forked from pool/openldap2
Accepting request 361364 from network:ldap
- Move ldap.conf into libldap-data package, per convention. - Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package). - Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461) - Remove redundant -n openldap2- package name prefix. - sanitize release line in specfile - move systemd requires to server package - use configure macro also for building the 2.3.37 version admin24 fix TLSDHParamFile to be correct (ITS#7684) - FATE#315028 remove memory limit for slapd - fix check-build.sh for kernel > 3.0 - Disabled testsuite for now. Causes problems in the buildserivce - Install the correct schema2ldif script (bnc#665530) avoids build-compare failures and unhelpful rebuilds/republishes - Fix listener URIs in init script to make SLP registration work again (bnc#620389) * Fixed slapd modrdn handling of invalid values (bnc#612430, - New subpackage openldap2-back-sql. Contains the SQL backend - Delete Operations happening during the "Refresh" phase of OBS-URL: https://build.opensuse.org/request/show/361364 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openldap2?expand=0&rev=117
This commit is contained in:
commit
e4be85f6ae
130
0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch
Normal file
130
0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch
Normal file
@ -0,0 +1,130 @@
|
|||||||
|
From b026c9236e6b11c158e69572a28eb0efb174234b Mon Sep 17 00:00:00 2001
|
||||||
|
From: HouzuoGuo <guohouzuo@gmail.com>
|
||||||
|
Date: Wed, 17 Feb 2016 16:10:05 +0100
|
||||||
|
Subject: [PATCH] Fix incorrect calculation of consecutive number of characters
|
||||||
|
in a class, when the input is shorter than 6 chars or consecutive chars
|
||||||
|
appear at the beginning of input
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/check_password.c b/check_password.c
|
||||||
|
index 0d9f901..acf8eda 100644
|
||||||
|
--- a/check_password.c
|
||||||
|
+++ b/check_password.c
|
||||||
|
@@ -355,18 +355,7 @@ check_password (char *pPasswd, char **ppErrStr, Entry *pEntry)
|
||||||
|
int min_quality = DEFAULT_QUALITY;
|
||||||
|
int use_cracklib = DEFAULT_CRACKLIB;
|
||||||
|
|
||||||
|
- /** bail out early as cracklib will reject passwords shorter
|
||||||
|
- * than 6 characters
|
||||||
|
- */
|
||||||
|
-
|
||||||
|
nLen = strlen (pPasswd);
|
||||||
|
- if ( nLen < 6) {
|
||||||
|
- mem_len = realloc_error_message(&szErrStr, mem_len,
|
||||||
|
- strlen(PASSWORD_TOO_SHORT_SZ) +
|
||||||
|
- strlen(pEntry->e_name.bv_val) + 1);
|
||||||
|
- sprintf (szErrStr, PASSWORD_TOO_SHORT_SZ, pEntry->e_name.bv_val, nLen);
|
||||||
|
- goto fail;
|
||||||
|
- }
|
||||||
|
|
||||||
|
if (read_config_file() == -1) {
|
||||||
|
syslog(LOG_ERR, "Warning: Could not read values from config file %s. Using defaults.", CONFIG_FILE);
|
||||||
|
@@ -392,46 +381,38 @@ check_password (char *pPasswd, char **ppErrStr, Entry *pEntry)
|
||||||
|
*/
|
||||||
|
|
||||||
|
if ( max_consecutive_per_class != 0 ) {
|
||||||
|
- int consec_chars = 1;
|
||||||
|
- char type[10] = "unkown";
|
||||||
|
- char prev_type[10] = "unknown";
|
||||||
|
+ char prev_type = '\0';
|
||||||
|
+ char this_type = ' ';
|
||||||
|
+ i = 0;
|
||||||
|
+ int consec_chars = 0;
|
||||||
|
for ( i = 0; i < nLen; i++ ) {
|
||||||
|
-
|
||||||
|
if ( islower(pPasswd[i]) ) {
|
||||||
|
- strncpy(type,"lower",10);
|
||||||
|
+ this_type = 'l';
|
||||||
|
}
|
||||||
|
else if ( isupper(pPasswd[i]) ) {
|
||||||
|
- strncpy(type,"upper",10);
|
||||||
|
+ this_type = 'u';
|
||||||
|
}
|
||||||
|
else if ( isdigit(pPasswd[i]) ) {
|
||||||
|
- strncpy(type,"digit",10);
|
||||||
|
+ this_type = 'd';
|
||||||
|
}
|
||||||
|
else if ( ispunct(pPasswd[i]) ) {
|
||||||
|
- strncpy(type,"punct",10);
|
||||||
|
+ this_type = 'p';
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
- strncpy(type,"unknown",10);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if ( consec_chars > max_consecutive_per_class ) {
|
||||||
|
- mem_len = realloc_error_message(&szErrStr, mem_len,
|
||||||
|
- strlen(CONSEC_FAIL_SZ) +
|
||||||
|
- strlen(pEntry->e_name.bv_val));
|
||||||
|
- sprintf (szErrStr, CONSEC_FAIL_SZ, pEntry->e_name.bv_val);
|
||||||
|
- goto fail;
|
||||||
|
+ this_type = ' ';
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- if ( strncmp(type,prev_type,10) == 0 ) {
|
||||||
|
- consec_chars++;
|
||||||
|
+ if (this_type == prev_type) {
|
||||||
|
+ ++consec_chars;
|
||||||
|
+ } else if (i > 0) {
|
||||||
|
+ consec_chars = 0;
|
||||||
|
}
|
||||||
|
- else {
|
||||||
|
- if (strncmp("unknown",prev_type,8) != 0) {
|
||||||
|
- consec_chars = 1;
|
||||||
|
- }
|
||||||
|
- else {
|
||||||
|
- consec_chars++;
|
||||||
|
- }
|
||||||
|
- strncpy(prev_type,type,10);
|
||||||
|
+ prev_type = this_type;
|
||||||
|
+ if ( consec_chars >= max_consecutive_per_class ) {
|
||||||
|
+ mem_len = realloc_error_message(&szErrStr, mem_len,
|
||||||
|
+ strlen(CONSEC_FAIL_SZ) +
|
||||||
|
+ strlen(pEntry->e_name.bv_val));
|
||||||
|
+ sprintf (szErrStr, CONSEC_FAIL_SZ, pEntry->e_name.bv_val);
|
||||||
|
+ goto fail;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/check_password_test.c b/check_password_test.c
|
||||||
|
index 626d719..d33bd80 100644
|
||||||
|
--- a/check_password_test.c
|
||||||
|
+++ b/check_password_test.c
|
||||||
|
@@ -90,7 +90,6 @@ void setconf(
|
||||||
|
}
|
||||||
|
|
||||||
|
int main(void) {
|
||||||
|
-
|
||||||
|
// Empty Config, equiv to:
|
||||||
|
// 5,3,1,0,0,0,0
|
||||||
|
setconf(-1,-1,-1,-1,-1,-1,-1);
|
||||||
|
@@ -109,5 +108,16 @@ int main(void) {
|
||||||
|
testpass("Test 2.1", "Simp1e", 1);
|
||||||
|
testpass("Test 2.2", "SimPle", 1);
|
||||||
|
testpass("Test 2.1", "Simp1e!", 0);
|
||||||
|
+
|
||||||
|
+ setconf(1,0,0,0,0,0,0);
|
||||||
|
+ testpass("a", "Ab1,", 0);
|
||||||
|
+ testpass("a", "AAb1,", 1);
|
||||||
|
+ testpass("a", "Abb1,", 1);
|
||||||
|
+
|
||||||
|
+ setconf(3,0,0,0,0,0,0);
|
||||||
|
+ testpass("a", "AAAbbb111,,,", 0);
|
||||||
|
+ testpass("a", "AAAAbbb111,,,,", 1);
|
||||||
|
+ testpass("a", "AAAbbbb111,,,", 1);
|
||||||
|
+
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.7.1
|
||||||
|
|
@ -1,3 +1,31 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 25 11:06:12 UTC 2016 - hguo@suse.com
|
||||||
|
|
||||||
|
- Move ldap.conf into libldap-data package, per convention.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Feb 21 23:04:38 UTC 2016 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Move ldap.conf out of shlib package again, they are not allowed
|
||||||
|
there for obvious reasons (conflict with future package).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 18 14:45:30 UTC 2016 - hguo@suse.com
|
||||||
|
|
||||||
|
- Build password strength enforcer as an implementation of ppolicy
|
||||||
|
password checker, introducing:
|
||||||
|
ppolicy-check-password-1.2.tar.gz
|
||||||
|
ppolicy-check-password.Makefile
|
||||||
|
ppolicy-check-password.conf
|
||||||
|
ppolicy-check-password.5
|
||||||
|
0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch
|
||||||
|
(Implements fate#319461)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 18 12:18:13 UTC 2016 - lmuelle@suse.com
|
||||||
|
|
||||||
|
- Remove redundant -n openldap2- package name prefix.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Feb 8 14:40:32 UTC 2016 - hguo@suse.com
|
Mon Feb 8 14:40:32 UTC 2016 - hguo@suse.com
|
||||||
|
|
||||||
@ -22,7 +50,7 @@ Mon Feb 8 14:40:32 UTC 2016 - hguo@suse.com
|
|||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Feb 8 13:24:49 UTC 2016 - mpluskal@suse.com
|
Mon Feb 8 13:24:49 UTC 2016 - mpluskal@suse.com
|
||||||
|
|
||||||
- Use optflags when building
|
- Use optflags when building
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -155,7 +183,7 @@ Wed Sep 10 10:26:02 UTC 2014 - varkoly@suse.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Sep 3 01:49:12 CEST 2014 - ro@suse.de
|
Wed Sep 3 01:49:12 CEST 2014 - ro@suse.de
|
||||||
|
|
||||||
- sanitize release line in specfile
|
- sanitize release line in specfile
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jul 16 15:56:11 UTC 2014 - ckornacker@suse.com
|
Wed Jul 16 15:56:11 UTC 2014 - ckornacker@suse.com
|
||||||
@ -176,7 +204,7 @@ Tue May 13 15:20:40 UTC 2014 - coolo@suse.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 23 20:51:14 UTC 2014 - dmueller@suse.com
|
Wed Apr 23 20:51:14 UTC 2014 - dmueller@suse.com
|
||||||
|
|
||||||
- move systemd requires to server package
|
- move systemd requires to server package
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Feb 18 14:39:07 UTC 2014 - ckornacker@suse.com
|
Tue Feb 18 14:39:07 UTC 2014 - ckornacker@suse.com
|
||||||
@ -186,7 +214,7 @@ Tue Feb 18 14:39:07 UTC 2014 - ckornacker@suse.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Feb 16 18:55:40 CET 2014 - ro@suse.de
|
Sun Feb 16 18:55:40 CET 2014 - ro@suse.de
|
||||||
|
|
||||||
- use configure macro also for building the 2.3.37 version
|
- use configure macro also for building the 2.3.37 version
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Feb 12 11:24:08 UTC 2014 - varkoly@suse.com
|
Wed Feb 12 11:24:08 UTC 2014 - varkoly@suse.com
|
||||||
@ -211,13 +239,13 @@ Wed Feb 12 11:24:08 UTC 2014 - varkoly@suse.com
|
|||||||
* Build Environment
|
* Build Environment
|
||||||
Test suite: Use $(MAKE) for tests (ITS#7753)
|
Test suite: Use $(MAKE) for tests (ITS#7753)
|
||||||
* Documentation
|
* Documentation
|
||||||
admin24 fix TLSDHParamFile to be correct (ITS#7684)
|
admin24 fix TLSDHParamFile to be correct (ITS#7684)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Feb 11 08:49:43 UTC 2014 - varkoly@suse.com
|
Tue Feb 11 08:49:43 UTC 2014 - varkoly@suse.com
|
||||||
|
|
||||||
- Add systemd style service definition
|
- Add systemd style service definition
|
||||||
- FATE#315028 remove memory limit for slapd
|
- FATE#315028 remove memory limit for slapd
|
||||||
- FATE#315415: LDAP compat packages required for older SLES versions
|
- FATE#315415: LDAP compat packages required for older SLES versions
|
||||||
For this reson following patches were applied:
|
For this reson following patches were applied:
|
||||||
openldap-2.3.37-libldap-suid.diff
|
openldap-2.3.37-libldap-suid.diff
|
||||||
@ -363,7 +391,7 @@ Mon Mar 25 16:08:21 UTC 2013 - jengelh@inai.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Nov 17 12:06:23 CET 2012 - ro@suse.de
|
Sat Nov 17 12:06:23 CET 2012 - ro@suse.de
|
||||||
|
|
||||||
- fix check-build.sh for kernel > 3.0
|
- fix check-build.sh for kernel > 3.0
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Nov 16 09:52:42 UTC 2012 - rhafer@suse.com
|
Fri Nov 16 09:52:42 UTC 2012 - rhafer@suse.com
|
||||||
@ -449,7 +477,7 @@ Thu May 10 09:22:52 UTC 2012 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 23 07:08:13 UTC 2012 - rhafer@suse.de
|
Mon Apr 23 07:08:13 UTC 2012 - rhafer@suse.de
|
||||||
|
|
||||||
- Disabled testsuite for now. Causes problems in the buildserivce
|
- Disabled testsuite for now. Causes problems in the buildserivce
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Mar 6 12:23:35 UTC 2012 - rhafer@suse.de
|
Tue Mar 6 12:23:35 UTC 2012 - rhafer@suse.de
|
||||||
@ -664,7 +692,7 @@ Tue Feb 1 10:08:06 UTC 2011 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 19 15:05:27 UTC 2011 - rhafer@suse.de
|
Wed Jan 19 15:05:27 UTC 2011 - rhafer@suse.de
|
||||||
|
|
||||||
- Install the correct schema2ldif script (bnc#665530)
|
- Install the correct schema2ldif script (bnc#665530)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 5 15:48:27 UTC 2011 - rhafer@novell.com
|
Wed Jan 5 15:48:27 UTC 2011 - rhafer@novell.com
|
||||||
@ -696,7 +724,7 @@ Tue Oct 5 14:39:46 UTC 2010 - rhafer@novell.com
|
|||||||
Sun Oct 3 22:55:34 UTC 2010 - cristian.rodriguez@opensuse.org
|
Sun Oct 3 22:55:34 UTC 2010 - cristian.rodriguez@opensuse.org
|
||||||
|
|
||||||
- Do not include Build date and time in binaries, this
|
