Accepting request 1190307 from home:jamborm:gcc14test-m
- Backported one hunk from upstream commit fb9e6a81bbee as openldap2-fb9e6a81bbee.patch to fix incompatible pointer type being passed to a function which is diagnosed as an error by GCC 14. If the request is OK, please forward it to Factory soon so that we can switch the default compiler. Thanks! OBS-URL: https://build.opensuse.org/request/show/1190307 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=323
This commit is contained in:
commit
17245dd92c
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
.osc
|
12
0003-LDAPI-socket-location.dif
Normal file
12
0003-LDAPI-socket-location.dif
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -ur openldap-2.6.2.orig/include/ldap_defaults.h openldap-2.6.2/include/ldap_defaults.h
|
||||||
|
--- openldap-2.6.2.orig/include/ldap_defaults.h 2022-05-04 16:55:23.000000000 +0200
|
||||||
|
+++ openldap-2.6.2/include/ldap_defaults.h 2022-05-23 12:55:05.059335200 +0200
|
||||||
|
@@ -40,7 +40,7 @@
|
||||||
|
|
||||||
|
/* default ldapi:// socket */
|
||||||
|
#ifndef LDAPI_SOCK
|
||||||
|
-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"
|
||||||
|
+#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "ldapi"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
101
0005-pie-compile.dif
Normal file
101
0005-pie-compile.dif
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
From 60edf86023da15db7be5935c85826e16d2b78648 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ralf Haferkamp <rhafer@suse.de>
|
||||||
|
Date: Fri, 12 Nov 2010 09:39:11 +0100
|
||||||
|
Subject: pie compile
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/build/top.mk b/build/top.mk
|
||||||
|
index 38ce146d7..d7fee4ec2 100644
|
||||||
|
--- a/build/top.mk
|
||||||
|
+++ b/build/top.mk
|
||||||
|
@@ -111,7 +111,7 @@ OL_VERSIONED_SYMBOLS = @OL_VERSIONED_SYMBOLS@
|
||||||
|
LTSTATIC = @LTSTATIC@
|
||||||
|
|
||||||
|
LTLINK = $(LIBTOOL) --mode=link \
|
||||||
|
- $(CC) $(LTSTATIC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS)
|
||||||
|
+ $(CC) -pie $(LTSTATIC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS)
|
||||||
|
|
||||||
|
LTCOMPILE_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=compile \
|
||||||
|
$(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c
|
||||||
|
@@ -120,7 +120,7 @@ LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \
|
||||||
|
$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(SYMBOL_VERSION_FLAGS)
|
||||||
|
|
||||||
|
LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
|
||||||
|
- $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
|
||||||
|
+ $(CC) $(LT_CFLAGS) $(PIE_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
|
||||||
|
|
||||||
|
LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \
|
||||||
|
$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD)
|
||||||
|
@@ -214,7 +214,7 @@ LLOADD_LIBS = @BALANCER_LIBS@ $(LEVENT_LIBS)
|
||||||
|
# Our Defaults
|
||||||
|
CC = $(AC_CC)
|
||||||
|
DEFS = $(LDAP_INCPATH) $(XINCPATH) $(XDEFS) $(AC_DEFS) $(DEFINES)
|
||||||
|
-CFLAGS = $(AC_CFLAGS) $(DEFS)
|
||||||
|
+CFLAGS = -fPIE $(AC_CFLAGS) $(DEFS)
|
||||||
|
LDFLAGS = $(LDAP_LIBPATH) $(AC_LDFLAGS) $(XLDFLAGS)
|
||||||
|
LIBS = $(XLIBS) $(XXLIBS) $(AC_LIBS) $(XXXLIBS)
|
||||||
|
|
||||||
|
diff --git a/servers/slapd/back-ldap/Makefile.in b/servers/slapd/back-ldap/Makefile.in
|
||||||
|
index 71400ca1b..6427165c6 100644
|
||||||
|
--- a/servers/slapd/back-ldap/Makefile.in
|
||||||
|
+++ b/servers/slapd/back-ldap/Makefile.in
|
||||||
|
@@ -26,6 +26,8 @@ LDAP_LIBDIR= ../../../libraries
|
||||||
|
BUILD_OPT = "--enable-ldap"
|
||||||
|
BUILD_MOD = @BUILD_LDAP@
|
||||||
|
|
||||||
|
+PIE_CFLAGS="-fPIE"
|
||||||
|
+
|
||||||
|
mod_DEFS = -DSLAPD_IMPORT
|
||||||
|
MOD_DEFS = $(@BUILD_LDAP@_DEFS)
|
||||||
|
|
||||||
|
diff --git a/servers/slapd/back-ldif/Makefile.in b/servers/slapd/back-ldif/Makefile.in
|
||||||
|
index 225c8dd19..2f07c067b 100644
|
||||||
|
--- a/servers/slapd/back-ldif/Makefile.in
|
||||||
|
+++ b/servers/slapd/back-ldif/Makefile.in
|
||||||
|
@@ -22,6 +22,8 @@ LDAP_LIBDIR= ../../../libraries
|
||||||
|
BUILD_OPT = "--enable-ldif"
|
||||||
|
BUILD_MOD = yes
|
||||||
|
|
||||||
|
+PIE_CFLAGS="-fPIE"
|
||||||
|
+
|
||||||
|
mod_DEFS = -DSLAPD_IMPORT
|
||||||
|
MOD_DEFS = $(yes_DEFS)
|
||||||
|
|
||||||
|
diff --git a/servers/slapd/back-mdb/Makefile.in b/servers/slapd/back-mdb/Makefile.in
|
||||||
|
index 6d64824da..9bbf8747d 100644
|
||||||
|
--- a/servers/slapd/back-mdb/Makefile.in
|
||||||
|
+++ b/servers/slapd/back-mdb/Makefile.in
|
||||||
|
@@ -34,6 +34,8 @@ MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb
|
||||||
|
BUILD_OPT = "--enable-mdb"
|
||||||
|
BUILD_MOD = @BUILD_MDB@
|
||||||
|
|
||||||
|
+PIE_CFLAGS="-fPIE"
|
||||||
|
+
|
||||||
|
mod_DEFS = -DSLAPD_IMPORT
|
||||||
|
MOD_DEFS = $(@BUILD_MDB@_DEFS)
|
||||||
|
MOD_LIBS = $(MDB_LIBS)
|
||||||
|
diff --git a/servers/slapd/back-monitor/Makefile.in b/servers/slapd/back-monitor/Makefile.in
|
||||||
|
index 200a1c65c..6b2afffb9 100644
|
||||||
|
--- a/servers/slapd/back-monitor/Makefile.in
|
||||||
|
+++ b/servers/slapd/back-monitor/Makefile.in
|
||||||
|
@@ -30,6 +30,8 @@ LDAP_LIBDIR= ../../../libraries
|
||||||
|
BUILD_OPT = "--enable-monitor"
|
||||||
|
BUILD_MOD = yes
|
||||||
|
|
||||||
|
+PIE_CFLAGS="-fPIE"
|
||||||
|
+
|
||||||
|
mod_DEFS = -DSLAPD_IMPORT
|
||||||
|
MOD_DEFS = $(yes_DEFS)
|
||||||
|
|
||||||
|
diff --git a/servers/slapd/back-relay/Makefile.in b/servers/slapd/back-relay/Makefile.in
|
||||||
|
index 71d74a171..60b44afd8 100644
|
||||||
|
--- a/servers/slapd/back-relay/Makefile.in
|
||||||
|
+++ b/servers/slapd/back-relay/Makefile.in
|
||||||
|
@@ -22,6 +22,8 @@ LDAP_LIBDIR= ../../../libraries
|
||||||
|
BUILD_OPT = "--enable-relay"
|
||||||
|
BUILD_MOD = @BUILD_RELAY@
|
||||||
|
|
||||||
|
+PIE_CFLAGS="-fPIE"
|
||||||
|
+
|
||||||
|
mod_DEFS = -DSLAPD_IMPORT
|
||||||
|
MOD_DEFS = $(@BUILD_RELAY@_DEFS)
|
@ -0,0 +1,26 @@
|
|||||||
|
From d4b247e43fe1ea1b3713f3d8f493422d5adcc537 Mon Sep 17 00:00:00 2001
|
||||||
|
From: HouzuoGuo <guohouzuo@gmail.com>
|
||||||
|
Date: Fri, 13 Mar 2015 16:14:10 +0100
|
||||||
|
Subject: [PATCH] In monitor backend, do not return Connection0 entries as they
|
||||||
|
are created for internal use only.
|
||||||
|
|
||||||
|
---
|
||||||
|
servers/slapd/back-monitor/conn.c | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/servers/slapd/back-monitor/conn.c b/servers/slapd/back-monitor/conn.c
|
||||||
|
index 4d327f243..c4d3c6237 100644
|
||||||
|
--- a/servers/slapd/back-monitor/conn.c
|
||||||
|
+++ b/servers/slapd/back-monitor/conn.c
|
||||||
|
@@ -456,6 +456,11 @@ monitor_subsys_conn_create(
|
||||||
|
c != NULL;
|
||||||
|
c = connection_next( c, &connindex ) )
|
||||||
|
{
|
||||||
|
+ /* Connection 0 is created by connection_client_setup for internal use only */
|
||||||
|
+ if (c->c_connid == 0) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
monitor_entry_t *mp;
|
||||||
|
|
||||||
|
/* ignore outbound for now, nothing to show */
|
16
0016-Clear-shared-key-only-in-close-function.patch
Normal file
16
0016-Clear-shared-key-only-in-close-function.patch
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
|
||||||
|
index 6bdf3151d..56212151b 100644
|
||||||
|
--- a/libraries/liblmdb/mdb.c
|
||||||
|
+++ b/libraries/liblmdb/mdb.c
|
||||||
|
@@ -4692,6 +4692,11 @@ mdb_env_close0(MDB_env *env, int excl)
|
||||||
|
|
||||||
|
if (env->me_flags & MDB_ENV_TXKEY) {
|
||||||
|
pthread_key_delete(env->me_txkey);
|
||||||
|
+
|
||||||
|
+ // No need to call desctructor anymore, as all pid
|
||||||
|
+ // values are cleared below.
|
||||||
|
+ env->me_txkey = NULL;
|
||||||
|
+
|
||||||
|
#ifdef _WIN32
|
||||||
|
/* Delete our key from the global list */
|
||||||
|
for (i=0; i<mdb_tls_nkeys; i++)
|
25
README.module-loading
Normal file
25
README.module-loading
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
All of the OpenLDAP backends (except back-config) and overlays are now
|
||||||
|
compiled as dynamic modules in our packages. If you want to use any of
|
||||||
|
these in your setup make sure to put the correct "olcModuleLoad" or
|
||||||
|
"moduleload" statements in your configuration.
|
||||||
|
|
||||||
|
For details please see the slapd-config(5) and slapd.conf(5) manpages
|
||||||
|
(depending on which config mechanism you use).
|
||||||
|
|
||||||
|
For a list of the included dynamic modules list all modules files:
|
||||||
|
|
||||||
|
ls /usr/lib*/openldap/*.so
|
||||||
|
|
||||||
|
Or just the backend files:
|
||||||
|
|
||||||
|
ls /usr/lib*/openldap/back_*.so
|
||||||
|
|
||||||
|
Documentations for the overlays can be found in the respective man pages or
|
||||||
|
the OpenLDAP Administration Guide which is part of the "openldap2-doc"
|
||||||
|
package.
|
||||||
|
|
||||||
|
Backend man-pages:
|
||||||
|
man 5 slapo-<back_name>
|
||||||
|
|
||||||
|
Overlays man-pages:
|
||||||
|
man 5 slapo-<name>
|
3
_multibuild
Normal file
3
_multibuild
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
<multibuild>
|
||||||
|
<package>contrib</package>
|
||||||
|
</multibuild>
|
BIN
addonschema.tar.gz
(Stored with Git LFS)
Normal file
BIN
addonschema.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
6
baselibs.conf
Normal file
6
baselibs.conf
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
libldap2
|
||||||
|
provides "openldap2-client-<targettype> = <version>"
|
||||||
|
obsoletes "openldap2-client-<targettype> <= <version>"
|
||||||
|
openldap2-devel
|
||||||
|
requires -openldap2-<targettype>
|
||||||
|
requires "libldap2-<targettype> = <version>"
|
42
fixup-modulepath.sh
Normal file
42
fixup-modulepath.sh
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
source /usr/lib/openldap/update-crc
|
||||||
|
|
||||||
|
conf_dir='/etc/openldap/slapd.d'
|
||||||
|
tgt_ldif="${conf_dir}/cn=config.ldif"
|
||||||
|
if [ ! -d ${conf_dir} ] || [ ! -f ${tgt_ldif} ]
|
||||||
|
then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Make sure slapd.service is not running.
|
||||||
|
slapd_running=1
|
||||||
|
|
||||||
|
# Don't check if no systemd, we could be in a container.
|
||||||
|
if [ -f "/usr/bin/systemctl" ]; then
|
||||||
|
/usr/bin/systemctl is-active --quiet slapd.service
|
||||||
|
slapd_running=$?
