer $ suseImapAdmin $ suseImapDefault
Quota $ suseImapUseSsl ) )