- Do not include Build date and time in binaries, this
|
||||||
avoids build-compare failures and unhelpful rebuilds/republishes
|
avoids build-compare failures and unhelpful rebuilds/republishes
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Sep 29 09:21:52 UTC 2010 - rhafer@novell.com
|
Wed Sep 29 09:21:52 UTC 2010 - rhafer@novell.com
|
||||||
@ -709,8 +737,8 @@ Wed Sep 29 09:21:52 UTC 2010 - rhafer@novell.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 26 14:04:06 UTC 2010 - rhafer@novell.com
|
Thu Aug 26 14:04:06 UTC 2010 - rhafer@novell.com
|
||||||
|
|
||||||
- Fix listener URIs in init script to make SLP registration work
|
- Fix listener URIs in init script to make SLP registration work
|
||||||
again (bnc#620389)
|
again (bnc#620389)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jul 23 07:49:40 UTC 2010 - rhafer@novell.com
|
Fri Jul 23 07:49:40 UTC 2010 - rhafer@novell.com
|
||||||
@ -726,7 +754,7 @@ Thu Jul 1 13:02:13 UTC 2010 - rhafer@novell.com
|
|||||||
* Fixed liblutil off-by-one with delta (ITS#6541)
|
* Fixed liblutil off-by-one with delta (ITS#6541)
|
||||||
* Fixed slapd acls with glued databases (ITS#6468)
|
* Fixed slapd acls with glued databases (ITS#6468)
|
||||||
* Fixed slapd syncrepl rid logging (ITS#6533)
|
* Fixed slapd syncrepl rid logging (ITS#6533)
|
||||||
* Fixed slapd modrdn handling of invalid values (bnc#612430,
|
* Fixed slapd modrdn handling of invalid values (bnc#612430,
|
||||||
ITS#6570)
|
ITS#6570)
|
||||||
* Fixed slapd-bdb hasSubordinates computation (ITS#6549)
|
* Fixed slapd-bdb hasSubordinates computation (ITS#6549)
|
||||||
* Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
|
* Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
|
||||||
@ -740,7 +768,7 @@ Thu Jul 1 13:02:13 UTC 2010 - rhafer@novell.com
|
|||||||
ITS#6555)
|
ITS#6555)
|
||||||
* Fixed slapo-valsort to use Debug (ITS#6566)
|
* Fixed slapo-valsort to use Debug (ITS#6566)
|
||||||
* Fixed contrib/nssov network.c missing patch (ITS#6562)
|
* Fixed contrib/nssov network.c missing patch (ITS#6562)
|
||||||
- New subpackage openldap2-back-sql. Contains the SQL backend
|
- New subpackage openldap2-back-sql. Contains the SQL backend
|
||||||
module plus some documentation (bnc#395719)
|
module plus some documentation (bnc#395719)
|
||||||
- generate Patches from git tree (resulted in all patches being
|
- generate Patches from git tree (resulted in all patches being
|
||||||
renamed)
|
renamed)
|
||||||
@ -756,14 +784,14 @@ Thu Jul 1 12:48:18 UTC 2010 - rhafer@novell.com
|
|||||||
|
|
||||||
- LDAP clients could crash the server by submitting a specially
|
- LDAP clients could crash the server by submitting a specially
|
||||||
crafted LDAP ModRDN operation. (bnc#612430, ITS#6570)
|
crafted LDAP ModRDN operation. (bnc#612430, ITS#6570)
|
||||||
- Delete Operations happening during the "Refresh" phase of
|
- Delete Operations happening during the "Refresh" phase of
|
||||||
"refreshAndPersist" replication failed to replicate under
|
"refreshAndPersist" replication failed to replicate under
|
||||||
certain circumstances (bnc#606294, ITS#6555)
|
certain circumstances (bnc#606294, ITS#6555)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com
|
Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com
|
||||||
|
|
||||||
- Create /var/run/slapd on demand. /var/run might be mounted on
|
- Create /var/run/slapd on demand. /var/run might be mounted on
|
||||||
tmpfs.
|
tmpfs.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -781,7 +809,7 @@ Wed Mar 17 13:06:12 UTC 2010 - rhafer@novell.com
|
|||||||
Tue Mar 16 10:01:39 UTC 2010 - rhafer@novell.com
|
Tue Mar 16 10:01:39 UTC 2010 - rhafer@novell.com
|
||||||
|
|
||||||
- Removed obsolete hunk from openldap2.dif
|
- Removed obsolete hunk from openldap2.dif
|
||||||
- Remove ldap.conf patch to use saner default for Certificate
|
- Remove ldap.conf patch to use saner default for Certificate
|
||||||
verification (bnc#575146)
|
verification (bnc#575146)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -817,7 +845,7 @@ Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com
|
|||||||
"demand" as documented even if other tls_ options are absent
|
"demand" as documented even if other tls_ options are absent
|
||||||
(bnc#558397, ITS#6319)
|
(bnc#558397, ITS#6319)
|
||||||
- apply changes to the global size and timelimits to all database
|
- apply changes to the global size and timelimits to all database
|
||||||
that don't specify limits themself. (bnc#562184, ITS#6428)
|
that don't specify limits themself. (bnc#562184, ITS#6428)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com
|
Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com
|
||||||
@ -842,7 +870,7 @@ Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com
|
|||||||
* Fixed slapo-syncprov checkpoint conversion (ITS#6370)
|
* Fixed slapo-syncprov checkpoint conversion (ITS#6370)
|
||||||
* Fixed slapo-syncprov deadlock (ITS#6335)
|
* Fixed slapo-syncprov deadlock (ITS#6335)
|
||||||
* Fixed slapo-syncprov out of order changes (ITS#6346)
|
* Fixed slapo-syncprov out of order changes (ITS#6346)
|
||||||
- Added switch to enable/disable testsuite (%run_test_suite)
|
- Added switch to enable/disable testsuite (%run_test_suite)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com
|
Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com
|
||||||
@ -852,8 +880,8 @@ Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Sep 28 13:59:18 UTC 2009 - rhafer@novell.com
|
Mon Sep 28 13:59:18 UTC 2009 - rhafer@novell.com
|
||||||
|
|
||||||
- Added schema2ldif tool to openldap2-client subpackage
|
- Added schema2ldif tool to openldap2-client subpackage
|
||||||
(bnc#541819)
|
(bnc#541819)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Sep 23 15:35:13 UTC 2009 - rhafer@novell.com
|
Wed Sep 23 15:35:13 UTC 2009 - rhafer@novell.com
|
||||||
@ -916,23 +944,23 @@ Tue Jul 14 14:02:11 CEST 2009 - rhafer@novell.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jun 29 14:24:56 CEST 2009 - rhafer@novell.com
|
Mon Jun 29 14:24:56 CEST 2009 - rhafer@novell.com
|
||||||
|
|
||||||
- Fixed Summary/Description for -client subpackage
|
- Fixed Summary/Description for -client subpackage
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jun 25 17:29:03 CEST 2009 - rhafer@novell.com
|
Thu Jun 25 17:29:03 CEST 2009 - rhafer@novell.com
|
||||||
|
|
||||||
- Improved connection check in init script (bnc#510295)
|
- Improved connection check in init script (bnc#510295)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jun 15 12:12:17 CEST 2009 - rhafer@novell.com
|
Mon Jun 15 12:12:17 CEST 2009 - rhafer@novell.com
|
||||||
|
|
||||||
- Fixed complilation with newer glibc (2.3.X release needs
|
- Fixed complilation with newer glibc (2.3.X release needs
|
||||||
GNU_SOURCE defined as well in getpeerid.c)
|
GNU_SOURCE defined as well in getpeerid.c)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 29 17:07:33 CEST 2009 - rhafer@novell.com
|
Wed Apr 29 17:07:33 CEST 2009 - rhafer@novell.com
|
||||||
|
|
||||||
- gcc 4.4 fixes
|
- gcc 4.4 fixes
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 6 15:41:05 CEST 2009 - rhafer@suse.de
|
Mon Apr 6 15:41:05 CEST 2009 - rhafer@suse.de
|
||||||
@ -958,7 +986,7 @@ Mon Apr 6 15:41:05 CEST 2009 - rhafer@suse.de
|
|||||||
* Fixed slapd-ldap/meta with invalid attrs again (ITS#5959)
|
* Fixed slapd-ldap/meta with invalid attrs again (ITS#5959)
|
||||||
* Fixed slapo-accesslog interaction with ppolicy (ITS#5979)
|
* Fixed slapo-accesslog interaction with ppolicy (ITS#5979)
|
||||||
* Fixed slapo-dynlist conversion to cn=config (ITS#6002)
|
* Fixed slapo-dynlist conversion to cn=config (ITS#6002)
|
||||||
* Fixed various slapo-syncprov issues (ITS#5972, ITS#6020,
|
* Fixed various slapo-syncprov issues (ITS#5972, ITS#6020,
|
||||||
ITS#5985, ITS#5999, ITS#5973, ITS#6045, ITS#6024, ITS#5988)
|
ITS#5985, ITS#5999, ITS#5973, ITS#6045, ITS#6024, ITS#5988)
|
||||||
- Fix building on older openSUSE releases
|
- Fix building on older openSUSE releases
|
||||||
|
|
||||||
@ -994,7 +1022,7 @@ Fri Mar 20 14:00:20 CET 2009 - rhafer@suse.de
|
|||||||
* Fixed slapd epoll handling (ITS#5886)
|
* Fixed slapd epoll handling (ITS#5886)
|
||||||
* Fixed slapd glue with MMR (ITS#5925)
|
* Fixed slapd glue with MMR (ITS#5925)
|
||||||
* Fixed slapd listener comparison (ITS#5613)
|
* Fixed slapd listener comparison (ITS#5613)
|
||||||
* Fixed various syncrepl issues (ITS#5809,ITS#5850, ITS#5843,
|
* Fixed various syncrepl issues (ITS#5809,ITS#5850, ITS#5843,
|
||||||
ITS#5866, ITS#5901, ITS#5881, ITS#5935, ITS#5710,
|
ITS#5866, ITS#5901, ITS#5881, ITS#5935, ITS#5710,
|
||||||
ITS#5781, ITS#5809, ITS#5798, ITS#5826)
|
ITS#5781, ITS#5809, ITS#5798, ITS#5826)
|
||||||
* Fixed slapd-bdb/hdb dncachesize handling (ITS#5860)
|
* Fixed slapd-bdb/hdb dncachesize handling (ITS#5860)
|
||||||
@ -1009,7 +1037,7 @@ Wed Jan 7 12:34:56 CET 2009 - olh@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Dec 12 14:45:07 CET 2008 - rhafer@suse.de
|
Fri Dec 12 14:45:07 CET 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- Fixed openldap2-devel dependencies (bnc#457989)
|
- Fixed openldap2-devel dependencies (bnc#457989)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Dec 9 11:11:38 CET 2008 - rhafer@suse.de
|
Tue Dec 9 11:11:38 CET 2008 - rhafer@suse.de
|
||||||
@ -1021,7 +1049,7 @@ Tue Dec 9 11:11:38 CET 2008 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Nov 28 14:08:16 CET 2008 - rhafer@suse.de
|
Fri Nov 28 14:08:16 CET 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- Disable the slapadd trickle-task it cause performance issues
|
- Disable the slapadd trickle-task it cause performance issues
|
||||||
when using libdb-4.5 (bnc#449641)
|
when using libdb-4.5 (bnc#449641)
|
||||||
- removed obsolete configure option (ldbm backend does not exist
|
- removed obsolete configure option (ldbm backend does not exist
|
||||||
in OpenLDAP 2.4)
|
in OpenLDAP 2.4)
|
||||||
@ -1044,8 +1072,8 @@ Tue Nov 4 14:10:24 CET 2008 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Oct 23 12:59:08 CEST 2008 - rhafer@suse.de
|
Thu Oct 23 12:59:08 CEST 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- the helper function to create various LDAP controls returned
|
- the helper function to create various LDAP controls returned
|
||||||
wrong error codes under certain circumstances
|
wrong error codes under certain circumstances
|
||||||
(bnc#429064, ITS#5762)
|
(bnc#429064, ITS#5762)
|
||||||
- Fixed referral chasing in chain-overlay (bnc#438088, ITS#5742)
|
- Fixed referral chasing in chain-overlay (bnc#438088, ITS#5742)
|
||||||
- Fixed back-config integration of overlays with private instances
|
- Fixed back-config integration of overlays with private instances
|
||||||
@ -1089,8 +1117,8 @@ Sun Oct 12 23:51:09 CEST 2008 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Oct 6 10:49:23 CEST 2008 - rhafer@suse.de
|
Mon Oct 6 10:49:23 CEST 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- remove some problematic test-cases, that cause a lot of
|
- remove some problematic test-cases, that cause a lot of
|
||||||
unreproducable buildfailures
|
unreproducable buildfailures
|
||||||
- check for exisitence of /etc/openldap/slapd.conf in init-script
|
- check for exisitence of /etc/openldap/slapd.conf in init-script
|
||||||
assume back-config usage if it isn't present (bnc#428168)
|
assume back-config usage if it isn't present (bnc#428168)
|
||||||
|
|
||||||
@ -1124,14 +1152,14 @@ Fri Sep 12 10:09:28 CEST 2008 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Sep 9 17:22:18 CEST 2008 - rhafer@suse.de
|
Tue Sep 9 17:22:18 CEST 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- Removed getaddrinfo workaround. Recent glibc doesn't need it
|
- Removed getaddrinfo workaround. Recent glibc doesn't need it
|
||||||
anymore (bnc#288879, ITS#5251)
|
anymore (bnc#288879, ITS#5251)
|
||||||
- Server requires libldap of the same version.