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $slapd_running -eq 0 ]; then
|
||||||
|
echo "Unable to update crc of '${tgt_ldif}' while slapd.service is running ..."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove the module path.
|
||||||
|
sed -n -i '/olcModulePath/!p' ${tgt_ldif}
|
||||||
|
|
||||||
|
res=$?
|
||||||
|
|
||||||
|
if [ $res -ne 0 ]
|
||||||
|
then
|
||||||
|
echo "Failed to remove olcModulePath in ${tgt_ldif}"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
do_update_crc ${tgt_ldif}
|
||||||
|
echo "Updated crc of ${tgt_ldif}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
91
gcc14.patch
Normal file
91
gcc14.patch
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
From: Jan Engelhardt <jengelh@inai.de>
|
||||||
|
Date: 2024-05-25 09:45:23.081724037 +0200
|
||||||
|
|
||||||
|
Codefixes needed for gcc 14:
|
||||||
|
|
||||||
|
mdb.c:5115:31: error: assignment to "pthread_key_t" {aka "unsigned int"} from
|
||||||
|
"void *" makes integer from pointer without a cast [-Wint-conversion]
|
||||||
|
|
||||||
|
Workarounds for:
|
||||||
|
|
||||||
|
constraint.c:560:43: error: assignment to "constraint **" from incompatible pointer type "void **" [-Wincompatible-pointer-types]
|
||||||
|
for ( app = &on->on_bi.bi_private; *app; app = &(*app)->ap_next )
|
||||||
|
dyngroup.c:114:27: error: assignment to "adpair **" from incompatible pointer type "void **" [-Wincompatible-pointer-types]
|
||||||
|
for ( app = &on->on_bi.bi_private; *app; app = &(*app)->ap_next )
|
||||||
|
valsort.c:204:19: error: assignment to "valsort_info **" from incompatible pointer type "void **" [-Wincompatible-pointer-types]
|
||||||
|
for ( vip = &on->on_bi.bi_private; *vip; vip = &(*vip)->vi_next )
|
||||||
|
cloak.c:245:25: error: implicit declaration of function "attr_clean"; did you mean "entry_clean"? [-Wimplicit-function-declaration]
|
||||||
|
attr_clean( a );
|
||||||
|
|
||||||
|
---
|
||||||
|
contrib/slapd-modules/cloak/cloak.c | 1 +
|
||||||
|
libraries/liblmdb/mdb.c | 2 +-
|
||||||
|
servers/slapd/overlays/constraint.c | 2 +-
|
||||||
|
servers/slapd/overlays/dyngroup.c | 2 +-
|
||||||
|
servers/slapd/overlays/valsort.c | 2 +-
|
||||||
|
5 files changed, 5 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
Index: openldap-2.6.7/contrib/slapd-modules/cloak/cloak.c
|
||||||
|
===================================================================
|
||||||
|
--- openldap-2.6.7.orig/contrib/slapd-modules/cloak/cloak.c
|
||||||
|
+++ openldap-2.6.7/contrib/slapd-modules/cloak/cloak.c
|
||||||
|
@@ -242,6 +242,7 @@ cloak_search_response_cb( Operation *op,
|
||||||
|
else
|
||||||
|
me->e_attrs = a->a_next;
|
||||||
|
|
||||||
|
+ extern void attr_clean(Attribute *);
|
||||||
|
attr_clean( a );
|
||||||
|
}
|
||||||
|
|
||||||
|
Index: openldap-2.6.7/libraries/liblmdb/mdb.c
|
||||||
|
===================================================================
|
||||||
|
--- openldap-2.6.7.orig/libraries/liblmdb/mdb.c
|
||||||
|
+++ openldap-2.6.7/libraries/liblmdb/mdb.c
|
||||||
|
@@ -5161,7 +5161,7 @@ mdb_env_close0(MDB_env *env, int excl)
|
||||||
|
|
||||||
|
// No need to call desctructor anymore, as all pid
|
||||||
|
// values are cleared below.
|
||||||
|
- env->me_txkey = NULL;
|
||||||
|
+ memset(&env->me_txkey, 0, sizeof(env->me_txkey));
|
||||||
|
|
||||||
|
#ifdef _WIN32
|
||||||
|
/* Delete our key from the global list */
|
||||||
|
Index: openldap-2.6.7/servers/slapd/overlays/constraint.c
|
||||||
|
===================================================================
|
||||||
|
--- openldap-2.6.7.orig/servers/slapd/overlays/constraint.c
|
||||||
|
+++ openldap-2.6.7/servers/slapd/overlays/constraint.c
|
||||||
|
@@ -557,7 +557,7 @@ done:;
|
||||||
|
a2->restrict_filter = ap.restrict_filter;
|
||||||
|
a2->restrict_val = ap.restrict_val;
|
||||||
|
|
||||||
|
- for ( app = &on->on_bi.bi_private; *app; app = &(*app)->ap_next )
|
||||||
|
+ for ( app = (constraint **)&on->on_bi.bi_private; *app; app = &(*app)->ap_next )
|
||||||
|
/* Get to the end */ ;
|
||||||
|
|
||||||
|
a2->ap_next = *app;
|
||||||
|
Index: openldap-2.6.7/servers/slapd/overlays/dyngroup.c
|
||||||
|
===================================================================
|
||||||
|
--- openldap-2.6.7.orig/servers/slapd/overlays/dyngroup.c
|
||||||
|
+++ openldap-2.6.7/servers/slapd/overlays/dyngroup.c
|
||||||
|
@@ -111,7 +111,7 @@ static int dgroup_cf( ConfigArgs *c )
|
||||||
|
*/
|
||||||
|
a2 = ch_malloc( sizeof(adpair) );
|
||||||
|
|
||||||
|
- for ( app = &on->on_bi.bi_private; *app; app = &(*app)->ap_next )
|
||||||
|
+ for ( app = (adpair **)&on->on_bi.bi_private; *app; app = &(*app)->ap_next )
|
||||||
|
/* Get to the end */ ;
|
||||||
|
|
||||||
|
a2->ap_mem = ap.ap_mem;
|
||||||
|
Index: openldap-2.6.7/servers/slapd/overlays/valsort.c
|
||||||
|
===================================================================
|
||||||
|
--- openldap-2.6.7.orig/servers/slapd/overlays/valsort.c
|
||||||
|
+++ openldap-2.6.7/servers/slapd/overlays/valsort.c
|
||||||
|
@@ -201,7 +201,7 @@ valsort_cf_func(ConfigArgs *c) {
|
||||||
|
return(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
- for ( vip = &on->on_bi.bi_private; *vip; vip = &(*vip)->vi_next )
|
||||||
|
+ for ( vip = (valsort_info **)&on->on_bi.bi_private; *vip; vip = &(*vip)->vi_next )
|
||||||
|
/* Get to the end */ ;
|
||||||
|
|
||||||
|
vi = ch_malloc( sizeof(valsort_info) );
|
2
ldap-user.conf
Normal file
2
ldap-user.conf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# Type Name ID GECOS [HOME]
|
||||||
|
u ldap - "User for OpenLDAP" /var/lib/ldap
|
3
openldap-2.6.7.tgz
Normal file
3
openldap-2.6.7.tgz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:cd775f625c944ed78a3da18a03b03b08eea73c8aabc97b41bb336e9a10954930
|
||||||
|
size 6484944
|
16
openldap-2.6.7.tgz.asc
Normal file
16
openldap-2.6.7.tgz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEEPOJptTmLyLeFZF6Yf2fV/Rzhy84FAmW4AwsACgkQf2fV/Rzh
|
||||||
|
y84CgQ/9GAtC9/jUMEb+PJYnCKCil07gxl6yxwjzUUy6mQZt59hwqXFRRkG/cqKj
|
||||||
|
mie25RGVTyCCzaz9TMo8RplrqvVL2CGZrE3NzorCivh5VNWZws61b+c+7aSHu0qd
|
||||||
|
VSLpn3FMAhOdY3FBqmuPMj1mT0S7iJ5pA181YXYmLhiWlerYl5FyMjmaQddht+OB
|
||||||
|
ctTG3l/9/BDW5vyTxtBZSnY20h70r1gzKn3x8zQ4kJApJZPEiMsJBne7ywOmezzt
|
||||||
|
p1SgqExSVedlVig3AGqia+zlCcROJxVXqDSZenISrzXMQzdIc2WmEwo+q5WF4Kwh
|
||||||
|
aw3w8BVnoO6Jv4B9Ye5fokSTLKJ1hbLFE+f9s1M5lM3+vmtSSl0sU0glDkwe2UFK
|
||||||
|
ZCeMcsrQTRTsFOFaY/JgAqlD5Q66etVCM6Jobqt2fsdGKnregcu5SGvS0P9rRS/h
|
||||||
|
JRdkqPbndE05sZZxt8hBE4Sc1GIMeW9usA2GQaATK1xtq9pAWSF4UJ+y2aKxY6vI
|
||||||
|
sGBRrtJ7zRjrM17k4xGe0kMqP0y4mqKRfm2QYDK/64UplhMgrUzods+NU1NpfHWb
|
||||||
|
FlCOreubgjMeGl8wUpYTFNTO2GU74AjFnnpqU50v+5tHGqQ3rNq0VXwSifxj1ttK
|
||||||
|
0w7DXLD4qVA1rjyK3fBTaIfvOFCc6ukhQiFq0cYUOBS3VDhz7lU=
|
||||||
|
=2j7h
|
||||||
|
-----END PGP SIGNATURE-----
|
28
openldap2-fb9e6a81bbee.patch
Normal file
28
openldap2-fb9e6a81bbee.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From fb9e6a81bbee880549e7ec18f0a74ddddbd2d1ab Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Tue, 6 Feb 2024 21:38:24 -0500
|
||||||
|
Subject: [PATCH] ITS#10171 - Explicitly cast private values
|
||||||
|
|
||||||
|
Fixes issues with -Werror=incompatible-pointer-types
|
||||||
|
|
||||||
|
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
---
|
||||||
|
servers/slapd/config.c | 2 +-
|
||||||
|
servers/slapd/overlays/constraint.c | 2 +-
|
||||||
|
servers/slapd/overlays/dyngroup.c | 2 +-
|
||||||
|
servers/slapd/overlays/valsort.c | 2 +-
|
||||||
|
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/servers/slapd/config.c b/servers/slapd/config.c
|
||||||
|
index 80333f359c..987c862d91 100644
|
||||||
|
--- a/servers/slapd/config.c
|
||||||
|
+++ b/servers/slapd/config.c
|
||||||
|
@@ -151,7 +151,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
|
||||||
|
int rc, arg_user, arg_type, arg_syn, iarg;
|
||||||
|
unsigned uiarg;
|
||||||
|
long larg;
|
||||||
|
- size_t ularg;
|
||||||
|
+ unsigned long ularg;
|
||||||
|
ber_len_t barg;
|
||||||
|
|
||||||
|
if(Conf->arg_type == ARG_IGNORED) {
|
3571
openldap2.changes
Normal file
3571
openldap2.changes
Normal file
File diff suppressed because it is too large
Load Diff
3
openldap2.conf
Normal file
3
openldap2.conf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# openldap needs a directory in /var/lib/:
|
||||||
|
d /var/lib/ldap 0750 ldap ldap -
|
||||||
|
d /run/slapd 0755 ldap ldap -
|
BIN
openldap2.keyring
Normal file
BIN
openldap2.keyring
Normal file
Binary file not shown.