|
- Server requires libldap of the same version.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Sep 8 16:07:47 CEST 2008 - rhafer@suse.de
|
Mon Sep 8 16:07:47 CEST 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- Import back-config support for deleting databases from CVS HEAD
|
- Import back-config support for deleting databases from CVS HEAD
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Sep 2 09:18:05 CEST 2008 - rhafer@suse.de
|
Tue Sep 2 09:18:05 CEST 2008 - rhafer@suse.de
|
||||||
@ -1141,9 +1169,9 @@ Tue Sep 2 09:18:05 CEST 2008 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 28 11:46:08 CEST 2008 - rhafer@suse.de
|
Thu Aug 28 11:46:08 CEST 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- added ldapns.schema , to allow to use pam_ldap's "check_host_attr"
|
- added ldapns.schema , to allow to use pam_ldap's "check_host_attr"
|
||||||
and "check_service_attr" features (bnc#419984)
|
and "check_service_attr" features (bnc#419984)
|
||||||
- backport overlay_register_control fix from HEAD (bnc#420016,
|
- backport overlay_register_control fix from HEAD (bnc#420016,
|
||||||
ITS#5649)
|
ITS#5649)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1160,14 +1188,14 @@ Mon Aug 18 11:00:13 CEST 2008 - rhafer@suse.de
|
|||||||
Wed Aug 13 17:25:25 CEST 2008 - ro@suse.de
|
Wed Aug 13 17:25:25 CEST 2008 - ro@suse.de
|
||||||
|
|
||||||
- try to fix build for buildservice
|
- try to fix build for buildservice
|
||||||
(BUILD_INCARNATION can be empty)
|
(BUILD_INCARNATION can be empty)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Aug 11 11:06:08 CEST 2008 - rhafer@suse.de
|
Mon Aug 11 11:06:08 CEST 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- /usr/lib/sasl2/slapd.conf was moved to /etc/sasl2/slapd.conf
|
- /usr/lib/sasl2/slapd.conf was moved to /etc/sasl2/slapd.conf
|
||||||
(bnc#412652)
|
(bnc#412652)
|
||||||
- adjust ownerships of database directories even when using
|
- adjust ownerships of database directories even when using
|
||||||
back-config
|
back-config
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1226,13 +1254,13 @@ Tue Jun 24 11:08:00 CEST 2008 - rhafer@suse.de
|
|||||||
Wed Jun 11 13:03:29 CEST 2008 - rhafer@suse.de
|
Wed Jun 11 13:03:29 CEST 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- Update to Version 2.4.10. Most important changes:
|
- Update to Version 2.4.10. Most important changes:
|
||||||
* Fixed libldap ld_defconn cleanup if it was freed (ITS#5518,
|
* Fixed libldap ld_defconn cleanup if it was freed (ITS#5518,
|
||||||
ITS#5525)
|
ITS#5525)
|
||||||
* Fixed libldap msgid handling (ITS#5318)
|
* Fixed libldap msgid handling (ITS#5318)
|
||||||
* Fixed libldap t61 infinite loop (ITS#5542)
|
* Fixed libldap t61 infinite loop (ITS#5542)
|
||||||
* Fixed libldap_r missing stubs (ITS#5519)
|
* Fixed libldap_r missing stubs (ITS#5519)
|
||||||
* Fixed slapd initialization of sr_msgid, rs->sr_tag (ITS#5461)
|
* Fixed slapd initialization of sr_msgid, rs->sr_tag (ITS#5461)
|
||||||
* Fixed slapd missing termination of integerFilter keys
|
* Fixed slapd missing termination of integerFilter keys
|
||||||
(ITS#5503)
|
(ITS#5503)
|
||||||
* Fixed slapd multiple attrs in URI (ITS#5516)
|
* Fixed slapd multiple attrs in URI (ITS#5516)
|
||||||
* Fixed slapd sasl_ssf retrieval (ITS#5403)
|
* Fixed slapd sasl_ssf retrieval (ITS#5403)
|
||||||
@ -1256,7 +1284,7 @@ Wed Jun 11 13:03:29 CEST 2008 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri May 16 13:24:11 CEST 2008 - rhafer@suse.de
|
Fri May 16 13:24:11 CEST 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- Support update from 2.3 releases (bnc#390247)
|
- Support update from 2.3 releases (bnc#390247)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu May 8 08:55:00 CEST 2008 - rhafer@suse.de
|
Thu May 8 08:55:00 CEST 2008 - rhafer@suse.de
|
||||||
@ -1287,8 +1315,8 @@ Thu May 8 08:55:00 CEST 2008 - rhafer@suse.de
|
|||||||
* Fixed slapd-meta crash on search (ITS#5481)
|
* Fixed slapd-meta crash on search (ITS#5481)
|
||||||
* Various syncrepl fixes (ITS#5407, ITS#5413, ITS#5426, ITS#5430,
|
* Various syncrepl fixes (ITS#5407, ITS#5413, ITS#5426, ITS#5430,
|
||||||
ITS#5432, ITS#5454, ITS#5397, ITS#5470)
|
ITS#5432, ITS#5454, ITS#5397, ITS#5470)
|
||||||
* Various slapo-syncprov fixes (ITS#5401, ITS#5405, ITS#5418,
|
* Various slapo-syncprov fixes (ITS#5401, ITS#5405, ITS#5418,
|
||||||
ITS#5486, ITS#5433, ITS#5434, ITS#5437, ITS#5444, ITS#5445,
|
ITS#5486, ITS#5433, ITS#5434, ITS#5437, ITS#5444, ITS#5445,
|
||||||
ITS#5484, ITS#5451)
|
ITS#5484, ITS#5451)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1316,7 +1344,7 @@ Thu Apr 3 14:26:12 CEST 2008 - rhafer@suse.de
|
|||||||
Mon Mar 3 08:50:18 CET 2008 - rhafer@suse.de
|
Mon Mar 3 08:50:18 CET 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- revert last change and make libldap_r available again as some
|
- revert last change and make libldap_r available again as some
|
||||||
packages seem to directly rely on libldap_r. Assume they know
|
packages seem to directly rely on libldap_r. Assume they know
|
||||||
of the libldap_r's limitations.
|
of the libldap_r's limitations.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1324,7 +1352,7 @@ Wed Feb 27 11:21:39 CET 2008 - rhafer@suse.de
|
|||||||
|
|
||||||
- Moved libldap_r from -client subpackage to the main server
|
- Moved libldap_r from -client subpackage to the main server
|
||||||
package as it is only meant to be used by slapd.
|
package as it is only meant to be used by slapd.
|
||||||
- Removed static libldap_r.a library and libldap_r.so link from
|
- Removed static libldap_r.a library and libldap_r.so link from
|
||||||
-devel subpackage. External programs should only use the "normal"
|
-devel subpackage. External programs should only use the "normal"
|
||||||
libldap library.
|
libldap library.
|
||||||
|
|
||||||
@ -1343,7 +1371,7 @@ Wed Feb 20 09:49:30 CET 2008 - rhafer@suse.de
|
|||||||
* Fixed slapd modrdn check for valid new DN (ITS#5344)
|
* Fixed slapd modrdn check for valid new DN (ITS#5344)
|
||||||
* Fixed slapd multi-step SASL binds (ITS#5298)
|
* Fixed slapd multi-step SASL binds (ITS#5298)
|
||||||
* Fixed slapd overlay ordering when moving to slapd.d (ITS#5284)
|
* Fixed slapd overlay ordering when moving to slapd.d (ITS#5284)
|
||||||
* Fixed slapd NULL printf (ITS#5264)
|
* Fixed slapd NULL printf (ITS#5264)
|
||||||
* Fixed slapd NULL set values (ITS#5286)
|
* Fixed slapd NULL set values (ITS#5286)
|
||||||
* Fixed slapd timestamp race condition (ITS#5370)
|
* Fixed slapd timestamp race condition (ITS#5370)
|
||||||
* Fixed slapd cn=config crash on delete (ITS#5343)
|
* Fixed slapd cn=config crash on delete (ITS#5343)
|
||||||
@ -1367,12 +1395,12 @@ Wed Feb 20 09:49:30 CET 2008 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jan 10 15:06:12 CET 2008 - rhafer@suse.de
|
Thu Jan 10 15:06:12 CET 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- Removed bogus debugging output from slapd_getaddrinfo_dupl.dif
|
- Removed bogus debugging output from slapd_getaddrinfo_dupl.dif
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 9 13:29:33 CET 2008 - rhafer@suse.de
|
Wed Jan 9 13:29:33 CET 2008 - rhafer@suse.de
|
||||||
|
|
||||||
- Fixed allocation for paged results cookie (Bug #352255, ITS#5315)
|
- Fixed allocation for paged results cookie (Bug #352255, ITS#5315)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Dec 14 13:53:33 CET 2007 - rhafer@suse.de
|
Fri Dec 14 13:53:33 CET 2007 - rhafer@suse.de
|
||||||
@ -1555,7 +1583,7 @@ Tue Mar 20 17:08:37 CET 2007 - rguenther@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Mar 15 14:29:22 CET 2007 - rhafer@suse.de
|
Thu Mar 15 14:29:22 CET 2007 - rhafer@suse.de
|
||||||
|
|
||||||
- added Service definitions for SuSEfirewall2 (Bug #251654)
|
- added Service definitions for SuSEfirewall2 (Bug #251654)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 22 16:50:18 CET 2007 - rhafer@suse.de
|
Thu Feb 22 16:50:18 CET 2007 - rhafer@suse.de
|
||||||
@ -1567,12 +1595,12 @@ Thu Feb 22 16:50:18 CET 2007 - rhafer@suse.de
|
|||||||
* Fixed slapd libltdl link ordering (ITS#4830)
|
* Fixed slapd libltdl link ordering (ITS#4830)
|
||||||
* Fixed slapd syncrepl memory leaks (ITS#4805)
|
* Fixed slapd syncrepl memory leaks (ITS#4805)
|
||||||
* Fixed slapd dynacl/ACI compatibility with 2.1
|
* Fixed slapd dynacl/ACI compatibility with 2.1
|
||||||
* Fixed slapd-bdb/hdb be_entry_get with aliases/referrals
|
* Fixed slapd-bdb/hdb be_entry_get with aliases/referrals
|
||||||
(ITS#4810)
|
(ITS#4810)
|
||||||
* Fixed slapd-ldap more response handling bugs (ITS#4782)
|
* Fixed slapd-ldap more response handling bugs (ITS#4782)
|
||||||
* Fixed slapd-ldap C-API code tests (ITS#4808)
|
* Fixed slapd-ldap C-API code tests (ITS#4808)
|
||||||
* Fixed slapd-monitor NULL printf (ITS#4811)
|
* Fixed slapd-monitor NULL printf (ITS#4811)
|
||||||
* Fixed slapo-chain spurious additional info in response
|
* Fixed slapo-chain spurious additional info in response
|
||||||
(ITS#4828)
|
(ITS#4828)
|
||||||
* Fixed slapo-syncprov presence list (ITS#4813)
|
* Fixed slapo-syncprov presence list (ITS#4813)
|
||||||
* Fixed slapo-syncprov contextCSN checkpoint again (ITS#4720)
|
* Fixed slapo-syncprov contextCSN checkpoint again (ITS#4720)
|
||||||
@ -1584,15 +1612,15 @@ Fri Jan 26 14:26:51 CET 2007 - rhafer@suse.de
|
|||||||
|
|
||||||
- Updated to Version 2.3.33. Most important changes:
|
- Updated to Version 2.3.33. Most important changes:
|
||||||
* Fixed slapd-ldap chase-referrals switch (ITS#4557)
|
* Fixed slapd-ldap chase-referrals switch (ITS#4557)
|
||||||
* Fixed slapd-ldap bind behavior when idassert is always used
|
* Fixed slapd-ldap bind behavior when idassert is always used
|
||||||
(ITS#4781)
|
(ITS#4781)
|
||||||
* Fixed slapd-ldap response handling bugs (ITS#4782)
|
* Fixed slapd-ldap response handling bugs (ITS#4782)
|
||||||
* Fixed slapd-ldap idassert mode=self anonymous ops (ITS#4798)
|
* Fixed slapd-ldap idassert mode=self anonymous ops (ITS#4798)
|
||||||
* Fixed slapd-ldap/meta privileged connections handling
|
* Fixed slapd-ldap/meta privileged connections handling
|
||||||
(ITS#4791)
|
(ITS#4791)
|
||||||
* Fixed slapd-meta retrying (ITS#4594, 4762)
|
* Fixed slapd-meta retrying (ITS#4594, 4762)
|
||||||
* Fixed slapo-chain referral DN use (ITS#4776)
|
* Fixed slapo-chain referral DN use (ITS#4776)
|
||||||
* Fixed slapo-dynlist dangling pointer after entry free
|
* Fixed slapo-dynlist dangling pointer after entry free
|
||||||
(ITS#4801)
|
(ITS#4801)
|
||||||
* Fixed libldap ldap_pvt_put_filter syntax checks (ITS#4648)
|
* Fixed libldap ldap_pvt_put_filter syntax checks (ITS#4648)
|
||||||
|
|
||||||
@ -1606,7 +1634,7 @@ Fri Jan 12 11:04:22 CET 2007 - rhafer@suse.de
|
|||||||
* Fixed slapd connections_shutdown assert
|
* Fixed slapd connections_shutdown assert
|
||||||
* Fixed slapd add redundant duplicate value check (ITS#4600)
|
* Fixed slapd add redundant duplicate value check (ITS#4600)
|
||||||
* Fixed slapd ACL set memleak (ITS#4780)
|
* Fixed slapd ACL set memleak (ITS#4780)
|
||||||
* Fixed slapd syncrepl shutdown hang (ITS#4790)
|
* Fixed slapd syncrepl shutdown hang (ITS#4790)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Nov 17 10:25:44 CET 2006 - rhafer@suse.de
|
Fri Nov 17 10:25:44 CET 2006 - rhafer@suse.de
|
||||||
@ -1614,33 +1642,33 @@ Fri Nov 17 10:25:44 CET 2006 - rhafer@suse.de
|
|||||||
- Fix for a flaw in libldap's strval2strlen() function when processing the
|
- Fix for a flaw in libldap's strval2strlen() function when processing the
|
||||||
authcid string of certain Bind Requests, which could allow attackers to
|
authcid string of certain Bind Requests, which could allow attackers to
|
||||||
cause an affected application to crash (especially the OpenLDAP Server),
|
cause an affected application to crash (especially the OpenLDAP Server),
|
||||||
creating a denial of service condition (Bug#221154,ITS#4740)
|
creating a denial of service condition (Bug#221154,ITS#4740)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 14 16:18:34 CET 2006 - rhafer@suse.de
|
Tue Nov 14 16:18:34 CET 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Additional back-perl fixes from CVS. The first revision of the
|
- Additional back-perl fixes from CVS. The first revision of the
|
||||||
patch did not fix the problem completely (Bug#207618, ITS#4751)
|
patch did not fix the problem completely (Bug#207618, ITS#4751)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Oct 27 16:46:43 CEST 2006 - rhafer@suse.de
|
Fri Oct 27 16:46:43 CEST 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- cyrus-sasl configuration moved from %{_libdir}/sasl2 to
|
- cyrus-sasl configuration moved from %{_libdir}/sasl2 to
|
||||||
/etc/sasl2/ (Bug: #206414)
|
/etc/sasl2/ (Bug: #206414)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Oct 4 15:56:11 CEST 2006 - rhafer@suse.de
|
Wed Oct 4 15:56:11 CEST 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Add $network to Should-Start/Should-Stop in init scripts
|
- Add $network to Should-Start/Should-Stop in init scripts
|
||||||
(Bug: #206823)
|
(Bug: #206823)
|
||||||
- Imported latest back-perl changes from CVS, to fix back-perl
|
- Imported latest back-perl changes from CVS, to fix back-perl
|
||||||
initialization (Bug: #207618)
|
initialization (Bug: #207618)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Aug 22 16:27:25 CEST 2006 - rhafer@suse.de
|
Tue Aug 22 16:27:25 CEST 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Updated to Version 2.3.27
|
- Updated to Version 2.3.27
|
||||||
* Fixed libldap dnssrv bug with "not present" positive statement
|
* Fixed libldap dnssrv bug with "not present" positive statement
|
||||||
(ITS#4610)
|
(ITS#4610)
|
||||||
* Fixed libldap dangling pointer issue (ITS#4405)
|
* Fixed libldap dangling pointer issue (ITS#4405)
|
||||||
* Fixed slapd incorrect rebuilding of replica URI (ITS#4633)
|
* Fixed slapd incorrect rebuilding of replica URI (ITS#4633)
|
||||||
@ -1671,7 +1699,7 @@ Wed Aug 2 11:08:23 CEST 2006 - rhafer@suse.de
|
|||||||
Mon Jun 26 16:36:16 CEST 2006 - rhafer@suse.de
|
Mon Jun 26 16:36:16 CEST 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Updated to Version 2.3.24
|
- Updated to Version 2.3.24
|
||||||
* Fixed slapd syncrepl timestamp bug (delta-sync/cascade)
|
* Fixed slapd syncrepl timestamp bug (delta-sync/cascade)
|
||||||
(ITS#4567)
|
(ITS#4567)
|
||||||
* Fixed slapd-bdb/hdb non-root users adding suffix/root entries
|
* Fixed slapd-bdb/hdb non-root users adding suffix/root entries
|
||||||
(ITS#4552)
|
(ITS#4552)
|
||||||
@ -1691,7 +1719,7 @@ Thu Jun 22 14:46:58 CEST 2006 - schwab@suse.de
|
|||||||
Wed May 24 09:52:03 CEST 2006 - rhafer@suse.de
|
Wed May 24 09:52:03 CEST 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Updated to Version 2.3.23
|
- Updated to Version 2.3.23
|
||||||
* obsoletes the patches: libldap_ads-sasl-gssapi.dif,
|
* obsoletes the patches: libldap_ads-sasl-gssapi.dif,
|
||||||
slapd-epollerr.dif
|
slapd-epollerr.dif
|
||||||
* Fixed slapd-ldap improper free bug (ITS#4550)
|
* Fixed slapd-ldap improper free bug (ITS#4550)
|
||||||
* Fixed libldap referral input destroy issue (ITS#4533)
|
* Fixed libldap referral input destroy issue (ITS#4533)
|
||||||
@ -1709,15 +1737,15 @@ Wed May 24 09:52:03 CEST 2006 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 10 10:20:16 CEST 2006 - rhafer@suse.de
|
Wed May 10 10:20:16 CEST 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Really apply the patch for Bug#160566
|
- Really apply the patch for Bug#160566
|
||||||
- slapd could crash while processing queries with pre-/postread
|
- slapd could crash while processing queries with pre-/postread
|
||||||
controls (Bug#173877, ITS#4532)
|
controls (Bug#173877, ITS#4532)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Mar 24 13:48:52 CET 2006 - rhafer@suse.de
|
Fri Mar 24 13:48:52 CET 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Backported fix from CVS for occasional crashes in referral
|
- Backported fix from CVS for occasional crashes in referral
|
||||||
chasing code (as used in e.g. back-meta/back-ldap).
|
chasing code (as used in e.g. back-meta/back-ldap).
|
||||||
(Bug: #160566, ITS: #4448)
|
(Bug: #160566, ITS: #4448)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1729,7 +1757,7 @@ Mon Mar 13 16:23:32 CET 2006 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 17 12:58:13 CET 2006 - rhafer@suse.de
|
Fri Feb 17 12:58:13 CET 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Add "external" to the list of supported SASL mechanisms
|
- Add "external" to the list of supported SASL mechanisms
|
||||||
(Bug: #151771)
|
(Bug: #151771)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1741,7 +1769,7 @@ Thu Feb 16 11:45:20 CET 2006 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Feb 13 14:45:43 CET 2006 - rhafer@suse.de
|
Mon Feb 13 14:45:43 CET 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Don't ignore non-read/write epoll events (Bug: #149993,
|
- Don't ignore non-read/write epoll events (Bug: #149993,
|
||||||
ITS: #4395)
|
ITS: #4395)
|
||||||
- Added update message to /usr/share/update-messages/en/ and enable
|
- Added update message to /usr/share/update-messages/en/ and enable
|
||||||
it, when update did not succeed.
|
it, when update did not succeed.
|
||||||
@ -1763,7 +1791,7 @@ Fri Feb 3 11:32:27 CET 2006 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 27 09:15:33 CET 2006 - rhafer@suse.de
|
Fri Jan 27 09:15:33 CET 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Updated to 2.3.19 (Bug #144371)
|
- Updated to 2.3.19 (Bug #144371)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 27 02:16:56 CET 2006 - mls@suse.de
|
Fri Jan 27 02:16:56 CET 2006 - mls@suse.de
|
||||||
@ -1773,8 +1801,8 @@ Fri Jan 27 02:16:56 CET 2006 - mls@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 25 18:17:51 CET 2006 - rhafer@suse.de
|
Wed Jan 25 18:17:51 CET 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Updated Admin Guide to latest version
|
- Updated Admin Guide to latest version
|
||||||
- build slapcat from openldap-2.2.24 and install it to
|
- build slapcat from openldap-2.2.24 and install it to
|
||||||
/usr/sbin/openldap-2.2-slapcat to be able to migrate from
|
/usr/sbin/openldap-2.2-slapcat to be able to migrate from
|
||||||
OpenLDAP 2.2.
|
OpenLDAP 2.2.
|
||||||
- removed slapd-backbdb-dbupgrade which is no longer needed
|
- removed slapd-backbdb-dbupgrade which is no longer needed
|
||||||
@ -1799,24 +1827,24 @@ Wed Jan 11 10:13:52 CET 2006 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 9 11:48:10 CET 2006 - rhafer@suse.de
|
Mon Jan 9 11:48:10 CET 2006 - rhafer@suse.de
|
||||||
|
|
||||||
- Updated to 2.3.16
|
- Updated to 2.3.16
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Dec 19 13:55:35 CET 2005 - rhafer@suse.de
|
Mon Dec 19 13:55:35 CET 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- Fixed filelist (slapd-hdb man-page was missing)
|
- Fixed filelist (slapd-hdb man-page was missing)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Dec 9 10:04:28 CET 2005 - rhafer@suse.de
|
Fri Dec 9 10:04:28 CET 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- Fixed build on x86_64
|
- Fixed build on x86_64
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Dec 7 10:48:57 CET 2005 - rhafer@suse.de
|
Wed Dec 7 10:48:57 CET 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- Merged -back-ldap and -back-monitor subpackages into the main
|
- Merged -back-ldap and -back-monitor subpackages into the main
|
||||||
package and don't build them as dynamic modules anymore.
|
package and don't build them as dynamic modules anymore.