604
openldap2.spec
Normal file
604
openldap2.spec
Normal file
@ -0,0 +1,604 @@
|
|||||||
|
#
|
||||||
|
# spec file for package openldap2
|
||||||
|
#
|
||||||
|
# Copyright (c) 2024 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
%define run_test_suite 0
|
||||||
|
%define slapdrundir %{_rundir}/slapd
|
||||||
|
%define flavor @BUILD_FLAVOR@%{nil}
|
||||||
|
%if "%flavor" == "contrib"
|
||||||
|
%define name_suffix -%{flavor}-src
|
||||||
|
%else
|
||||||
|
%define name_suffix %{nil}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
Name: openldap2%{name_suffix}
|
||||||
|
Version: 2.6.7
|
||||||
|
Release: 0
|
||||||
|
Summary: An open source implementation of the Lightweight Directory Access Protocol
|
||||||
|
License: OLDAP-2.8
|
||||||
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
|
URL: https://www.openldap.org
|
||||||
|
Source0: https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
||||||
|
Source1: https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version}.tgz.asc
|
||||||
|
Source2: openldap2.keyring
|
||||||
|
Source4: sasl-slapd.conf
|
||||||
|
Source5: README.module-loading
|
||||||
|
Source6: schema2ldif
|
||||||
|
Source7: baselibs.conf
|
||||||
|
Source9: addonschema.tar.gz
|
||||||
|
Source12: slapd.conf.example
|
||||||
|
Source13: start
|
||||||
|
Source14: slapd.service
|
||||||
|
Source16: sysconfig.openldap
|
||||||
|
Source18: openldap2.conf
|
||||||
|
Source19: ldap-user.conf
|
||||||
|
Source20: fixup-modulepath.sh
|
||||||
|
Source21: slapd-ldif-update-crc.sh
|
||||||
|
Source22: update-crc.sh
|
||||||
|
Source23: slapd.conf
|
||||||
|
Source24: slapd.conf.olctemplate
|
||||||
|
Patch1: reproducible.patch
|
||||||
|
Patch3: 0003-LDAPI-socket-location.dif
|
||||||
|
Patch5: 0005-pie-compile.dif
|
||||||
|
Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
|
||||||
|
Patch16: 0016-Clear-shared-key-only-in-close-function.patch
|
||||||
|
Patch17: gcc14.patch
|
||||||
|
Patch18: openldap2-fb9e6a81bbee.patch
|
||||||
|
BuildRequires: argon2-devel
|
||||||
|
BuildRequires: cyrus-sasl-devel
|
||||||
|
BuildRequires: db-devel
|
||||||
|
BuildRequires: groff
|
||||||
|
BuildRequires: libopenssl-devel
|
||||||
|
BuildRequires: libtool
|
||||||
|
%if 0%{?suse_version} < 1600
|
||||||
|
BuildRequires: openslp-devel
|
||||||
|
%endif
|
||||||
|
BuildRequires: sysuser-tools
|
||||||
|
BuildRequires: unixODBC-devel
|
||||||
|
# avoid cycle with krb5
|
||||||
|
BuildRequires: pkgconfig(krb5)
|
||||||
|
BuildRequires: pkgconfig(systemd)
|
||||||
|
%if "%flavor" == "contrib"
|
||||||
|
BuildRequires: gcc-c++
|
||||||
|
BuildRequires: openldap2-devel
|
||||||
|
%endif
|
||||||
|
%if %{suse_version} < 1500
|
||||||
|
%{?systemd_requires}
|
||||||
|
%endif
|
||||||
|
Requires: /usr/bin/awk
|
||||||
|
Requires: libldap2 = %{version}
|
||||||
|
Recommends: cyrus-sasl
|
||||||
|
Conflicts: openldap
|
||||||
|
PreReq: %fillup_prereq
|
||||||
|
%sysusers_requires
|
||||||
|
|
||||||
|
%description
|
||||||
|
OpenLDAP is a client and server reference implementation of the
|
||||||
|
Lightweight Directory Access Protocol v3 (LDAPv3).
|
||||||
|
|
||||||
|
The server provides several database backends and overlays.
|
||||||
|
|
||||||
|
%package back-perl
|
||||||
|
Summary: OpenLDAP Perl Back-End
|
||||||
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
|
Requires: openldap2 = %{version}
|
||||||
|
Requires: perl = %{perl_version}
|
||||||
|
|
||||||
|
%description back-perl
|
||||||
|
The OpenLDAP Perl back-end allows you to execute Perl code specific to
|
||||||
|
different LDAP operations.
|
||||||
|
|
||||||
|
%package back-sock
|
||||||
|
Summary: OpenLDAP Socket Back-End
|
||||||
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
|
Requires: openldap2 = %{version}
|
||||||
|
Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz
|
||||||
|
|
||||||
|
%description back-sock
|
||||||
|
The OpenLDAP socket back-end allows you to handle LDAP requests and
|
||||||
|
results with an external process listening on a Unix domain socket.
|
||||||
|
|
||||||
|
%package back-meta
|
||||||
|
Summary: OpenLDAP Meta Back-End
|
||||||
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
|
Requires: openldap2 = %{version}
|
||||||
|
Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz
|
||||||
|
|
||||||
|
%description back-meta
|
||||||
|
The OpenLDAP Meta back-end is able to perform basic LDAP proxying with
|
||||||
|
respect to a set of remote LDAP servers. The information contained in
|
||||||
|
these servers can be presented as belonging to a single Directory
|
||||||
|
Information Tree (DIT).
|
||||||
|
|
||||||
|
%package back-sql
|
||||||
|
Summary: OpenLDAP SQL Back-End
|
||||||
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
|
Requires: openldap2 = %{version}
|
||||||
|
|
||||||
|
%description back-sql
|
||||||
|
The primary purpose of this OpenLDAP backend is to present information
|
||||||
|
stored in a Relational (SQL) Database as an LDAP subtree without the need
|
||||||
|
to do any programming.
|
||||||
|
|
||||||
|
%package -n libldap-data
|
||||||
|
Summary: Configuration file for system-wide defaults for all uses of libldap
|
||||||
|
Group: Productivity/Networking/LDAP/Clients
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
%description -n libldap-data
|
||||||
|
The subpackage contains a configuration file used to set system-wide defaults
|
||||||
|
to be applied with all usages of libldap.
|
||||||
|
|
||||||
|
%package contrib
|
||||||
|
Summary: OpenLDAP Contrib Modules
|
||||||
|
Group: Productivity/Networking/LDAP/Servers
|
||||||
|
Requires: openldap2 = %{version}
|
||||||
|
|
||||||
|
%description contrib
|
||||||
|
Various overlays found in contrib/:
|
||||||
|
addpartial Intercepts ADD requests, applies changes to existing entries
|
||||||
|
allop
|
||||||
|
allowed Generates attributes indicating access rights
|
||||||
|
autogroup
|
||||||
|
authzid implements RFC 3829 support
|
||||||
|
cloak
|
||||||
|
datamorph store enumerated values and fixed size integers
|
||||||
|
denyop
|
||||||
|
lastbind writes last bind timestamp to entry
|
||||||
|
noopsrch handles no-op search control
|
||||||
|
pw-sha2 generates/validates SHA-2 password hashes
|
||||||
|
pw-pbkdf2 generates/validates PBKDF2 password hashes
|
||||||
|
smbk5pwd generates Samba3 password hashes (heimdal krb disabled)
|
||||||
|
trace traces overlay invocation
|
||||||
|
variant allows attributes/values to be shared between several entries
|
||||||
|
vc implements the verify credentials extended operation
|
||||||
|
|
||||||
|
%package doc
|
||||||
|
Summary: OpenLDAP Documentation
|
||||||
|
Group: Documentation/Other
|
||||||
|
Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
%description doc
|
||||||
|
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts.
|
||||||
|
|
||||||
|
%package client
|
||||||
|
Summary: OpenLDAP client utilities
|
||||||
|
Group: Productivity/Networking/LDAP/Clients
|
||||||
|
Requires: libldap2 = %{version}
|
||||||
|
|
||||||
|
%description client
|
||||||
|
OpenLDAP client utilities such as ldapadd, ldapsearch, ldapmodify.
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Libraries, Header Files and Documentation for OpenLDAP
|
||||||
|
# bug437293
|
||||||
|
Group: Development/Libraries/C and C++
|
||||||
|
%ifarch ppc64
|
||||||
|
Obsoletes: openldap2-devel-64bit
|
||||||
|
%endif
|
||||||
|
#
|
||||||
|
Conflicts: openldap-devel
|
||||||
|
Requires: libldap2 = %{version}
|
||||||
|
Recommends: cyrus-sasl-devel
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
This package provides the OpenLDAP libraries, header files, and
|
||||||
|
documentation.
|
||||||
|
|
||||||
|
%package devel-static
|
||||||
|
Summary: Static libraries for the OpenLDAP libraries
|
||||||
|
Group: Development/Libraries/C and C++
|
||||||
|
Requires: cyrus-sasl-devel
|
||||||
|
Requires: libopenssl-devel
|
||||||
|
Requires: openldap2-devel = %version
|
||||||
|
|
||||||
|
%description devel-static
|
||||||
|
This package provides the static versions of the OpenLDAP libraries
|
||||||
|
for development.
|
||||||
|
|
||||||
|
%package -n libldap2
|
||||||
|
Summary: OpenLDAP Client Libraries
|
||||||
|
Group: Productivity/Networking/LDAP/Clients
|
||||||
|
Recommends: libldap-data >= %{version}
|
||||||
|
|
||||||
|
%description -n libldap2
|
||||||
|
This package contains the OpenLDAP client libraries.
|
||||||
|
|
||||||
|
%package -n libldapcpp-devel
|
||||||
|
Summary: C++ wrapper around openLDAP API
|
||||||
|
Group: Development/Libraries/C and C++
|
||||||
|
Requires: libldapcpp0 = %{version}
|
||||||
|
Requires: openldap2-devel
|
||||||
|
|
||||||
|
%description -n libldapcpp-devel
|
||||||
|
This package contains files needed for development with the LDAP C++
|
||||||
|
library.
|
||||||
|
|
||||||
|
%package -n libldapcpp0
|
||||||
|
Summary: C++ wrapper around openLDAP API
|
||||||
|
Group: Development/Libraries/C and C++
|
||||||
|
Provides: ldapcpplib = %{version}
|
||||||
|
Obsoletes: ldapcpplib <= 0.0.5
|
||||||
|
|
||||||
|
%description -n libldapcpp0
|
||||||
|
This package provides a C++ library for accessing LDAP (Version 3)
|
||||||
|
Servers
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -a9 -p1 -n openldap-%{version}
|
||||||
|
cp %{SOURCE5} .