|
||||||
- updated to OpenLDAP 2.3.13
|
- updated to OpenLDAP 2.3.13
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Nov 28 16:56:21 CET 2005 - rhafer@suse.de
|
Mon Nov 28 16:56:21 CET 2005 - rhafer@suse.de
|
||||||
@ -1837,7 +1865,7 @@ Mon Sep 26 09:51:11 CEST 2005 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Sep 23 14:41:14 CEST 2005 - rhafer@suse.de
|
Fri Sep 23 14:41:14 CEST 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- updated to OpenLDAP 2.3.7
|
- updated to OpenLDAP 2.3.7
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Aug 16 14:08:49 CEST 2005 - rhafer@suse.de
|
Tue Aug 16 14:08:49 CEST 2005 - rhafer@suse.de
|
||||||
@ -1847,13 +1875,13 @@ Tue Aug 16 14:08:49 CEST 2005 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 4 11:42:08 CEST 2005 - rhafer@suse.de
|
Mon Jul 4 11:42:08 CEST 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- devel-subpackage requires openldap2-client of the same version
|
- devel-subpackage requires openldap2-client of the same version
|
||||||
(Bugzilla: #93579)
|
(Bugzilla: #93579)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jun 30 17:55:22 CEST 2005 - uli@suse.de
|
Thu Jun 30 17:55:22 CEST 2005 - uli@suse.de
|
||||||
|
|
||||||
- build with -fPIE (not -fpie) to avoid GOT overflow on s390*
|
- build with -fPIE (not -fpie) to avoid GOT overflow on s390*
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jun 22 16:26:42 CEST 2005 - rhafer@suse.de
|
Wed Jun 22 16:26:42 CEST 2005 - rhafer@suse.de
|
||||||
@ -1863,12 +1891,12 @@ Wed Jun 22 16:26:42 CEST 2005 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jun 15 16:43:25 CEST 2005 - rhafer@suse.de
|
Wed Jun 15 16:43:25 CEST 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- updated to 2.2.27
|
- updated to 2.2.27
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 25 13:58:57 CEST 2005 - rhafer@suse.de
|
Wed May 25 13:58:57 CEST 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of
|
- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of
|
||||||
gethostbyname in libldap. Should fix host lookups through
|
gethostbyname in libldap. Should fix host lookups through
|
||||||
nss_ldap (Bugzilla: #76173)
|
nss_ldap (Bugzilla: #76173)
|
||||||
|
|
||||||
@ -1881,21 +1909,21 @@ Fri May 13 12:27:05 CEST 2005 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 28 09:42:30 CEST 2005 - rhafer@suse.de
|
Thu Apr 28 09:42:30 CEST 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about
|
- Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about
|
||||||
unconfigured OTP mechanism (Bugzilla: #80588)
|
unconfigured OTP mechanism (Bugzilla: #80588)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Apr 12 15:02:24 CEST 2005 - rhafer@suse.de
|
Tue Apr 12 15:02:24 CEST 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- added minimal timeout to startproc in init-script to let it
|
- added minimal timeout to startproc in init-script to let it
|
||||||
report the "failed" status correctly in case of misconfiguration
|
report the "failed" status correctly in case of misconfiguration
|
||||||
(Bugzilla: #76393)
|
(Bugzilla: #76393)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 4 16:41:32 CEST 2005 - rhafer@suse.de
|
Mon Apr 4 16:41:32 CEST 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- crl-check.dif: Implements CRL checking on client and server side
|
- crl-check.dif: Implements CRL checking on client and server side
|
||||||
- use different base ports for differnt values of BUILD_INCARNATION
|
- use different base ports for differnt values of BUILD_INCARNATION
|
||||||
(/.buildenv) to allow parallel runs of the test-suite on a single
|
(/.buildenv) to allow parallel runs of the test-suite on a single
|
||||||
machine
|
machine
|
||||||
|
|
||||||
@ -1919,7 +1947,7 @@ Tue Mar 29 14:21:50 CEST 2005 - rhafer@suse.de
|
|||||||
Wed Mar 2 13:44:23 CET 2005 - rhafer@suse.de
|
Wed Mar 2 13:44:23 CET 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928)
|
- syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928)
|
||||||
- libldap-reinit-fdset.dif: Re-init fd_sets when select is
|
- libldap-reinit-fdset.dif: Re-init fd_sets when select is
|
||||||
interupted (Bugzilla #50076, ITS: #3524)
|
interupted (Bugzilla #50076, ITS: #3524)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1931,7 +1959,7 @@ Thu Feb 17 14:28:02 CET 2005 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Feb 1 14:30:13 CET 2005 - rhafer@suse.de
|
Tue Feb 1 14:30:13 CET 2005 - rhafer@suse.de
|
||||||
|
|
||||||
- Cleanup back-bdb databases in %post, db-4.3 changed the
|
- Cleanup back-bdb databases in %post, db-4.3 changed the
|
||||||
transaction log format again.
|
transaction log format again.
|
||||||
- cosmetic fixes in init script
|
- cosmetic fixes in init script
|
||||||
|
|
||||||
@ -1969,7 +1997,7 @@ Fri Sep 24 17:55:10 CEST 2004 - ro@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Sep 24 13:59:40 CEST 2004 - rhafer@suse.de
|
Fri Sep 24 13:59:40 CEST 2004 - rhafer@suse.de
|
||||||
|
|
||||||
- Added pre_checkin.sh to generate a separate openldap2-client
|
- Added pre_checkin.sh to generate a separate openldap2-client
|
||||||
spec-file from which the openldap2-client and openldap2-devel
|
spec-file from which the openldap2-client and openldap2-devel
|
||||||
subpackages are built. Should reduce build time for libldap as
|
subpackages are built. Should reduce build time for libldap as
|
||||||
the test-suite is only executed in openldap2.spec.
|
the test-suite is only executed in openldap2.spec.
|
||||||
@ -1990,15 +2018,15 @@ Mon Aug 9 23:43:18 CEST 2004 - dobey@suse.de
|
|||||||
Tue Aug 3 14:48:25 CEST 2004 - rhafer@suse.de
|
Tue Aug 3 14:48:25 CEST 2004 - rhafer@suse.de
|
||||||
|
|
||||||
- updated to 2.2.16
|
- updated to 2.2.16
|
||||||
- Updated ACLs in slapd_conf.dif to disable default read access
|
- Updated ACLs in slapd_conf.dif to disable default read access
|
||||||
to the "userPKCS12" Attribute
|
to the "userPKCS12" Attribute
|
||||||
- rc-check-conn.diff: When starting slapd wait until is accepts
|
- rc-check-conn.diff: When starting slapd wait until is accepts
|
||||||
connections, or 10 seconds at maximum (Bugzilla #41354)
|
connections, or 10 seconds at maximum (Bugzilla #41354)
|
||||||
- Backported -o slp={on|off} feature from OpenLDAP Head and added
|
- Backported -o slp={on|off} feature from OpenLDAP Head and added
|
||||||
new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able
|
new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able
|
||||||
to switch SLP registration on and off. (Bugzilla #39865)
|
to switch SLP registration on and off. (Bugzilla #39865)
|
||||||
- removed unneeded README.update
|
- removed unneeded README.update
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Apr 30 16:46:50 CEST 2004 - rhafer@suse.de
|
Fri Apr 30 16:46:50 CEST 2004 - rhafer@suse.de
|
||||||
|
|
||||||
@ -2017,22 +2045,22 @@ Thu Apr 29 15:13:31 CEST 2004 - coolo@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 19 12:13:41 CEST 2004 - rhafer@suse.de
|
Mon Apr 19 12:13:41 CEST 2004 - rhafer@suse.de
|
||||||
|
|
||||||
- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and
|
- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and
|
||||||
args-file (Bugzilla #38790)
|
args-file (Bugzilla #38790)
|
||||||
- ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059,
|
- ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059,
|
||||||
Bugzilla #38915)
|
Bugzilla #38915)
|
||||||
- modify_check_duplicates.dif: check for duplicate attribute
|
- modify_check_duplicates.dif: check for duplicate attribute
|
||||||
values in modify requests (ITS #3066/#3097, Bugzilla #38607)
|
values in modify requests (ITS #3066/#3097, Bugzilla #38607)
|
||||||
- updated and renamed yast2userconfig.schema to yast.schema as it
|
- updated and renamed yast2userconfig.schema to yast.schema as it
|
||||||
contains more that only user configuration now
|
contains more that only user configuration now
|
||||||
- syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056)
|
- syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056)
|
||||||
- test_syncrepl_timeout: increased sleep timeout in syncrepl
|
- test_syncrepl_timeout: increased sleep timeout in syncrepl
|
||||||
testsuite
|
testsuite
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 1 15:05:15 CEST 2004 - rhafer@suse.de
|
Thu Apr 1 15:05:15 CEST 2004 - rhafer@suse.de
|
||||||
|
|
||||||
- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make
|
- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make
|
||||||
START_TLS work without access to the CA Certificate.
|
START_TLS work without access to the CA Certificate.
|
||||||
(Bugzilla: #37393)
|
(Bugzilla: #37393)
|
||||||
|
|
||||||
@ -2065,7 +2093,7 @@ Tue Mar 16 16:15:49 CET 2004 - schwab@suse.de
|
|||||||
Tue Mar 2 19:50:18 CET 2004 - rhafer@suse.de
|
Tue Mar 2 19:50:18 CET 2004 - rhafer@suse.de
|
||||||
|
|
||||||
- updated to 2.2.6
|
- updated to 2.2.6
|
||||||
- build a openldap-2.1-slapcat from 2.1.25 sources to be able to
|
- build a openldap-2.1-slapcat from 2.1.25 sources to be able to
|
||||||
migrate from SLES8 and SL 9.0
|
migrate from SLES8 and SL 9.0
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -2076,8 +2104,8 @@ Thu Feb 19 17:25:12 CET 2004 - ro@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 5 17:38:52 CET 2004 - rhafer@suse.de
|
Thu Feb 5 17:38:52 CET 2004 - rhafer@suse.de
|
||||||
|
|
||||||
- updated to 2.2.5
|
- updated to 2.2.5
|
||||||
- adjusted rfc2307bis.schema to support UTF-8 values in most
|
- adjusted rfc2307bis.schema to support UTF-8 values in most
|
||||||
attributes
|
attributes
|
||||||
- enabled proxycache-overlay (wiht fix to work with back-ldbm)
|
- enabled proxycache-overlay (wiht fix to work with back-ldbm)
|
||||||
|
|
||||||
@ -2102,7 +2130,7 @@ Mon Dec 8 16:46:03 CET 2003 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 11 15:20:05 CET 2003 - rhafer@suse.de
|
Tue Nov 11 15:20:05 CET 2003 - rhafer@suse.de
|
||||||
|
|
||||||
- enabled SLP-support
|
- enabled SLP-support
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Oct 17 22:14:24 CEST 2003 - kukuk@suse.de
|
Fri Oct 17 22:14:24 CEST 2003 - kukuk@suse.de
|
||||||
@ -2150,23 +2178,23 @@ Tue Jul 1 15:42:03 CEST 2003 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jun 16 16:29:03 CEST 2003 - rhafer@suse.de
|
Mon Jun 16 16:29:03 CEST 2003 - rhafer@suse.de
|
||||||
|
|
||||||
- updated to 2.1.21
|
- updated to 2.1.21
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jun 11 17:08:11 CEST 2003 - ro@suse.de
|
Wed Jun 11 17:08:11 CEST 2003 - ro@suse.de
|
||||||
|
|
||||||
- fixed requires lines
|
- fixed requires lines
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon May 26 16:00:43 CEST 2003 - rhafer@suse.de
|
Mon May 26 16:00:43 CEST 2003 - rhafer@suse.de
|
||||||
|
|
||||||
- don't link back-ldap against librewrite.a, it's already linked
|
- don't link back-ldap against librewrite.a, it's already linked
|
||||||
into slapd (package should build on non-i386 Archs again)
|
into slapd (package should build on non-i386 Archs again)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri May 23 14:35:49 CEST 2003 - rhafer@suse.de
|
Fri May 23 14:35:49 CEST 2003 - rhafer@suse.de
|
||||||
|
|
||||||
- fixed dynamic build of back-ldap
|
- fixed dynamic build of back-ldap
|
||||||
- new subpackage back-ldap
|
- new subpackage back-ldap
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -2185,12 +2213,12 @@ Fri May 9 14:23:45 CEST 2003 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 16 00:34:31 CEST 2003 - ro@suse.de
|
Wed Apr 16 00:34:31 CEST 2003 - ro@suse.de
|
||||||
|
|
||||||
- fixed requires for devel-package ...
|
- fixed requires for devel-package ...