|
||||||
|
|
||||||
|
%build
|
||||||
|
%if "%flavor" == "contrib"
|
||||||
|
cd contrib/ldapc++
|
||||||
|
%configure --disable-static
|
||||||
|
%make_build
|
||||||
|
%else
|
||||||
|
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
|
||||||
|
export CFLAGS="%{optflags} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES -DLDAP_USE_NON_BLOCKING_TLS"
|
||||||
|
export STRIP=""
|
||||||
|
./configure \
|
||||||
|
--prefix="%_prefix" \
|
||||||
|
--sysconfdir=%{_sysconfdir} \
|
||||||
|
--libdir=%{_libdir} \
|
||||||
|
--libexecdir=%{_libdir} \
|
||||||
|
--localstatedir=%{slapdrundir} \
|
||||||
|
--enable-wrappers=no \
|
||||||
|
--enable-spasswd \
|
||||||
|
--enable-modules \
|
||||||
|
--enable-shared \
|
||||||
|
--enable-dynamic \
|
||||||
|
--with-tls=openssl \
|
||||||
|
--with-cyrus-sasl \
|
||||||
|
--enable-crypt \
|
||||||
|
--enable-ipv6=yes \
|
||||||
|
--enable-dynacl \
|
||||||
|
--enable-aci \
|
||||||
|
--enable-ldap=mod \
|
||||||
|
--enable-meta=mod \
|
||||||
|
--enable-perl=mod \
|
||||||
|
--enable-sock=mod \
|
||||||
|
--enable-sql=mod \
|
||||||
|
--enable-mdb=mod \
|
||||||
|
--enable-relay=mod \
|
||||||
|
%if 0%{?suse_version} < 1600
|
||||||
|
--enable-slp \
|
||||||
|
%endif
|
||||||
|
--enable-overlays=mod \
|
||||||
|
--enable-syncprov=mod \
|
||||||
|
--enable-ppolicy=mod \
|
||||||
|
--with-yielding-select \
|
||||||
|
--with-argon2=libargon2 \
|
||||||
|
|| cat config.log
|
||||||
|
make depend
|
||||||
|
%make_build
|
||||||
|
# Build selected contrib overlays
|
||||||
|
for SLAPO_NAME in addpartial allowed allop autogroup authzid datamorph lastbind denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace variant vc
|
||||||
|
do
|
||||||
|
make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
|
||||||
|
done
|
||||||
|
# slapo-smbk5pwd only for Samba password hashes
|
||||||
|
make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""
|
||||||
|
|
||||||
|
# Create ldap user
|
||||||
|
%sysusers_generate_pre %{SOURCE19} ldap
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%check
|
||||||
|
%if %run_test_suite
|
||||||
|
# calculate the base port to be use in the test-suite
|
||||||
|
SLAPD_BASEPORT=10000
|
||||||
|
if [ -f /.buildenv ] ; then
|
||||||
|
. /.buildenv
|
||||||
|
SLAPD_BASEPORT=$(($SLAPD_BASEPORT + ${BUILD_INCARNATION:-0} * 10))
|
||||||
|
fi
|
||||||
|
export SLAPD_BASEPORT
|
||||||
|
%ifnarch %arm alpha
|
||||||
|
rm -f tests/scripts/test019-syncreplication-cascade
|
||||||
|
rm -f tests/scripts/test022-ppolicy
|
||||||
|
rm -f tests/scripts/test023-refint
|
||||||
|
rm -f tests/scripts/test033-glue-syncrepl
|
||||||
|
#rm -f tests/scripts/test036-meta-concurrency
|
||||||
|
#rm -f tests/scripts/test039-glue-ldap-concurrency
|
||||||
|
rm -f tests/scripts/test043-delta-syncrepl
|
||||||
|
#rm -f tests/scripts/test045-syncreplication-proxied
|
||||||
|
rm -f tests/scripts/test048-syncrepl-multiproxy
|
||||||
|
rm -f tests/scripts/test050-syncrepl-multimaster
|
||||||
|
rm -f tests/scripts/test058-syncrepl-asymmetric
|
||||||
|
make SLAPD_DEBUG=0 test
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%install
|
||||||
|
%if "%flavor" == "contrib"
|
||||||
|
cd contrib/ldapc++
|
||||||
|
%make_install
|
||||||
|
%else
|
||||||
|
mkdir -p %{buildroot}%{_libdir}/openldap
|
||||||
|
mkdir -p %{buildroot}/usr/lib/openldap
|
||||||
|
mkdir -p %{buildroot}%{_sbindir}
|
||||||
|
mkdir -p %{buildroot}%{_unitdir}
|
||||||
|
make STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
|
||||||
|
# Additional symbolic link to slapd executable in /usr/sbin/
|
||||||
|
ln -s %{_libdir}/slapd %{buildroot}%{_sbindir}/slapd
|
||||||
|
# Install selected contrib overlays
|
||||||
|
for SLAPO_NAME in addpartial allowed allop autogroup authzid datamorph lastbind denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace variant vc
|
||||||
|
do
|
||||||
|
make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" DESTDIR="%{buildroot}" "mandir=%{_mandir}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
|
||||||
|
done
|
||||||
|
# slapo-smbk5pwd only for Samba password hashes
|
||||||
|
make -C contrib/slapd-modules/smbk5pwd STRIP="" DESTDIR="%{buildroot}" "mandir=%{_mandir}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
|
||||||
|
install -m 755 %{SOURCE13} %{buildroot}/usr/lib/openldap/start
|
||||||
|
install -m 644 %{SOURCE14} %{buildroot}%{_unitdir}
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/openldap/slapd.d
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/sasl2
|
||||||
|
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sasl2/slapd.conf
|
||||||
|
install -m 755 -d %{buildroot}/var/lib/ldap
|
||||||
|
chmod a+x %{buildroot}%{_libdir}/liblber.so*
|
||||||
|
chmod a+x %{buildroot}%{_libdir}/libldap.so*
|
||||||
|
install -m 755 %{SOURCE6} %{buildroot}%{_sbindir}/schema2ldif
|
||||||
|
mkdir -p %{buildroot}%{_tmpfilesdir}/
|
||||||
|
install -m 644 %{SOURCE18} %{buildroot}%{_tmpfilesdir}/
|
||||||
|
mkdir -p %{buildroot}%{_sysusersdir}
|
||||||
|
install -m 644 %{SOURCE19} %{buildroot}%{_sysusersdir}/
|
||||||
|
|
||||||
|
install -m 755 %{SOURCE19} ${RPM_BUILD_ROOT}/usr/lib/openldap/fixup-modulepath
|
||||||
|
install -m 755 %{SOURCE20} ${RPM_BUILD_ROOT}/%{_sbindir}/slapd-ldif-update-crc
|
||||||
|
install -m 755 %{SOURCE21} ${RPM_BUILD_ROOT}/usr/lib/openldap/update-crc
|
||||||
|
|
||||||
|
mkdir -p %{buildroot}%{_fillupdir}
|
||||||
|
install -m 644 %{SOURCE16} %{buildroot}%{_fillupdir}/sysconfig.openldap
|
||||||
|
install -m 644 *.ldif %{buildroot}%{_sysconfdir}/openldap/schema
|
||||||
|
install -m 644 *.schema %{buildroot}%{_sysconfdir}/openldap/schema
|
||||||
|
# Install default and sample configuration files
|
||||||
|
install -m 644 %{SOURCE23} %{buildroot}%{_sysconfdir}/openldap
|
||||||
|
install -m 644 %{SOURCE24} %{buildroot}%{_sysconfdir}/openldap
|
||||||
|
install -m 644 %{SOURCE12} %{buildroot}%{_sysconfdir}/openldap
|
||||||
|
find doc/guide '(' ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d ')' -delete