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Apr 15 10:18:11 CEST 2003 - ro@suse.de
|
Tue Apr 15 10:18:11 CEST 2003 - ro@suse.de
|
||||||
|
|
||||||
- fixed neededforbuild
|
- fixed neededforbuild
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 13 12:13:23 CET 2003 - kukuk@suse.de
|
Thu Feb 13 12:13:23 CET 2003 - kukuk@suse.de
|
||||||
@ -2200,17 +2228,17 @@ Thu Feb 13 12:13:23 CET 2003 - kukuk@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Feb 11 19:02:14 CET 2003 - rhafer@suse.de
|
Tue Feb 11 19:02:14 CET 2003 - rhafer@suse.de
|
||||||
|
|
||||||
- added /etc/openldap to filelist
|
- added /etc/openldap to filelist
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Feb 3 16:42:47 CET 2003 - rhafer@suse.de
|
Mon Feb 3 16:42:47 CET 2003 - rhafer@suse.de
|
||||||
|
|
||||||
- switch default backend to ldbm
|
- switch default backend to ldbm
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Feb 2 23:58:34 CET 2003 - ro@suse.de
|
Sun Feb 2 23:58:34 CET 2003 - ro@suse.de
|
||||||
|
|
||||||
- fixed requires for devel package (cyrus-sasl2-devel)
|
- fixed requires for devel package (cyrus-sasl2-devel)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 31 08:58:39 CET 2003 - rhafer@suse.de
|
Fri Jan 31 08:58:39 CET 2003 - rhafer@suse.de
|
||||||
@ -2246,7 +2274,7 @@ Fri Sep 6 11:11:07 CEST 2002 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Sep 2 18:02:03 CEST 2002 - rhafer@suse.de
|
Mon Sep 2 18:02:03 CEST 2002 - rhafer@suse.de
|
||||||
|
|
||||||
- removed damoenstart_ipv6.diff and disabled IPv6 support due to
|
- removed damoenstart_ipv6.diff and disabled IPv6 support due to
|
||||||
massive problems with nss_ldap
|
massive problems with nss_ldap
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -2269,7 +2297,7 @@ Fri Aug 23 13:54:15 CEST 2002 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 15 15:56:09 CEST 2002 - rhafer@suse.de
|
Thu Aug 15 15:56:09 CEST 2002 - rhafer@suse.de
|
||||||
|
|
||||||
- removed termcap and readline from neededforbuild
|
- removed termcap and readline from neededforbuild
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 8 11:21:36 CEST 2002 - rhafer@suse.de
|
Thu Aug 8 11:21:36 CEST 2002 - rhafer@suse.de
|
||||||
@ -2290,12 +2318,12 @@ Fri Jul 19 11:28:28 CEST 2002 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jul 5 13:26:17 CEST 2002 - kukuk@suse.de
|
Fri Jul 5 13:26:17 CEST 2002 - kukuk@suse.de
|
||||||
|
|
||||||
- fix openldap2-devel requires
|
- fix openldap2-devel requires
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 4 10:29:03 CEST 2002 - rhafer@suse.de
|
Thu Jul 4 10:29:03 CEST 2002 - rhafer@suse.de
|
||||||
|
|
||||||
- switched back from cyrus-sasl2 to cyrus-sasl
|
- switched back from cyrus-sasl2 to cyrus-sasl
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jul 3 13:30:23 CEST 2002 - rhafer@suse.de
|
Wed Jul 3 13:30:23 CEST 2002 - rhafer@suse.de
|
||||||
@ -2318,19 +2346,19 @@ Wed Jun 5 18:25:51 CEST 2002 - rhafer@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Mar 7 16:27:15 CET 2002 - rhafer@suse.de
|
Thu Mar 7 16:27:15 CET 2002 - rhafer@suse.de
|
||||||
|
|
||||||
- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel
|
- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel
|
||||||
to the "Requires" Section of the -devel subpackage)
|
to the "Requires" Section of the -devel subpackage)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Feb 18 13:06:10 CET 2002 - rhafer@suse.de
|
Mon Feb 18 13:06:10 CET 2002 - rhafer@suse.de
|
||||||
|
|
||||||
- updated to the latest STABLE release (2.0.23) which fixes some
|
- updated to the latest STABLE release (2.0.23) which fixes some
|
||||||
nasty bugs see ITS #1562,#1582,#1577,#1578
|
nasty bugs see ITS #1562,#1582,#1577,#1578
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 7 14:13:25 CET 2002 - rhafer@suse.de
|
Thu Feb 7 14:13:25 CET 2002 - rhafer@suse.de
|
||||||
|
|
||||||
- updated to the latest release (which fixes a index corruption
|
- updated to the latest release (which fixes a index corruption
|
||||||
bug)
|
bug)
|
||||||
- cleanup in neededforbuild
|
- cleanup in neededforbuild
|
||||||
- small fixes for the init-scripts
|
- small fixes for the init-scripts
|
||||||
@ -2348,17 +2376,17 @@ Wed Jan 16 18:36:12 CET 2002 - egmont@suselinux.hu
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jan 15 15:31:09 CET 2002 - rhafer@suse.de
|
Tue Jan 15 15:31:09 CET 2002 - rhafer@suse.de
|
||||||
|
|
||||||
- updated to v2.0.20 (which fixes a security hole in ACL
|
- updated to v2.0.20 (which fixes a security hole in ACL
|
||||||
processing)
|
processing)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 11 15:54:51 CET 2002 - rhafer@suse.de
|
Fri Jan 11 15:54:51 CET 2002 - rhafer@suse.de
|
||||||
|
|
||||||
- converted archive to bzip2
|
- converted archive to bzip2
|
||||||
- makes use of %{_libdir} now
|
- makes use of %{_libdir} now
|
||||||
- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise
|
- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise
|
||||||
the test suite fails on these archs
|
the test suite fails on these archs
|
||||||
- changed slapd.conf to store the database under /var/lib/ldap
|
- changed slapd.conf to store the database under /var/lib/ldap
|
||||||
(this patch was missing in the last versions by accident)
|
(this patch was missing in the last versions by accident)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -2419,7 +2447,7 @@ Mon Jul 2 10:52:22 CEST 2001 - choeger@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jun 19 16:18:54 CEST 2001 - ro@suse.de
|
Tue Jun 19 16:18:54 CEST 2001 - ro@suse.de
|
||||||
|
|
||||||
- fixed for autoconf again
|
- fixed for autoconf again
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jun 15 10:23:24 CEST 2001 - choeger@suse.de
|
Fri Jun 15 10:23:24 CEST 2001 - choeger@suse.de
|
||||||
@ -2495,12 +2523,12 @@ Thu Dec 7 15:01:53 CET 2000 - choeger@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Dec 1 15:23:45 CET 2000 - ro@suse.de
|
Fri Dec 1 15:23:45 CET 2000 - ro@suse.de
|
||||||
|
|
||||||
- hacked configure for apparently broken pthread
|
- hacked configure for apparently broken pthread
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Dec 1 02:28:54 CET 2000 - ro@suse.de
|
Fri Dec 1 02:28:54 CET 2000 - ro@suse.de
|
||||||
|
|
||||||
- fixed spec
|
- fixed spec
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Nov 23 11:27:07 CET 2000 - choeger@suse.de
|
Thu Nov 23 11:27:07 CET 2000 - choeger@suse.de
|
||||||
|
148
openldap2.spec
148
openldap2.spec
@ -25,6 +25,10 @@
|
|||||||
%define _rundir /var/run/slapd
|
%define _rundir /var/run/slapd
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%define name_ppolicy_check_module ppolicy-check-password
|
||||||
|
%define version_ppolicy_check_module 1.2
|
||||||
|
%define ppolicy_docdir %{_docdir}/openldap-%{name_ppolicy_check_module}-%{version_ppolicy_check_module}
|
||||||
|
|
||||||
Name: openldap2
|
Name: openldap2
|
||||||
Summary: An open source implementation of the Lightweight Directory Access Protocol
|
Summary: An open source implementation of the Lightweight Directory Access Protocol
|
||||||
License: OLDAP-2.8
|
License: OLDAP-2.8
|
||||||
@ -59,6 +63,12 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
|
|||||||
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
|
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
|
||||||
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
|
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
|
||||||
Patch11: 0011-openldap-re24-its7796.patch
|
Patch11: 0011-openldap-re24-its7796.patch
|
||||||
|
Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz
|
||||||
|
Source201: %{name_ppolicy_check_module}.Makefile
|
||||||
|
Source202: %{name_ppolicy_check_module}.conf
|
||||||
|
Source203: %{name_ppolicy_check_module}.5
|
||||||
|
Patch200: 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRequires: cyrus-sasl-devel
|
BuildRequires: cyrus-sasl-devel
|
||||||
BuildRequires: db-devel
|
BuildRequires: db-devel
|
||||||
@ -86,75 +96,86 @@ Lightweight Directory Access Protocol v3 (LDAPv3).
|
|||||||
|
|
||||||
The server provides several database backends and overlays.
|
The server provides several database backends and overlays.
|
||||||
|
|
||||||
%package -n openldap2-back-perl
|
%package back-perl
|
||||||
Summary: OpenLDAP Perl Back-End
|
Summary: OpenLDAP Perl Back-End
|
||||||
Group: Productivity/Networking/LDAP/Servers
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
Requires: openldap2 = %{version_main}
|
Requires: openldap2 = %{version_main}
|
||||||
Requires: perl = %{perl_version}
|
Requires: perl = %{perl_version}
|
||||||
|
|
||||||
%description -n openldap2-back-perl
|
%description back-perl
|
||||||
The OpenLDAP Perl back-end allows you to execute Perl code specific to
|
The OpenLDAP Perl back-end allows you to execute Perl code specific to
|
||||||
different LDAP operations.
|
different LDAP operations.
|
||||||
|
|
||||||
%package -n openldap2-back-sock
|
%package back-sock
|
||||||
Summary: OpenLDAP Socket Back-End
|
Summary: OpenLDAP Socket Back-End
|
||||||
Group: Productivity/Networking/LDAP/Servers
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
Requires: openldap2 = %{version_main}
|
Requires: openldap2 = %{version_main}
|
||||||
Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz
|
Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz
|
||||||
|
|
||||||
%description -n openldap2-back-sock
|
%description back-sock
|
||||||
The OpenLDAP socket back-end allows you to handle LDAP requests and
|
The OpenLDAP socket back-end allows you to handle LDAP requests and
|
||||||
results with an external process listening on a Unix domain socket.
|
results with an external process listening on a Unix domain socket.
|
||||||
|
|
||||||
%package -n openldap2-back-meta
|
%package back-meta
|
||||||
Summary: OpenLDAP Meta Back-End
|
Summary: OpenLDAP Meta Back-End
|
||||||
Group: Productivity/Networking/LDAP/Servers
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
Requires: openldap2 = %{version_main}
|
Requires: openldap2 = %{version_main}
|
||||||
Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz
|
Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz
|
||||||
|
|
||||||
%description -n openldap2-back-meta
|
%description back-meta
|
||||||
The OpenLDAP Meta back-end is able to perform basic LDAP proxying with
|
The OpenLDAP Meta back-end is able to perform basic LDAP proxying with
|
||||||
respect to a set of remote LDAP servers. The information contained in
|
respect to a set of remote LDAP servers. The information contained in
|
||||||
these servers can be presented as belonging to a single Directory
|
these servers can be presented as belonging to a single Directory
|
||||||
Information Tree (DIT).
|
Information Tree (DIT).
|
||||||
|
|
||||||
%package -n openldap2-back-sql
|
%package back-sql
|
||||||
Summary: OpenLDAP SQL Back-End
|
Summary: OpenLDAP SQL Back-End
|
||||||
Group: Productivity/Networking/LDAP/Servers
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
Requires: openldap2 = %{version_main}
|
Requires: openldap2 = %{version_main}
|
||||||
|
|
||||||
%description -n openldap2-back-sql
|
%description back-sql
|
||||||
The primary purpose of this OpenLDAP backend is to present information
|
The primary purpose of this OpenLDAP backend is to present information
|
||||||
stored in a Relational (SQL) Database as an LDAP subtree without the need
|
stored in a Relational (SQL) Database as an LDAP subtree without the need
|
||||||
to do any programming.
|
to do any programming.
|
||||||
|
|
||||||
%package -n openldap2-contrib
|
%package -n libldap-data
|
||||||
|
Summary: Configuration file for system-wide defaults for all usages of libldap.
|
||||||
|
Group: Productivity/Networking/LDAP
|
||||||
|
%if 0%{?suse_version} != 1110
|
||||||
|
BuildArch: noarch
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%description -n libldap-data
|
||||||
|
The subpackage contains a configuration file used to set system-wide defaults
|
||||||
|
to be applied with all usages of libldap.
|
||||||
|
|
||||||
|
%package contrib
|
||||||
Summary: OpenLDAP Contrib Modules
|
Summary: OpenLDAP Contrib Modules
|
||||||
Group: Productivity/Networking/LDAP/Servers
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
Requires: openldap2 = %{version_main}
|
Requires: openldap2 = %{version_main}
|
||||||
|
|
||||||
%description -n openldap2-contrib
|
%description contrib
|
||||||
Various overlays found in contrib/:
|
Various overlays found in contrib/:
|
||||||
allop
|
allop
|
||||||
allowed Generates attributes indicating access rights
|
allowed Generates attributes indicating access rights
|
||||||
autogroup
|
autogroup
|
||||||
cloak
|
cloak
|
||||||
denyop
|
denyop
|
||||||
lastbind writes last bind timestamp to entry
|
lastbind writes last bind timestamp to entry
|
||||||
noopsrch handles no-op search control
|
noopsrch handles no-op search control
|
||||||
nops
|
nops
|
||||||
pw-sha2 generates/validates SHA-2 password hashes
|
pw-sha2 generates/validates SHA-2 password hashes
|
||||||
pw-pbkdf2 generates/validates PBKDF2 password hashes
|
pw-pbkdf2 generates/validates PBKDF2 password hashes
|
||||||
smbk5pwd generates Samba3 password hashes (heimdal krb disabled)
|
smbk5pwd generates Samba3 password hashes (heimdal krb disabled)
|
||||||
|
|
||||||
%package -n openldap2-doc
|
%package doc
|
||||||
Summary: OpenLDAP Documentation
|
Summary: OpenLDAP Documentation
|
||||||
Group: Documentation/Other
|
Group: Documentation/Other
|
||||||
Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README
|
Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README
|
||||||
%if 0%{?suse_version} > 1110
|
%if 0%{?suse_version} > 1110
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
%endif
|
%endif
|
||||||
%description -n openldap2-doc
|
%description doc
|
||||||
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts.