|
||||||
|
rm -rf doc/guide/release
|
||||||
|
|
||||||
|
%define DOCDIR %{_defaultdocdir}/%{name}
|
||||||
|
# Install default database optimisation
|
||||||
|
install -d %{buildroot}%{DOCDIR}/adminguide \
|
||||||
|
%{buildroot}%{DOCDIR}/images \
|
||||||
|
%{buildroot}%{DOCDIR}/drafts
|
||||||
|
install -m 644 doc/guide/admin/* %{buildroot}%{DOCDIR}/adminguide
|
||||||
|
install -m 644 doc/guide/images/*.gif %{buildroot}%{DOCDIR}/images
|
||||||
|
install -m 644 doc/drafts/* %{buildroot}%{DOCDIR}/drafts
|
||||||
|
install -m 644 ANNOUNCEMENT \
|
||||||
|
COPYRIGHT \
|
||||||
|
README \
|
||||||
|
CHANGES \
|
||||||
|
%{SOURCE5} \
|
||||||
|
%{buildroot}%{DOCDIR}
|
||||||
|
install -m 644 servers/slapd/slapd.ldif \
|
||||||
|
%{buildroot}%{DOCDIR}/slapd.ldif.default
|
||||||
|
rm -f %{buildroot}/etc/openldap/schema/README
|
||||||
|
rm -f %{buildroot}/etc/openldap/slapd.ldif*
|
||||||
|
mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
|
||||||
|
|
||||||
|
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcslapd
|
||||||
|
|
||||||
|
rm -f %{buildroot}%{_libdir}/openldap/*.a
|
||||||
|
rm -f %{buildroot}/usr/share/man/man5/slapd-dnssrv.5
|
||||||
|
rm -f %{buildroot}/usr/share/man/man5/slapd-ndb.5
|
||||||
|
rm -f %{buildroot}/usr/share/man/man5/slapd-null.5
|
||||||
|
rm -f %{buildroot}/usr/share/man/man5/slapd-passwd.5
|
||||||
|
rm -f %{buildroot}/usr/share/man/man5/slapd-shell.5
|
||||||
|
rm -f %{buildroot}/usr/share/man/man5/slapd-tcl.5
|
||||||
|
# Remove *.la files, libtool does not handle this correct
|
||||||
|
# Keep .la files for modules in the openldap subdirectory, which are consumed
|
||||||
|
# in this form.
|
||||||
|
rm -f %{buildroot}%{_libdir}/*.la
|
||||||
|
|
||||||
|
# Provide a libldap_r for backwards-compatibility with OpenLDAP < 2.5.
|
||||||
|
ln -fs libldap.so "%{buildroot}%{_libdir}/libldap_r.so"
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%pre -f ldap.pre
|
||||||
|
%service_add_pre slapd.service
|
||||||
|
|
||||||
|
%post
|
||||||
|
%{fillup_only -n openldap ldap}
|
||||||
|
%tmpfiles_create %{name}.conf
|
||||||
|
%service_add_post slapd.service
|
||||||
|
|
||||||
|
%post -n libldap2 -p /sbin/ldconfig
|
||||||
|
%postun -n libldap2 -p /sbin/ldconfig
|
||||||
|
|
||||||
|
%preun
|
||||||
|
%service_del_preun slapd.service
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%service_del_postun slapd.service
|
||||||
|
|
||||||
|
%if "%flavor" == "contrib"
|
||||||
|
%files -n libldapcpp-devel
|
||||||
|
%doc contrib/ldapc++/README
|
||||||
|
%_includedir/*.h
|
||||||
|
%_libdir/libldapcpp.la
|
||||||
|
%_libdir/libldapcpp.so
|
||||||
|
|
||||||
|
%files -n libldapcpp0
|
||||||
|
%_libdir/libldapcpp.so.0
|
||||||
|
%_libdir/libldapcpp.so.0.0.0
|
||||||
|
|
||||||
|
%else
|
||||||
|
|
||||||
|
%files
|
||||||
|
%config %{_sysconfdir}/openldap/schema/*.schema
|
||||||
|
%config %{_sysconfdir}/openldap/schema/*.ldif
|
||||||
|
%config(noreplace) /etc/sasl2/slapd.conf
|
||||||
|
%config(noreplace) %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf
|
||||||
|
%config(noreplace) %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf.olctemplate
|
||||||
|
%config %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf.default
|
||||||
|
%config %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf.example
|
||||||
|
%dir %{_libdir}/openldap
|
||||||
|
%dir /usr/lib/openldap
|
||||||
|
%dir %{_sysconfdir}/sasl2
|
||||||
|
%dir %{_sysconfdir}/openldap
|
||||||
|
%dir %attr(0770, ldap, ldap) %{_sysconfdir}/openldap/slapd.d
|
||||||
|
%dir %{_sysconfdir}/openldap/schema
|
||||||
|
%{_fillupdir}/sysconfig.openldap
|
||||||
|
%{_sbindir}/slap*
|
||||||
|
%{_sbindir}/rcslapd
|
||||||
|
%{_libdir}/openldap/back_ldap*
|
||||||
|
%{_libdir}/openldap/back_mdb*
|
||||||
|
%{_libdir}/openldap/back_relay*
|
||||||
|
%{_libdir}/openldap/accesslog*
|
||||||
|
%{_libdir}/openldap/auditlog*
|
||||||
|
%{_libdir}/openldap/autoca*
|
||||||
|
%{_libdir}/openldap/collect*
|
||||||
|
%{_libdir}/openldap/constraint*
|
||||||
|
%{_libdir}/openldap/dds*
|
||||||
|
%{_libdir}/openldap/deref*
|
||||||
|
%{_libdir}/openldap/dyngroup*
|
||||||
|
%{_libdir}/openldap/dynlist*
|
||||||
|
%{_libdir}/openldap/homedir*
|
||||||
|
%{_libdir}/openldap/memberof*
|
||||||
|
%{_libdir}/openldap/otp*
|
||||||
|
%{_libdir}/openldap/pcache*
|
||||||
|
%{_libdir}/openldap/ppolicy*
|
||||||
|
%{_libdir}/openldap/remoteauth*
|
||||||
|
%{_libdir}/openldap/refint*
|
||||||
|
%{_libdir}/openldap/retcode*
|
||||||
|
%{_libdir}/openldap/rwm*
|
||||||
|
%{_libdir}/openldap/seqmod*
|
||||||
|
%{_libdir}/openldap/sssvlv*
|
||||||
|
%{_libdir}/openldap/syncprov*
|
||||||
|
%{_libdir}/openldap/translucent*
|
||||||
|
%{_libdir}/openldap/unique*
|
||||||
|
%{_libdir}/openldap/valsort*
|
||||||
|
%{_libdir}/slapd
|
||||||
|
/usr/lib/openldap/start
|
||||||
|
/usr/lib/openldap/update-crc
|
||||||
|
/usr/lib/openldap/fixup-modulepath
|
||||||
|
%{_unitdir}/slapd.service
|
||||||
|
%{_tmpfilesdir}/%{name}.conf
|
||||||
|
%{_sysusersdir}/ldap-user.conf
|
||||||
|
%dir %attr(0750, ldap, ldap) %{_sharedstatedir}/ldap
|
||||||
|
%ghost %attr(0750, ldap, ldap) %{slapdrundir}
|
||||||
|
%doc %{_mandir}/man8/sl*
|
||||||
|
%doc %{_mandir}/man8/lloadd.*
|
||||||
|
%doc %{_mandir}/man5/lloadd.conf.*
|
||||||
|
%doc %{_mandir}/man5/slapd.*
|
||||||
|
%doc %{_mandir}/man5/slapd-asyncmeta.*
|
||||||
|
%doc %{_mandir}/man5/slapd-config.*
|
||||||
|
%doc %{_mandir}/man5/slapd-ldap.*
|
||||||
|
%doc %{_mandir}/man5/slapd-ldif.*
|
||||||
|
%doc %{_mandir}/man5/slapd-mdb.*
|
||||||
|
%doc %{_mandir}/man5/slapd-monitor.*
|
||||||
|
%doc %{_mandir}/man5/slapd-pw-*
|
||||||
|
%doc %{_mandir}/man5/slapd-relay.*
|
||||||
|
%doc %{_mandir}/man5/slapd-wt.*
|
||||||
|
%doc %{_mandir}/man5/slapo-*
|
||||||
|
%doc %{_mandir}/man5/slappw-argon2.*
|
||||||
|
%dir %{DOCDIR}
|
||||||
|
%doc %{DOCDIR}/ANNOUNCEMENT
|
||||||
|
%doc %{DOCDIR}/COPYRIGHT
|
||||||
|
%license LICENSE
|
||||||
|
%doc %{DOCDIR}/README*
|
||||||
|
%doc %{DOCDIR}/CHANGES
|
||||||
|
%doc %{DOCDIR}/slapd.ldif.default
|
||||||
|
|
||||||
|
%files back-perl
|
||||||
|
%{_libdir}/openldap/back_perl*
|
||||||
|
%doc %{_mandir}/man5/slapd-perl.*
|
||||||
|
|
||||||
|
%files back-sock
|
||||||
|
%{_libdir}/openldap/back_sock*
|
||||||
|
%doc %{_mandir}/man5/slapd-sock.*
|
||||||
|
|
||||||
|
%files back-meta
|
||||||
|
%{_libdir}/openldap/back_meta*
|
||||||
|
%doc %{_mandir}/man5/slapd-meta.*
|
||||||
|
|
||||||
|
%files back-sql
|
||||||
|
%{_libdir}/openldap/back_sql*
|
||||||
|
%doc %{_mandir}/man5/slapd-sql.*
|
||||||
|
%doc servers/slapd/back-sql/examples
|
||||||
|
%doc servers/slapd/back-sql/docs/bugs
|
||||||
|
%doc servers/slapd/back-sql/docs/install
|
||||||
|
|
||||||
|
%files -n libldap-data
|
||||||
|
%config(noreplace) %{_sysconfdir}/openldap/ldap.conf
|
||||||
|
%doc %{_mandir}/man5/ldap.conf*
|
||||||
|
%{_sysconfdir}/openldap/ldap.conf.default
|
||||||
|
|
||||||
|
%files doc
|
||||||
|
%dir %{DOCDIR}
|
||||||
|
%doc %{DOCDIR}/drafts
|
||||||
|
%doc %{DOCDIR}/adminguide
|
||||||
|
%doc %{DOCDIR}/images
|
||||||
|
|
||||||
|
%files contrib
|
||||||
|
%{_libdir}/openldap/addpartial.*
|
||||||
|
%{_libdir}/openldap/allop.*
|
||||||
|
%{_libdir}/openldap/allowed.*
|
||||||
|
%{_libdir}/openldap/authzid.*
|
||||||
|
%{_libdir}/openldap/autogroup.*
|
||||||
|
%{_libdir}/openldap/cloak.*
|
||||||
|
%{_libdir}/openldap/datamorph.*
|
||||||
|
%{_libdir}/openldap/denyop.*
|
||||||
|
%{_libdir}/openldap/lastbind.*
|
||||||
|
%{_libdir}/openldap/noopsrch.*
|
||||||
|
%{_libdir}/openldap/pw-pbkdf2.*
|
||||||
|
%{_libdir}/openldap/pw-sha2.*
|
||||||
|
%{_libdir}/openldap/smbk5pwd.*
|
||||||
|
%{_libdir}/openldap/trace.*
|
||||||
|
%{_libdir}/openldap/variant.*
|
||||||
|
%{_libdir}/openldap/vc.*
|
||||||
|
|
||||||
|
%files client
|
||||||
|
%doc %{_mandir}/man1/ldap*
|
||||||
|
%doc %{_mandir}/man5/ldif.*
|
||||||
|
%dir /etc/openldap
|
||||||
|
/usr/sbin/schema2ldif
|
||||||
|
/usr/bin/ldapadd
|
||||||
|
/usr/bin/ldapcompare
|
||||||
|
/usr/bin/ldapdelete
|
||||||
|
/usr/bin/ldapexop
|
||||||
|
/usr/bin/ldapmodify
|
||||||
|
/usr/bin/ldapmodrdn
|
||||||
|
/usr/bin/ldapsearch
|
||||||
|
/usr/bin/ldappasswd
|
||||||
|
/usr/bin/ldapurl
|
||||||
|
/usr/bin/ldapvc
|
||||||
|
/usr/bin/ldapwhoami
|
||||||
|
|
||||||
|
%files -n libldap2
|
||||||
|
%{_libdir}/liblber.so.*
|
||||||
|
%{_libdir}/libldap.so.*
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%doc %{_mandir}/man3/ber*
|
||||||
|
%doc %{_mandir}/man3/lber*
|
||||||
|
%doc %{_mandir}/man3/ld_errno*
|
||||||
|
%doc %{_mandir}/man3/ldap*
|
||||||
|
%{_includedir}/*.h
|
||||||
|
%{_libdir}/liblber.so
|
||||||
|
%{_libdir}/libldap*.so
|
||||||
|
%{_libdir}/pkgconfig/*.pc
|
||||||
|
|
||||||
|
%files devel-static
|
||||||
|
%_libdir/liblber.a
|
||||||
|
%_libdir/libldap*.a
|
||||||
|
|
||||||
|
%endif # !flavor:contrib
|
||||||
|
|
||||||
|
%changelog
|
13
reproducible.patch
Normal file
13
reproducible.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Index: openldap-2.6.3/build/mkversion
|
||||||
|
===================================================================
|
||||||
|
--- openldap-2.6.3.orig/build/mkversion
|
||||||
|
+++ openldap-2.6.3/build/mkversion
|
||||||
|
@@ -77,7 +77,7 @@ static const char copyright[] =
|
||||||
|
"COPYING RESTRICTIONS APPLY\n";
|
||||||
|
|
||||||
|
$static $const char $SYMBOL[] =
|
||||||
|
-"@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n"
|
||||||
|
+"@(#) \$$PACKAGE: $APPLICATION $VERSION \$\n"
|
||||||
|
"\t$WHOWHERE\n";
|
||||||
|
|
||||||
|
__EOF__
|
1
sasl-slapd.conf
Normal file
1
sasl-slapd.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
mech_list: gssapi digest-md5 cram-md5 external
|
53
schema2ldif
Normal file
53
schema2ldif
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# This is a simple tool to convert OpenLDAP Schema files to
|
||||||
|
# LDIF suitable for usage with OpenLDAP's dynamic configuration
|
||||||
|
# backend (cn=config)
|
||||||
|
#
|
||||||
|
# usage:
|
||||||
|
# schema2ldif <input file>
|
||||||
|
#
|
||||||
|
# The generated LDIF is printed to stdout.
|
||||||
|
#
|
||||||
|
|
||||||
|
if [ -z "$1" ]; then
|
||||||
|
echo 'usage: schema2ldif <input file>'
|
||||||
|
exit;
|
||||||
|
fi
|
||||||
|
|
||||||
|
cn=`basename $1 .schema`
|
||||||
|
|
||||||
|
echo "dn: cn=$cn,cn=schema,cn=config";
|
||||||
|
echo "objectclass: olcSchemaConfig";
|
||||||
|
echo "cn: $cn";
|
||||||
|
|
||||||
|
/usr/bin/awk '
|
||||||
|
BEGIN {
|
||||||
|
buffer = "";
|
||||||
|
width=78 ;
|
||||||
|
}
|
||||||
|
function wrap(data)
|
||||||
|
{
|
||||||
|
if (length(data) > 0) {
|
||||||
|
do {
|
||||||
|
print substr(data,0,width);
|
||||||
|
data = " " substr(data, width+1);
|
||||||
|
}
|
||||||
|
while (length(data) > 1 )
|
||||||
|
};
|
||||||
|
}
|
||||||
|
/^[\t ]*$/ {wrap(buffer); buffer=""; print "#"; next; }
|
||||||
|
/^#.*$/ { wrap(buffer); buffer=""; print $0; next }
|
||||||
|
/^[\t ]+/ { gsub("^[\t ]+",""); buffer = buffer " " $0; next; }
|
||||||
|
{
|
||||||
|
wrap(buffer);
|
||||||
|
$1 = tolower($1) ;
|
||||||
|
gsub("^objectclass$","olcObjectclasses:",$1)
|
||||||
|
gsub("^attributetype$","olcAttributeTypes:",$1)
|
||||||
|
gsub("^attributetypes$","olcAttributeTypes:",$1)
|
||||||
|
gsub("^objectidentifier$","olcObjectIdentifier:",$1)
|
||||||
|
buffer = $0;
|
||||||
|
}
|
||||||
|
END { wrap(buffer); print "" }
|
||||||
|
' "$@"
|
||||||
|
|
33
slapd-ldif-update-crc.sh
Normal file
33
slapd-ldif-update-crc.sh
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Script to fix the crc of openldap slapd.d ldifs.
|
||||||
|
source /usr/lib/openldap/update-crc
|
||||||
|
|
||||||
|
if [ -z ${1} ]; then
|
||||||
|
echo "Usage: ${0} /etc/openldap/slapd.d/<config ldif to update>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "${1}" ]; then
|
||||||
|
echo "File ${1} does not exist?"
|
||||||
|
echo "Usage: ${0} /etc/openldap/slapd.d/<config ldif to update>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Make sure slapd.service is not running.
|
||||||
|
slapd_running=1
|
||||||
|
|
||||||
|
# Don't check if no systemd, we could be in a container.
|
||||||
|
if [ -f "/usr/bin/systemctl" ]; then
|
||||||
|
/usr/bin/systemctl is-active --quiet slapd.service
|
||||||
|
slapd_running=$?
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $slapd_running -eq 0 ]; then
|
||||||
|
echo "Unable to update crc of '${1}' while slapd.service is running ..."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
do_update_crc ${1}
|
||||||
|
|
||||||
|
echo "Updated crc of ${1}"
|
||||||
|
|
86
slapd.conf
Normal file
86
slapd.conf
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
# This file (slapd.conf) is the static configuration file of OpenLDAP server daemon.
|
||||||
|
#
|
||||||
|
# OpenLDAP daemon (slapd.service) supports two configuration styles:
|
||||||
|
# - Simple configuration with this file
|
||||||
|
# - Online configuration (OLC)
|
||||||
|
#
|
||||||
|
# You may choose the configuration style by setting it in:
|
||||||
|
# /etc/sysconfig/openldap OPENLDAP_CONFIG_BACKEND="files|ldap"
|
||||||
|
# If the value is set to "files", this configuration file will be used.
|
||||||
|
# If the value is set to "ldap", this configuration file will be entirely ignored, and
|
||||||
|
# the OLC configuration from /etc/openldap/slapd.d will be loaded.
|
||||||
|
#
|
||||||
|
# If you decide to use online configuration, please read the additional instructions in:
|
||||||
|
# /etc/openldap/slapd.conf.olctemplate
|
||||||
|
#
|
||||||
|
# Feel free to customise this file according to your needs, and start OpenLDAP
|
||||||
|
# server daemon by executing:
|
||||||
|
# systemctl start slapd.service
|
||||||
|
#
|
||||||
|
# To verify that LDAP service is running properly, try the following command:
|
||||||
|
# ldapsearch -x -D cn=Manager,dc=my-domain,dc=com -w secret -s base namingContexts
|
||||||
|
|
||||||
|
#
|
||||||
|
# See slapd.conf(5) for details on configuration options.
|
||||||
|
# See /etc/openldap/slapd.conf.example for more examples.
|
||||||
|
# This file should NOT be world readable.
|
||||||
|
#
|
||||||
|
|
||||||
|
pidfile /run/slapd/slapd.pid
|
||||||
|
argsfile /run/slapd/slapd.args
|
||||||
|
|
||||||
|
# The following schema files are often useful
|
||||||
|
include /etc/openldap/schema/core.schema
|
||||||
|
include /etc/openldap/schema/cosine.schema
|
||||||
|
include /etc/openldap/schema/inetorgperson.schema
|
||||||
|
include /etc/openldap/schema/rfc2307bis.schema
|
||||||
|
include /etc/openldap/schema/yast.schema
|
||||||
|
|
||||||
|
# Load backend modules such as database engines
|
||||||
|
moduleload back_mdb.la
|
||||||
|
|
||||||
|
# Very important: define ACL to authorise client access
|
||||||
|
# The default settings permit rootdn to read and write, while other users
|
||||||
|
# may read the entire database or change their own password.
|
||||||
|
# If no ACL is present, everyone will be allowed to read the database.
|
||||||
|
# rootdn can always read and write everything.
|
||||||
|
access to dn.base=""
|
||||||
|
by * read
|
||||||
|
|
||||||
|
access to dn.base="cn=Subschema"
|
||||||
|
by * read
|
||||||
|
|
||||||
|
access to attrs=userPassword,userPKCS12
|
||||||
|
by self write
|
||||||
|
by * auth
|
||||||
|
|
||||||
|
access to attrs=shadowLastChange
|
||||||
|
by self write
|
||||||
|
by * read
|
||||||
|
|
||||||
|
access to *
|
||||||
|
by * read
|
||||||
|
|
||||||
|
# Define a LDAP database
|
||||||
|
database mdb
|
||||||
|
suffix "dc=my-domain,dc=com"
|
||||||
|
rootdn "cn=Manager,dc=my-domain,dc=com"
|
||||||
|
# Please avoid using clear text for root password
|
||||||
|
# See slappasswd(8) for instructions on creating a salted+hashed password
|
||||||
|
rootpw secret
|
||||||
|
# The database directory must exist prior to the start of OpenLDAP daemon
|
||||||
|
# The directory should be owned by ldap user and permission 0700 is recommended
|
||||||
|
directory /var/lib/ldap
|
||||||
|
# Indices to maintain
|
||||||
|
index objectClass eq
|
||||||
|
|
||||||
|
# Using TLS to secure communication between LDAP clients and the server is strongly recommended.
|
||||||
|
# To enable TLS, you will need CA certificate, server certificate, and certificate key, and
|
||||||
|
# write down their paths below, make sure the files are readable by user "ldap".
|
||||||
|
# The server will then support StartTLS on standard port 389.
|
||||||
|
# To also serve LDAPS on port 636, set OPENLDAP_START_LDAPS="yes" in /etc/sysconfig/openldap.
|
||||||
|
#TLSProtocolMin 3.1
|
||||||
|
#TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH
|
||||||
|
#TLSCACertificateFile /my/ca.crt
|
||||||
|
#TLSCertificateFile /my/tls.crt
|
||||||
|
#TLSCertificateKeyFile /my/tls.key
|
354
slapd.conf.example
Normal file
354
slapd.conf.example
Normal file
@ -0,0 +1,354 @@
|
|||||||
|
############################################################################
|
||||||
|
# See slapd.conf(5) for details on configuration options.
|
||||||
|
# This file SHOULD NOT be world readable.
|
||||||
|
#
|
||||||
|
# Important note:
|
||||||
|
# You surely have to adjust some settings to meet your (security)
|
||||||
|
# requirements.
|
||||||
|
# At least you should replace suffix "dc=example,dc=com" by
|
||||||
|
# something meaningful for your setup.
|
||||||
|
# If you plan to use OpenLDAP server as backend for Samba and/or Kerberos
|
||||||
|
# KDC then you MUST add decent ACLs for protecting user credentials!
|
||||||
|
#
|
||||||
|
# Read the man pages before changing something!
|
||||||
|
#
|
||||||
|
# You can debug the config by running (as root while slapd stopped):
|
||||||
|
# /usr/sbin/slapd -f /etc/openldap/slapd.conf -u ldap -g ldap -h "ldapi:/// ldap://127.0.0.1" -d 65535
|
||||||
|
############################################################################
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
# slapd global parameters
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# serverID must be unique across all provider replicas
|
||||||
|
# for using multi-master replication (MMR)
|
||||||
|
serverID 99
|
||||||
|
|
||||||
|
# only alter this when you know what you're doing
|
||||||
|
#threads 4
|
||||||
|
|
||||||
|
# Run-time files
|
||||||
|
pidfile /var/run/slapd/slapd.pid
|
||||||
|
argsfile /var/run/slapd/slapd.args
|
||||||
|
|
||||||
|
# for more debugging set:
|
||||||
|
#loglevel config stats stats2
|
||||||
|
loglevel stats
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
# Load runtime loadable modules
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Load additional backend modules installed by package 'openldap2'
|
||||||
|
# The following backends are statically built-in and therefore don't have
|
||||||
|
# to be loaded here:
|
||||||
|
# config, ldif, monitor, bdb, hdb, ldap, mdb, relay
|
||||||
|
#moduleload back_bdb
|
||||||
|
#moduleload back_hdb
|
||||||
|
moduleload back_mdb
|
||||||
|
#moduleload back_meta
|
||||||
|
#moduleload back_sock
|
||||||
|
|
||||||
|
# Load additional overlay modules installed by package 'openldap2'
|
||||||
|
# The following overlay are statically built-in and therefore don't have
|
||||||
|
# to be loaded here:
|
||||||
|
# ppolicy, syncprov
|
||||||
|
#moduleload accesslog
|
||||||
|
#moduleload constraint
|
||||||
|
#moduleload dds
|
||||||
|
#moduleload deref
|
||||||
|
#moduleload dynlist
|
||||||
|
#moduleload memberof
|
||||||
|
moduleload refint
|
||||||
|
#moduleload sssvlv
|
||||||
|
#moduleload translucent
|
||||||
|
moduleload unique
|
||||||
|
#moduleload valsort
|
||||||
|
|
||||||
|
# Load additional overlay modules installed by package 'openldap2-contrib'
|
||||||
|
#moduleload allowed
|
||||||
|
#moduleload lastbind
|
||||||
|
#moduleload noopsrch
|
||||||
|
#moduleload pw-pbkdf2
|
||||||
|
#moduleload pw-sha2
|
||||||
|
#moduleload smbk5pwd
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
# Include schema files
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Schema files installed by package 'openldap2'
|
||||||
|
include /etc/openldap/schema/core.schema
|
||||||
|
include /etc/openldap/schema/cosine.schema
|
||||||
|
include /etc/openldap/schema/inetorgperson.schema
|
||||||
|
include /etc/openldap/schema/rfc2307bis.schema
|
||||||
|
include /etc/openldap/schema/ppolicy.schema
|
||||||
|
#include /etc/openldap/schema/yast.schema
|
||||||
|
|
||||||
|
# Schema file installed by package 'dhcp-server'
|
||||||
|
#include /etc/openldap/schema/dhcp.schema
|
||||||
|
|
||||||
|
# Schema file installed by package 'samba'
|
||||||
|
#include /etc/openldap/schema/samba3.schema
|
||||||
|
|
||||||
|
# Schema file installed by package 'krb5-plugin-kdb-ldap'
|
||||||
|
#include /usr/share/doc/packages/krb5/kerberos.schema
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
# Transport Layer Security (TLS) configuration
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# require at least TLS 1.0 and highly secure ciphers
|
||||||
|
#TLSProtocolMin 3.1
|
||||||
|
#TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH
|
||||||
|
|
||||||
|
# TLS certificate and key files
|
||||||
|
#TLSCACertificateFile /etc/ssl/ca-bundle.pem
|
||||||
|
#TLSCertificateFile /etc/openldap/ssl.crt/server.crt
|
||||||
|
#TLSCertificateKeyFile /etc/openldap/ssl.key/server.key
|
||||||
|
|
||||||
|
# For enabling Perfect Forward Secrecy (PFS), see dhparam(1)
|
||||||
|
#TLSDHParamFile /etc/openldap/ssl.key/dhparam
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
# Password hashing
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
#password-hash {CRYPT}
|
||||||
|
# Parameters for {CRYPT} scheme: SHA-512, 72 bits) of salt, 5000 iterations
|
||||||
|
#password-crypt-salt-format "$6$%.12s"
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
# Security requirements
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
#disallow bind_anon
|
||||||
|
#require bind LDAPv3 strong
|
||||||
|
|
||||||
|
# SSF value for ldapi://
|
||||||
|
localSSF 256
|
||||||
|
|
||||||
|
# minimum required SSF value (security strength factor)
|
||||||
|
# Sample security restrictions
|
||||||
|
# Require integrity protection (prevent hijacking)
|
||||||
|
# Require 112-bit (3DES or better) encryption for updates
|
||||||
|
# Require 63-bit encryption for simple bind
|
||||||
|
# security ssf=1 update_ssf=112 simple_bind=64
|
||||||
|
#security ssf=128 update_ssf=256 simple_bind=128
|
||||||
|
security ssf=0
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
# Global access control (ACLs)
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Root DSE: allow anyone to read it
|
||||||
|
access to
|
||||||
|
dn.base=""
|
||||||
|
by * read
|
||||||
|
|
||||||
|
# Sub schema sub entry: allow anyone to read it
|
||||||
|
access to
|
||||||
|
dn.base="cn=Subschema"
|
||||||
|
by * read
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
# Authz-DN mappings
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# If connected via IPC socket (ldapi:///) and SASL/EXTERNAL was used
|
||||||
|
# System user root is mapped to the rootdn in database dc=example,dc=com
|
||||||
|
# which has also read access on config and monitor databases
|
||||||
|
authz-regexp
|
||||||
|
"gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
|
||||||
|
"cn=root,dc=example,dc=com"
|
||||||
|
|
||||||
|
# Map local system user to LDAP entry
|
||||||
|
# if connected via IPC socket (ldapi:///) and SASL/EXTERNAL was used
|
||||||
|
authz-regexp
|
||||||
|
"gidnumber=([0-9]+)\\+uidnumber=([0-9]+),cn=peercred,cn=external,cn=auth"
|
||||||
|
"ldap:///dc=example,dc=com??sub?(&(objectClass=posixAccount)(uidNumber=$2)(gidNumber=$1))"
|
||||||
|
|
||||||
|
# this maps the attribute uid to a LDAP entry
|
||||||
|
# if one of the typical password-based SASL mechs was used
|
||||||
|
authz-regexp
|
||||||
|
"uid=([a-zA-Z0-9_-]+),cn=(DIGEST-MD5|CRAM-MD5|NTLM|PLAIN|LOGIN|SCRAM-SHA-1),cn=auth"
|
||||||
|
"ldap:///dc=example,dc=com??sub?(uid=$1)"