|
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts.
|
||||||
|
|
||||||
Authors:
|
Authors:
|
||||||
@ -162,15 +183,15 @@ Authors:
|
|||||||
The OpenLDAP Project <project@openldap.org>
|
The OpenLDAP Project <project@openldap.org>
|
||||||
|
|
||||||
|
|
||||||
%package -n openldap2-client
|
%package client
|
||||||
Summary: OpenLDAP client utilities
|
Summary: OpenLDAP client utilities
|
||||||
Group: Productivity/Networking/LDAP/Clients
|
Group: Productivity/Networking/LDAP/Clients
|
||||||
Requires: libldap-2_4-2 = %{version_main}
|
Requires: libldap-2_4-2 = %{version_main}
|
||||||
|
|
||||||
%description -n openldap2-client
|
%description client
|
||||||
OpenLDAP client utilities such as ldapadd, ldapsearch, ldapmodify.
|
OpenLDAP client utilities such as ldapadd, ldapsearch, ldapmodify.
|
||||||
|
|
||||||
%package -n openldap2-devel
|
%package devel
|
||||||
Summary: Libraries, Header Files and Documentation for OpenLDAP
|
Summary: Libraries, Header Files and Documentation for OpenLDAP
|
||||||
Group: Development/Libraries/C and C++
|
Group: Development/Libraries/C and C++
|
||||||
# bug437293
|
# bug437293
|
||||||
@ -182,29 +203,54 @@ Conflicts: openldap-devel
|
|||||||
Requires: libldap-2_4-2 = %{version_main}
|
Requires: libldap-2_4-2 = %{version_main}
|
||||||
Recommends: cyrus-sasl-devel
|
Recommends: cyrus-sasl-devel
|
||||||
|
|
||||||
%description -n openldap2-devel
|
%description devel
|
||||||
This package provides the OpenLDAP libraries, header files, and
|
This package provides the OpenLDAP libraries, header files, and
|
||||||
documentation.
|
documentation.
|
||||||
|
|
||||||
%package -n openldap2-devel-static
|
%package devel-static
|
||||||
Summary: Static libraries for the OpenLDAP libraries
|
Summary: Static libraries for the OpenLDAP libraries
|
||||||
Group: Development/Libraries/C and C++
|
Group: Development/Libraries/C and C++
|
||||||
Requires: cyrus-sasl-devel
|
Requires: cyrus-sasl-devel
|
||||||
Requires: libopenssl-devel
|
Requires: libopenssl-devel
|
||||||
Requires: openldap2-devel = %version
|
Requires: openldap2-devel = %version
|
||||||
|
|
||||||
%description -n openldap2-devel-static
|
%description devel-static
|
||||||
This package provides the static versions of the OpenLDAP libraries
|
This package provides the static versions of the OpenLDAP libraries
|
||||||
for development.
|
for development.
|
||||||
|
|
||||||
%package -n libldap-2_4-2
|
%package -n libldap-2_4-2
|
||||||
Summary: OpenLDAP Client Libraries
|
Summary: OpenLDAP Client Libraries
|
||||||
Group: Productivity/Networking/LDAP/Clients
|
Group: Productivity/Networking/LDAP/Clients
|
||||||
|
Recommends: libldap-data >= %{version_main}
|
||||||
|
|
||||||
%description -n libldap-2_4-2
|
%description -n libldap-2_4-2
|
||||||
This package contains the OpenLDAP client libraries.
|
This package contains the OpenLDAP client libraries.
|
||||||
|
|
||||||
|
%package ppolicy-check-password
|
||||||
|
Version: %{version_ppolicy_check_module}
|
||||||
|
Release: 0
|
||||||
|
Summary: Password quality check module for OpenLDAP
|
||||||
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
|
Url: https://github.com/onyxpoint/ppolicy-check-password
|
||||||
|
BuildRequires: cracklib-devel
|
||||||
|
Requires: openldap2 = %version_main
|
||||||
|
Recommends: cracklib cracklib-dict-full
|
||||||
|
|
||||||
|
%description ppolicy-check-password
|
||||||
|
An implementation of password quality check module, based on the original
|
||||||
|
work done by LDAP Toolbox Project (https://ltd-project.org), that works
|
||||||
|
together with OpenLDAP password policy overlay (ppolicy), to enforce
|
||||||
|
password strength policies.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
|
# Unpack ppolicy check module
|
||||||
|
%setup -b 200 -q -n %{name_ppolicy_check_module}-%{version_ppolicy_check_module}
|
||||||
|
%patch200 -p1
|
||||||
|
cd ..
|
||||||
|
# Compress the manual page of ppolicy check module
|
||||||
|
gzip -k %{S:203}
|
||||||
|
|
||||||
|
# Unpack and patch OpenLDAP 2.4
|
||||||
%setup -q -n openldap-%{version_main}
|
%setup -q -n openldap-%{version_main}
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
@ -216,6 +262,10 @@ This package contains the OpenLDAP client libraries.
|
|||||||
%patch11 -p1
|
%patch11 -p1
|
||||||
cp %{SOURCE5} .
|
cp %{SOURCE5} .
|
||||||
|
|
||||||
|
# Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/
|
||||||
|
mv ../%{name_ppolicy_check_module}-%{version_ppolicy_check_module} contrib/slapd-modules/%{name_ppolicy_check_module}
|
||||||
|
cp %{S:201} contrib/slapd-modules/%{name_ppolicy_check_module}/Makefile
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export CFLAGS="%{optflags} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
|
export CFLAGS="%{optflags} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
|
||||||
export STRIP=""
|
export STRIP=""
|
||||||
@ -264,6 +314,9 @@ done
|
|||||||
# slapo-smbk5pwd only for Samba password hashes
|
# slapo-smbk5pwd only for Samba password hashes
|
||||||
make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""
|
make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""
|
||||||
|
|
||||||
|
# Build ppolicy-check-password module
|
||||||
|
make -C contrib/slapd-modules/%{name_ppolicy_check_module} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
|
||||||
|
|
||||||
%check
|
%check
|
||||||
%if %run_test_suite
|
%if %run_test_suite
|
||||||
# calculate the base port to be use in the test-suite
|
# calculate the base port to be use in the test-suite
|
||||||
@ -315,6 +368,18 @@ chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so*
|
|||||||
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so*
|
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so*
|
||||||
install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif
|
install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif
|
||||||
|
|
||||||
|
# Install ppolicy check module
|
||||||
|
make -C contrib/slapd-modules/ppolicy-check-password STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libexecdir}" install
|
||||||
|
install -m 0644 %{S:202} %{buildroot}%{_sysconfdir}/openldap/check_password.conf
|
||||||
|
# Install ppolicy check module's doc files
|
||||||
|
pushd contrib/slapd-modules/%{name_ppolicy_check_module}
|
||||||
|
mkdir -p "%{buildroot}%ppolicy_docdir"
|
||||||
|
install -m 0644 README "%{buildroot}%ppolicy_docdir"
|
||||||
|
install -m 0644 LICENSE "%{buildroot}%ppolicy_docdir"
|
||||||
|
popd
|
||||||
|
# Install ppolicy check module's manual page
|
||||||
|
install -m 0644 %{S:203}.gz %{buildroot}%{_mandir}/man5/
|
||||||
|
|
||||||
mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates
|
mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates
|
||||||
install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap
|
install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap
|
||||||
install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
|
install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
|
||||||
@ -436,7 +501,8 @@ fi
|
|||||||
%{_libdir}/openldap/dynlist*
|
%{_libdir}/openldap/dynlist*
|
||||||
%{_libdir}/openldap/memberof*
|
%{_libdir}/openldap/memberof*
|
||||||
%{_libdir}/openldap/pcache*
|
%{_libdir}/openldap/pcache*
|
||||||
%{_libdir}/openldap/ppolicy*
|
%{_libdir}/openldap/ppolicy-2.4.*
|
||||||
|
%{_libdir}/openldap/ppolicy.*
|
||||||
%{_libdir}/openldap/refint*
|
%{_libdir}/openldap/refint*
|
||||||
%{_libdir}/openldap/retcode*
|
%{_libdir}/openldap/retcode*
|
||||||
%{_libdir}/openldap/rwm*
|
%{_libdir}/openldap/rwm*
|
||||||
@ -471,22 +537,22 @@ fi
|
|||||||
%doc %{DOCDIR}/CHANGES
|
%doc %{DOCDIR}/CHANGES
|
||||||
%doc %{DOCDIR}/slapd.ldif.default
|
%doc %{DOCDIR}/slapd.ldif.default
|
||||||
|
|
||||||
%files -n openldap2-back-perl
|
%files back-perl
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_libdir}/openldap/back_perl*
|
%{_libdir}/openldap/back_perl*
|
||||||
%doc %{_mandir}/man5/slapd-perl.*
|
%doc %{_mandir}/man5/slapd-perl.*
|
||||||
|
|
||||||
%files -n openldap2-back-sock
|
%files back-sock
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_libdir}/openldap/back_sock*
|
%{_libdir}/openldap/back_sock*
|
||||||
%doc %{_mandir}/man5/slapd-sock.*
|
%doc %{_mandir}/man5/slapd-sock.*
|
||||||
|
|
||||||
%files -n openldap2-back-meta
|
%files back-meta
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_libdir}/openldap/back_meta*
|
%{_libdir}/openldap/back_meta*
|
||||||
%doc %{_mandir}/man5/slapd-meta.*
|
%doc %{_mandir}/man5/slapd-meta.*
|
||||||
|
|
||||||
%files -n openldap2-back-sql
|
%files back-sql
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_libdir}/openldap/back_sql*
|
%{_libdir}/openldap/back_sql*
|
||||||
%doc %{_mandir}/man5/slapd-sql.*
|
%doc %{_mandir}/man5/slapd-sql.*
|
||||||
@ -494,14 +560,20 @@ fi
|
|||||||
%doc servers/slapd/back-sql/docs/bugs
|
%doc servers/slapd/back-sql/docs/bugs
|
||||||
%doc servers/slapd/back-sql/docs/install
|
%doc servers/slapd/back-sql/docs/install
|
||||||
|
|
||||||
%files -n openldap2-doc
|
%files -n libldap-data
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%config(noreplace) %{_sysconfdir}/openldap/ldap.conf
|
||||||
|
%doc %{_mandir}/man5/ldap.conf*
|
||||||
|
%{_sysconfdir}/openldap/ldap.conf.default
|
||||||
|
|
||||||
|
%files doc
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%dir %{DOCDIR}
|
%dir %{DOCDIR}
|
||||||
%doc %{DOCDIR}/drafts
|
%doc %{DOCDIR}/drafts
|
||||||
%doc %{DOCDIR}/adminguide
|
%doc %{DOCDIR}/adminguide
|
||||||
%doc %{DOCDIR}/images
|
%doc %{DOCDIR}/images
|
||||||
|
|
||||||
%files -n openldap2-contrib
|
%files contrib
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_libdir}/openldap/allowed.*
|
%{_libdir}/openldap/allowed.*
|
||||||
%{_libdir}/openldap/allop.*
|
%{_libdir}/openldap/allop.*
|
||||||
@ -515,7 +587,7 @@ fi
|
|||||||
%{_libdir}/openldap/cloak.*
|
%{_libdir}/openldap/cloak.*
|
||||||
%{_libdir}/openldap/smbk5pwd.*
|
%{_libdir}/openldap/smbk5pwd.*
|
||||||
|
|
||||||
%files -n openldap2-client
|
%files client
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%doc %{_mandir}/man1/ldap*
|
%doc %{_mandir}/man1/ldap*
|
||||||
%doc %{_mandir}/man5/ldif.*
|
%doc %{_mandir}/man5/ldif.*
|
||||||
@ -534,13 +606,10 @@ fi
|
|||||||
|
|
||||||
%files -n libldap-2_4-2
|
%files -n libldap-2_4-2
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%config(noreplace) %{_sysconfdir}/openldap/ldap.conf
|
|
||||||
%doc %{_mandir}/man5/ldap.conf*
|
|
||||||
%{_sysconfdir}/openldap/ldap.conf.default
|
|
||||||
%{_libdir}/liblber*2.4.so.*
|
%{_libdir}/liblber*2.4.so.*
|
||||||
%{_libdir}/libldap*2.4.so.*
|
%{_libdir}/libldap*2.4.so.*
|
||||||
|
|
||||||
%files -n openldap2-devel
|
%files devel
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%doc %{_mandir}/man3/ber*
|
%doc %{_mandir}/man3/ber*
|
||||||
%doc %{_mandir}/man3/lber*
|
%doc %{_mandir}/man3/lber*
|
||||||
@ -550,9 +619,16 @@ fi
|
|||||||
%{_libdir}/liblber.so
|
%{_libdir}/liblber.so
|
||||||
%{_libdir}/libldap*.so
|
%{_libdir}/libldap*.so
|
||||||
|
|
||||||
%files -n openldap2-devel-static
|
%files devel-static
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%_libdir/liblber.a
|
%_libdir/liblber.a
|
||||||
%_libdir/libldap*.a
|
%_libdir/libldap*.a
|
||||||
|
|
||||||
|
%files ppolicy-check-password
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%doc %{ppolicy_docdir}/
|
||||||
|
%config(noreplace) /etc/openldap/check_password.conf
|
||||||
|
%{_libdir}/openldap/ppolicy-check-password.*
|
||||||
|
%{_mandir}/man5/ppolicy-check-password.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
3
ppolicy-check-password-1.2.tar.gz
Normal file
3
ppolicy-check-password-1.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:840517adc7fa60cb45050ba203437e29458542d9d7f23e906520e0b2fca56fe9
|
||||||
|
size 10354
|
182
ppolicy-check-password.5
Normal file
182
ppolicy-check-password.5
Normal file
@ -0,0 +1,182 @@
|
|||||||
|
.\"/*
|
||||||
|
.\" * All rights reserved
|
||||||
|
.\" * Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
|
.\" * Authors: Howard Guo <hguo@suse.com>
|
||||||
|
.\" *
|
||||||
|
.\" * This program is free software; you can redistribute it and/or
|
||||||
|
.\" * modify it under the terms of the GNU General Public License
|
||||||
|
.\" * as published by the Free Software Foundation; either version 2
|
||||||
|
.\" * of the License, or (at your option) any later version.