|
||||||
|
|
||||||
|
# this maps the attribute uid to a LDAP entry
|
||||||
|
# if one of the Kerberos based SASL mechs was used
|
||||||
|
#authz-regexp
|
||||||
|
# "uid=([a-zA-Z0-9_-]+),cn=(GSSAPI|GS2-KRB5|GS2-IAKERB),cn=auth"
|
||||||
|
# "ldap:///dc=example,dc=com??sub?(|(krbPrincipalName=$1)(krbPrincipalAlias=$1))"
|
||||||
|
|
||||||
|
# Map client cert subject DN to LDAP entry if SASL/EXTERNAL was used
|
||||||
|
#authz-regexp
|
||||||
|
# "(.+)"
|
||||||
|
# "ldap:///dc=example,dc=com??sub?(&(objectClass=pkiUser)(seeAlso=$1))"
|
||||||
|
|
||||||
|
|
||||||
|
#===========================================================================
|
||||||
|
# Database specific configuration sections below
|
||||||
|
# Required order of databases:
|
||||||
|
# config (first), ...others..., monitor (last)
|
||||||
|
#===========================================================================
|
||||||
|
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
# cn=config // Configuration database (always first!)
|
||||||
|
# see slapd-config(5)
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
database config
|
||||||
|
|
||||||
|
# Cleartext passwords, especially for the rootdn, should
|
||||||
|
# be avoid! See slappasswd(8) and slapd.conf(5) for details.
|
||||||
|
# Best thing is not to set rootpw at all!
|
||||||
|
# For local config access by root use LDAPI with SASL/EXTERNAL instead
|
||||||
|
# (see above).
|
||||||
|
#rootpw secret
|
||||||
|
|
||||||
|
access to
|
||||||
|
dn.subtree="cn=config"
|
||||||
|
by dn.exact="cn=root,dc=example,dc=com" manage
|
||||||
|
by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" read
|
||||||
|
by * none
|
||||||
|
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
# dc=example,dc=com // Example MDB database to be used by normal clients
|
||||||
|
# see slapd-mdb(5)
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
database mdb
|
||||||
|
|
||||||
|
suffix "dc=example,dc=com"
|
||||||
|
|
||||||
|
# rootdn has to be set for overlays' internal operations
|
||||||
|
rootdn "cn=root,dc=example,dc=com"
|
||||||
|
|
||||||
|
# Cleartext passwords, especially for the rootdn, should
|
||||||
|
# be avoid! See slappasswd(8) and slapd.conf(5) for details.
|
||||||
|
# Best thing is not to set rootpw at all!
|
||||||
|
rootpw secret
|
||||||
|
|
||||||
|
# The database directory MUST exist prior to running slapd and
|
||||||
|
# SHOULD only be accessible by the slapd user 'ldap'.
|
||||||
|
# mkdir /var/lib/ldap/example-db && chown ldap:ldap /var/lib/ldap/example-db && chmod 0700 /var/lib/ldap/example-db
|
||||||
|
directory /var/lib/ldap/example-db
|
||||||
|
|
||||||
|
# Permissions of database files created
|
||||||
|
mode 0600
|
||||||
|
|
||||||
|
# extra information to be available in cn=monitor for this database
|
||||||
|
monitoring on
|
||||||
|
|
||||||
|
# Perform ACL checks on the content of a new entry being added
|
||||||
|
add_content_acl on
|
||||||
|
|
||||||
|
# backend-specific database parameters
|
||||||
|
checkpoint 1024 5
|
||||||
|
# 100 MB (you can raise the limit later)
|
||||||
|
maxsize 104857600
|
||||||
|
|
||||||
|
# Indices to maintain
|
||||||
|
#
|
||||||
|
# Whenever you change indexing configuration you have to re-run slapindex
|
||||||
|
# while slapd being stopped!
|
||||||
|
# Don't forget to fix ownership/permissions of newly generated index files
|
||||||
|
# afterwards!
|
||||||
|
|
||||||
|
# set always!
|
||||||
|
index objectClass eq
|
||||||
|
|
||||||
|
# for typical address book use
|
||||||
|
index cn,sn,givenName,mail eq,sub
|
||||||
|
|
||||||
|
# for user management
|
||||||
|
index uid,uidNumber,gidNumber eq
|
||||||
|
|
||||||
|
# for authz-regexp mapping of Kerberos principal name
|
||||||
|
#index krbPrincipalName,krbPrincipalAlias eq
|
||||||
|
|
||||||
|
# for authz-regexp mapping of client cert subject DNs
|
||||||
|
#index seeAlso eq
|
||||||
|
|
||||||
|
# for syncrepl
|
||||||
|
index entryUUID,entryCSN eq
|
||||||
|
|
||||||
|
# access control lists (ACLs) for dc=example,dc=com
|
||||||
|
# see slapd.access(5) for details on access control lists (ACLs)
|
||||||
|
|
||||||
|
# full read access also to 'userPassword' for group of replicas
|
||||||
|
# and control is forwarded to subsequent ACLs
|
||||||
|
access to
|
||||||
|
dn.subtree=dc=example,dc=com
|
||||||
|
by group.base="cn=slapd replicas,ou=groups,dc=example,dc=com" read
|
||||||
|
by * break
|
||||||
|
|
||||||
|
# write-only access to 'userPassword' for user, auth access else
|
||||||
|
access to
|
||||||
|
attrs=userPassword
|
||||||
|
by self =w
|
||||||
|
by * auth
|
||||||
|
|
||||||
|
# 'userPKCS' must only be accessible by self
|
||||||
|
access to
|
||||||
|
attrs=userPKCS12
|
||||||
|
by self write
|
||||||
|
by * none
|
||||||
|
|
||||||
|
# No access to history of passwords
|
||||||
|
#access to
|
||||||
|
# attrs=pwdHistory
|
||||||
|
# by * none
|
||||||
|
|
||||||
|
# Catch-all ACL for the rest
|
||||||
|
access to
|
||||||
|
dn.subtree=dc=example,dc=com
|
||||||
|
by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" manage
|
||||||
|
by self read
|
||||||
|
by users read
|
||||||
|
by * auth
|
||||||
|
|
||||||
|
# see slapo-ppolicy(5)
|
||||||
|
overlay ppolicy
|
||||||
|
# Default password policy entry
|
||||||
|
#ppolicy_default cn=ppolicy-default,ou=policies,dc=example,dc=com
|
||||||
|
# Hash clear-text userPassword values sent in with add/modify operations
|
||||||
|
#ppolicy_hash_cleartext
|
||||||
|
# Return AccountLocked error code to client
|
||||||
|
#ppolicy_use_lockout
|
||||||
|
|
||||||
|
# see slapo-refint(5)
|
||||||
|
overlay refint
|
||||||
|
refint_attributes member seeAlso
|
||||||
|
refint_nothing cn=dummy
|
||||||
|
|
||||||
|
# Check sub-tree wide uniqueness of certain attributes
|
||||||
|
# see slapo-unique(5)
|
||||||
|
# you have to add eq-index for efficient uniqueness check!
|
||||||
|
# Note that filter part is currently ignored because of OpenLDAP ITS#6825
|
||||||
|
overlay unique
|
||||||
|
unique_uri "ldap:///dc=example,dc=com?uid,uidNumber,homeDirectory?sub"
|
||||||
|
unique_uri "ldap:///ou=groups,dc=example,dc=com?cn,gidNumber?sub?(|(objectClass=groupOfNames)(objectClass=posixGroup))"
|
||||||
|
#unique_uri "ldap:///dc=example,dc=com?krbPrincipalName,krbPrincipalAlias?sub"
|
||||||
|
#unique_uri "ldap:///dc=example,dc=com?ipHostNumber?sub"
|
||||||
|
#unique_uri "ldap:///dc=example,dc=com?employeeNumber?sub"
|
||||||
|
#unique_uri "ldap:///dc=example,dc=com?uniqueIdentifier?sub"
|
||||||
|
|
||||||
|
#overlay syncprov
|
||||||
|
#mirrormode on
|
||||||
|
|
||||||
|
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
# cn=monitor // Monitoring database (always last!)
|
||||||
|
# see slapd-monitor(5)
|
||||||
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
database monitor
|
||||||
|
|
||||||
|
access to
|
||||||
|
dn.subtree="cn=monitor"