|
||||||
|
.\" *
|
||||||
|
.\" * This program is distributed in the hope that it will be useful,
|
||||||
|
.\" * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
.\" * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
.\" * GNU General Public License for more details.
|
||||||
|
.\" */
|
||||||
|
.\"
|
||||||
|
.TH PPOLICY-CHECK-PASSWORD 5 "2016/02/18" "OpenLDAP password quality check"
|
||||||
|
.SH NAME
|
||||||
|
ppolicy\-check\-password \- Password quality checker for OpenLDAP ppolicy overlay
|
||||||
|
.SH SYNOPSIS
|
||||||
|
pwdCheckModule ppolicy-check-password.so
|
||||||
|
.SH DESCRIPTION
|
||||||
|
ppolicy\-check\-password is an implementation of password quality check module, it can be plugged into OpenLDAP
|
||||||
|
.BR slapo\-ppolicy (5)
|
||||||
|
overlay to enforce organisational password strength policies for password-change operations.
|
||||||
|
|
||||||
|
.SH PREREQUISITES
|
||||||
|
In order to use the module, you should enable and configure
|
||||||
|
.BR slapo\-ppolicy (5)
|
||||||
|
overlay on the OpenLDAP server. You may use the following example to enable ppolicy overlay:
|
||||||
|
.HP 4
|
||||||
|
Enable ppolicy overlay
|
||||||
|
|
||||||
|
To enable ppolicy overlay on the server using static configuration file
|
||||||
|
.BR slapd.conf (5)
|
||||||
|
, first enable ppolicy schema by adding line:
|
||||||
|
|
||||||
|
.br
|
||||||
|
include /etc/openldap/schema/ppolicy.schema
|
||||||
|
|
||||||
|
and then append the following lines to the database definition in which password policy should be enforced:
|
||||||
|
|
||||||
|
.br
|
||||||
|
overlay ppolicy
|
||||||
|
.br
|
||||||
|
ppolicy_default "cn=PolicyContainer,dc=my-domain,dc=com"
|
||||||
|
|
||||||
|
Save slapd.conf and (re)start OpenLDAP server.
|
||||||
|
|
||||||
|
If you use cn=config (online configuration) instead of static configuration file, add the schema /etc/openldap/schema/ppolicy.ldif to cn=schema,cn=config, then enable ppolicy overlay in olcDatabase.
|
||||||
|
.LP
|
||||||
|
|
||||||
|
.HP 4
|
||||||
|
Create ppolicy container entry
|
||||||
|
|
||||||
|
The ppolicy container entry stores attributes that describe the password policy in detail, create the entry with
|
||||||
|
|
||||||
|
.BR ldapadd (1)
|
||||||
|
:
|
||||||
|
|
||||||
|
.br
|
||||||
|
dn: cn=PolicyContainer,dc=my-domain,dc=com
|
||||||
|
.br
|
||||||
|
cn: PolicyContainer
|
||||||
|
.br
|
||||||
|
objectClass: pwdPolicy
|
||||||
|
.br
|
||||||
|
objectClass: person
|
||||||
|
.br
|
||||||
|
objectClass: top
|
||||||
|
.br
|
||||||
|
pwdAllowUserChange: TRUE
|
||||||
|
.br
|
||||||
|
pwdAttribute: userPassword
|
||||||
|
.br
|
||||||
|
pwdCheckQuality: 2
|
||||||
|
.br
|
||||||
|
pwdExpireWarning: 600
|
||||||
|
.br
|
||||||
|
pwdFailureCountInterval:
|
||||||
|
.br
|
||||||
|
pwdGraceAuthNLimit: 5
|
||||||
|
.br
|
||||||
|
pwdInHistory: 5
|
||||||
|
.br
|
||||||
|
pwdLockout: TRUE
|
||||||
|
.br
|
||||||
|
pwdLockoutDuration: 0
|
||||||
|
.br
|
||||||
|
pwdMaxAge: 0
|
||||||
|
.br
|
||||||
|
pwdMaxFailure:
|
||||||
|
.br
|
||||||
|
pwdMinAge: 0
|
||||||
|
.br
|
||||||
|
pwdMinLength: 5
|
||||||
|
.br
|
||||||
|
pwdMustChange: FALSE
|
||||||
|
.br
|
||||||
|
pwdSafeModify: FALSE
|
||||||
|
.br
|
||||||
|
sn: dummy value
|
||||||
|
.br
|
||||||
|
|
||||||
|
The password policy becomes effective immediately, there is no need to restart OpenLDAP server.
|
||||||
|
.LP
|
||||||
|
|
||||||
|
.HP 4
|
||||||
|
Enable ppolicy-check-password.so module
|
||||||
|
|
||||||
|
Modify the ppolicy container entry with
|
||||||
|
.BR ldapmodify (1)
|
||||||
|
:
|
||||||
|
|
||||||
|
.br
|
||||||
|
dn: cn=PolicyContainer,dc=my-domain,dc=com
|
||||||
|
.br
|
||||||
|
changeType: modify
|
||||||
|
.br
|
||||||
|
add: objectClass
|
||||||
|
.br
|
||||||
|
objectClass: pwdPolicyChecker
|
||||||
|
.br
|
||||||
|
\-
|
||||||
|
.br
|
||||||
|
add: pwdCheckModule
|
||||||
|
.br
|
||||||
|
pwdCheckModule: ppolicy-check-password.so
|
||||||
|
|
||||||
|
The password check module becomes effective immediately, there is no need to restart OpenLDAP server.
|
||||||
|
.LP
|
||||||
|
|
||||||
|
.SH CONFIGURATION
|
||||||
|
|
||||||
|
The password check module reads configuration parameters from
|
||||||
|
.B /etc/openldap/check_password.conf
|
||||||
|
|
||||||
|
Edits made to the configuration file become effective immediately, there is no need to restart OpenLDAP server.
|
||||||
|
|
||||||
|
List of parameters:
|
||||||
|
.TP
|
||||||
|
.BI use_cracklib \ 1|0
|
||||||
|
CrackLib is a library for checking that a password is not easily crackable, making sure that the password is not based on simple patterns or dictionary words. If the parameter is set to 1, cracklib will be involved and new passwords must pass cracklib quality check in addition to all other policies such as min_points
|
||||||
|
.TP
|
||||||
|
.BI min_points \ <integer>
|
||||||
|
The parameter holds an integer value in between 0 and 4. The value denotes "quality points" that a password must acquire in order to pass the check. Usage of each character class awards one quality point. If the parameeter is set to 0, the check is disabled.
|
||||||
|
|
||||||
|
The character classes are: upper case letters, lower case letters, numeric digits, punctuations.
|
||||||
|
.TP
|
||||||
|
.BI min_upper \ <integer>
|
||||||
|
The minimal number of upper case characters a password must contain. If the parameter is set to 0, the check is disabled.
|
||||||
|
.TP
|
||||||
|
.BI min_lower \ <integer>
|
||||||
|
The minimal number of lower case characters a password must contain. If the parameter is set to 0, the check is disabled.
|
||||||
|
.TP
|
||||||
|
.BI min_digit \ <integer>
|
||||||
|
The minimal number of numeric digit characters a password must contain. If the parameter is set to 0, the check is disabled.
|
||||||
|
.TP
|
||||||
|
.BI min_punct \ <integer>
|
||||||
|
The minimal number of punctuation characters a password must contain. If the parameter is set to 0, the check is disabled.
|
||||||
|
.TP
|
||||||
|
.BI max_consecutive_per_class \ <integer>
|
||||||
|
The maximum number of characters from each character class that may appear consecutively. If the parameter is set to 0, the check is disabled.
|
||||||
|
|
||||||
|
.SH USAGE
|
||||||
|
After the module is enabled, the OpenLDAP server will invoke the password checker module on every user password change, the new user password must pass all quality checks before it is accepted. If the new password does not pass quality checks, the detailed reason will be logged on the OpenLDAP server, and the client will receive a Constraint Violation and a generic error message "Password fails quality checking policy" \- the lack of details is by design.
|
||||||
|
|
||||||
|
If the password change is carried out by RootDN, password checker module will not enforce the quality checks, and any password is acceptable.
|
||||||
|
|
||||||
|
.SH FILES
|
||||||
|
.TP
|
||||||
|
/etc/openldap/check_password.conf
|
||||||
|
Define the password strength policy.
|
||||||
|
.SH SEE ALSO
|
||||||
|
.BR slapd.conf (5),
|
||||||
|
.BR slapd\-config (5),
|
||||||
|
.BR slapd (8),
|
||||||
|
.BR slapo\-ppolicy (5)
|
||||||
|
|
||||||
|
.SH ACKNOWLEDGEMENTS
|
||||||
|
.P
|
||||||
|
The module was originally authored by LTB-project (ltb\-project.org), and further maintained by Onyx Point (onyxpoint.com).
|
43
ppolicy-check-password.Makefile
Normal file
43
ppolicy-check-password.Makefile
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
LDAP_SRC = ../../..
|
||||||
|
LDAP_BUILD = $(LDAP_SRC)
|
||||||
|
LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
|
||||||
|
LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
|
||||||
|
$(LDAP_BUILD)/libraries/liblber/liblber.la
|
||||||
|
|
||||||
|
LIBTOOL = $(LDAP_BUILD)/libtool
|
||||||
|
CC = gcc
|
||||||
|
OPT = -g -O2 -Wall -fpic -DHAVE_CRACKLIB -DCRACKLIB_DICTPATH="\"/usr/share/cracklib/pw_dict\"" -DCONFIG_FILE="\"/etc/openldap/check_password.conf\"" -lcrack
|
||||||
|
INCS = $(LDAP_INC)
|
||||||
|
LIBS = $(LDAP_LIB)
|
||||||
|
|
||||||
|
PROGRAMS = ppolicy-check-password.la
|
||||||
|
LTVER = 0:0:0
|
||||||
|
|
||||||
|
prefix=/usr/local
|
||||||
|
exec_prefix=$(prefix)
|
||||||
|
ldap_subdir=/openldap
|
||||||
|
|
||||||
|
libdir=$(exec_prefix)/lib64
|
||||||
|
libexecdir=$(exec_prefix)/libexec
|
||||||
|
moduledir=$(libdir)$(ldap_subdir)
|
||||||
|
|
||||||
|
.SUFFIXES: .c .o .lo
|
||||||
|
|
||||||
|
.c.lo:
|
||||||
|
$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
|
||||||
|
|
||||||
|
all: $(PROGRAMS)
|
||||||
|
|
||||||
|
ppolicy-check-password.la: check_password.lo
|
||||||
|
$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
|
||||||
|
-rpath $(moduledir) -module -o $@ $? $(LIBS)
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -rf *.o *.lo *.la .libs
|
||||||
|
|
||||||
|
install: $(PROGRAMS)
|
||||||
|
mkdir -p $(DESTDIR)$(moduledir)
|
||||||
|
for p in $(PROGRAMS) ; do \
|
||||||
|
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
|
||||||
|
done
|
||||||
|
|
7
ppolicy-check-password.conf
Normal file
7
ppolicy-check-password.conf
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
use_cracklib 1
|
||||||
|
min_points 3
|
||||||
|
min_upper 0
|
||||||
|
min_lower 0
|
||||||
|
min_digit 0
|
||||||
|
min_punct 0
|
||||||
|
max_consecutive_per_class 5
|
Loading…
Reference in New Issue
Block a user