|
||||||
|
by dn.exact="cn=root,dc=example,dc=com" write
|
||||||
|
by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" write
|
||||||
|
by users read
|
46
slapd.conf.olctemplate
Normal file
46
slapd.conf.olctemplate
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
# This file (slapd.conf.olctemplate) is a template for creating the initial
|
||||||
|
# online configuration for OpenLDAP server daemon.
|
||||||
|
#
|
||||||
|
# In order to use online configuration for OpenLDAP server daemon, make sure to set:
|
||||||
|
# /etc/sysconfig/openldap OPENLDAP_CONFIG_BACKEND="ldap"
|
||||||
|
#
|
||||||
|
# Before starting the OpenLDAP daemon (slapd.conf) with onlne configuration for
|
||||||
|
# the very first time, you have to prepare the online configuration directory
|
||||||
|
# from this template file - first, make necessary customisations if you wish, and then
|
||||||
|
# run:
|
||||||
|
# cd /etc/openldap && slaptest -f slapd.conf.olctemplate -F slapd.d
|
||||||
|
#
|
||||||
|
# Then you may start OpenLDAP daemon:
|
||||||
|
# systemctl start slapd.service
|
||||||
|
#
|
||||||
|
# To verify that LDAP service is running properly, try the following command:
|
||||||
|
# ldapsearch -x -D cn=admin,cn=config -w secret -b cn=config
|
||||||
|
|
||||||
|
#
|
||||||
|
# See slapd.conf(5) for details on configuration options.
|
||||||
|
# See /etc/openldap/slapd.conf.example for more examples.
|
||||||
|
# This file should NOT be world readable.
|
||||||
|
#
|
||||||
|
|
||||||
|
pidfile /run/slapd/slapd.pid
|
||||||
|
argsfile /run/slapd/slapd.args
|
||||||
|
|
||||||
|
# The following schema files are often useful
|
||||||
|
include /etc/openldap/schema/core.schema
|
||||||
|
include /etc/openldap/schema/cosine.schema
|
||||||
|
include /etc/openldap/schema/inetorgperson.schema
|
||||||
|
include /etc/openldap/schema/rfc2307bis.schema
|
||||||
|
include /etc/openldap/schema/yast.schema
|
||||||
|
|
||||||
|
# Load backend modules such as database engines
|
||||||
|
# modulepath /usr/lib64/openldap
|
||||||
|
# moduleload back_mdb.la
|
||||||
|
# moduleload back_hdb.la
|
||||||
|
# moduleload back_bdb.la
|
||||||
|
|
||||||
|
# Define the config database that holds all online configurations
|
||||||
|
database config
|
||||||
|
rootdn "cn=admin,cn=config"
|
||||||
|
# Please avoid using clear text for root password
|
||||||
|
# See slappasswd(8) for instructions on creating a salted+hashed password
|
||||||
|
rootpw secret
|
28
slapd.service
Normal file
28
slapd.service
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=OpenLDAP Server Daemon
|
||||||
|
After=syslog.target network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=forking
|
||||||
|
ExecStart=/usr/lib/openldap/start
|
||||||
|
|
||||||
|
# Hardening to prevent security escalation.
|
||||||
|
## Future hardening for FS protection.
|
||||||
|
# ProtectSystem=full
|
||||||
|
# ReadWritePaths=/etc/openldap/slapd.d /var/lib/ldap
|
||||||
|
|
||||||
|
RestrictSUIDSGID=true
|
||||||
|
NoNewPrivileges=true
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
ProtectHostname=true
|
||||||
|
ProtectClock=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectKernelLogs=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
MemoryDenyWriteExecute=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
174
start
Normal file
174
start
Normal file
@ -0,0 +1,174 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
# Copyright (c) 1997-2000 SuSE GmbH Nuernberg, Germany.
|
||||||
|
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
|
||||||
|
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
|
#
|
||||||
|
# Author: Carsten Hoeger
|
||||||
|
# Ralf Haferkamp
|
||||||
|
#
|
||||||
|
|
||||||
|
test -f /etc/sysconfig/openldap && . /etc/sysconfig/openldap
|
||||||
|
|
||||||
|
SLAPD_BIN=/usr/sbin/slapd
|
||||||
|
LDAP_URLS=""
|
||||||
|
LDAPS_URLS=""
|
||||||
|
LDAPI_URLS=""
|
||||||
|
SLAPD_CONFIG_ARG="-F /etc/openldap/slapd.d"
|
||||||
|
SLAPD_PID_DIR="/var/run/slapd/"
|
||||||
|
|
||||||
|
test -x $SLAPD_BIN || exit 5
|
||||||
|
|
||||||
|
function init_ldap_listener_urls(){
|
||||||
|
case "$OPENLDAP_START_LDAP" in
|
||||||
|
[Yy][Ee][Ss])
|
||||||
|
if [ -n "$OPENLDAP_LDAP_INTERFACES" ]
|
||||||
|
then
|
||||||
|
for iface in $OPENLDAP_LDAP_INTERFACES ;do
|
||||||
|
LDAP_URLS="$LDAP_URLS ldap://$iface"
|
||||||
|
done
|
||||||
|
else
|
||||||
|
LDAP_URLS="ldap:///"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
function init_ldapi_listener_urls(){
|
||||||
|
case "$OPENLDAP_START_LDAPI" in
|
||||||
|
[Yy][Ee][Ss])
|
||||||
|
if [ -n "$OPENLDAP_LDAPI_INTERFACES" ]
|
||||||
|
then
|
||||||
|
for iface in $OPENLDAP_LDAPI_INTERFACES ;do
|
||||||
|
esc_iface=`echo "$iface" | sed -e s'/\\//\\%2f/'g`
|
||||||
|
LDAPI_URLS="$LDAPI_URLS ldapi://$esc_iface"
|
||||||
|
done
|
||||||
|
else
|
||||||
|
LDAPI_URLS="ldapi:///"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
function init_ldaps_listener_urls(){
|
||||||
|
case "$OPENLDAP_START_LDAPS" in
|
||||||
|
[Yy][Ee][Ss])
|
||||||
|
if [ -n "$OPENLDAP_LDAPS_INTERFACES" ]
|
||||||
|
then
|
||||||
|
for iface in $OPENLDAP_LDAPS_INTERFACES ;do
|
||||||
|
LDAPS_URLS="$LDAPS_URLS ldaps://$iface"
|
||||||
|
done
|
||||||
|
else
|
||||||
|
LDAPS_URLS="ldaps:///"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_connection(){
|
||||||
|
SLAPD_TIMEOUT=10
|
||||||
|
START=$( date +%s)
|
||||||
|
while [ $(( $( date +%s) - ${START} )) -lt ${SLAPD_TIMEOUT} ]; do
|
||||||
|
ldapsearch -x -H "$LDAP_URLS $LDAPI_URLS $LDAPS_URLS" -b "" -s base &>/dev/null
|
||||||
|
LDAPSEARCH_RC=$?
|
||||||
|
if [ ${LDAPSEARCH_RC} -ge 0 ] && [ ${LDAPSEARCH_RC} -le 80 ] ; then break
|
||||||
|
else sleep 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
depth=0;
|
||||||
|
|
||||||
|
function chown_database_dirs_bconfig() {
|
||||||
|
ldapdir=$(find $1 -type f -name "olcDatabase*" | xargs grep -i olcdbdirectory | awk '{print $2}')
|
||||||
|
for dir in $(realpath ${ldapdir}); do
|
||||||
|
if [[ $dir =~ ^/var/lib/ldap$|^/var/lib/ldap/.* ]]; then
|
||||||
|
[ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
|
||||||
|
chown -h -R $OPENLDAP_USER $dir 2>/dev/null
|
||||||
|
[ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
|
||||||
|
chgrp -h -R $OPENLDAP_GROUP $dir 2>/dev/null
|
||||||
|
else
|
||||||
|
echo "Skipping chown -h of external directory for security reasons. You must manually run:"
|
||||||
|
echo "# chown -h -R $OPENLDAP_USER $dir"
|
||||||
|
echo "# chgrp -h -R $OPENLDAP_GROUP $dir"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
function chown_database_dirs() {
|
||||||
|
ldapdir=`grep ^directory $1 | awk '{print $2}'`
|
||||||
|
for dir in $ldapdir; do
|
||||||
|
[ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
|
||||||
|
chown -h -R $OPENLDAP_USER $dir 2>/dev/null
|
||||||
|
[ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
|
||||||
|
chgrp -h -R $OPENLDAP_GROUP $dir 2>/dev/null
|
||||||
|
done
|
||||||
|
includes=`grep ^include $1 | awk '{print $2}'`
|
||||||
|
if [ $depth -le 50 ]; then
|
||||||
|
depth=$(( $depth + 1 ));
|
||||||
|
for i in $includes; do
|
||||||
|
chown_database_dirs "$i" ;
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
USER_CMD=""
|
||||||
|
GROUP_CMD=""
|
||||||
|
[ ! "x$OPENLDAP_USER" = "x" ] && USER_CMD="-u $OPENLDAP_USER"
|
||||||
|
[ ! "x$OPENLDAP_GROUP" = "x" ] && GROUP_CMD="-g $OPENLDAP_GROUP"
|
||||||
|
[ ! "x$OPENLDAP_CONFIG_BACKEND" = "xldap" ] && SLAPD_CONFIG_ARG="-f /etc/openldap/slapd.conf"
|
||||||
|
|
||||||
|
|
||||||
|
# chown -h backend directories if OPENLDAP_CHOWN_DIRS ist set
|
||||||
|
if [ "$(echo "$OPENLDAP_CHOWN_DIRS" | tr 'A-Z' 'a-z')" = "yes" ]; then
|
||||||
|
if [ -n "$OPENLDAP_USER" -o -n "$OPENLDAP_GROUP" ]; then
|
||||||
|
if [ -n "$OPENLDAP_CONFIG_BACKEND" -a "$OPENLDAP_CONFIG_BACKEND" = "ldap" ]; then
|
||||||
|
chown -h -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
|
||||||
|
chgrp -h -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
|
||||||
|
chown_database_dirs_bconfig "/etc/openldap/slapd.d"
|
||||||
|
# assume back-config usage if slapd.conf is not present but slapd.d is
|
||||||
|
elif [ ! -f /etc/openldap/slapd.conf -a /etc/openldap/slapd.d ]; then
|
||||||
|
chown -h -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
|
||||||
|
chgrp -h -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
|
||||||
|
chown_database_dirs_bconfig "/etc/openldap/slapd.d"
|
||||||
|
else
|
||||||
|
chown_database_dirs "/etc/openldap/slapd.conf"
|
||||||
|
chgrp -h $OPENLDAP_GROUP /etc/openldap/slapd.conf 2>/dev/null
|
||||||
|
fi
|
||||||
|
if test -f /etc/sasl2/slapd.conf ; then
|
||||||
|
chgrp -h $OPENLDAP_GROUP /etc/sasl2/slapd.conf 2>/dev/null
|
||||||
|
chmod 640 /etc/sasl2/slapd.conf 2>/dev/null
|
||||||
|
fi
|
||||||
|
if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
|
||||||
|
keytabfile=${OPENLDAP_KRB5_KEYTAB/#FILE:/}
|
||||||
|
if test -f $keytabfile ; then
|
||||||
|
chgrp -h $OPENLDAP_GROUP $keytabfile 2>/dev/null
|
||||||
|
chmod g+r $keytabfile 2>/dev/null
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
|
||||||
|
export KRB5_KTNAME=$OPENLDAP_KRB5_KEYTAB
|
||||||
|
fi
|
||||||
|
case "$OPENLDAP_REGISTER_SLP" in
|
||||||
|
[Yy][Ee][Ss])
|
||||||
|
SLAPD_SLP_REG="-o slp=on"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
SLAPD_SLP_REG="-o slp=off"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
init_ldap_listener_urls
|
||||||
|
init_ldapi_listener_urls
|
||||||
|
init_ldaps_listener_urls
|
||||||
|
|
||||||
|
if [ ! -d $SLAPD_PID_DIR ]; then
|
||||||
|
mkdir -p $SLAPD_PID_DIR
|
||||||
|
chown -h ldap:ldap $SLAPD_PID_DIR
|
||||||
|
fi
|
||||||
|
echo -n "Starting ldap-server"
|
||||||
|
exec $SLAPD_BIN -h "$LDAP_URLS $LDAPS_URLS $LDAPI_URLS" \
|
||||||
|
$SLAPD_CONFIG_ARG $USER_CMD $GROUP_CMD \
|
||||||
|
$OPENLDAP_SLAPD_PARAMS $SLAPD_SLP_REG
|
||||||
|
|
158
sysconfig.openldap
Normal file
158
sysconfig.openldap
Normal file
@ -0,0 +1,158 @@
|
|||||||
|
## Path: Network/LDAP
|
||||||
|
## Description: Basic Configuration of the OpenLDAP Directory Server
|
||||||
|
|
||||||
|
## Type: yesno
|
||||||
|
## Default: yes
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# If set to "no" the LDAP server will not accept any "normal" LDAP connections
|
||||||
|
# but just connections over "ldaps" or "ldapi". Setting this to "no" does only
|
||||||
|
# make sense when either OPENLDAP_START_LDAPS or OPENLDAP_START_LDAPI is set
|
||||||
|
# "yes".
|
||||||
|
#
|
||||||
|
OPENLDAP_START_LDAP="yes"
|
||||||
|
|
||||||
|
## Type: yesno
|
||||||
|
## Default: no
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# If set to "yes" the "ldap over ssl" feature of slapd will be enabled. Don't
|
||||||
|
# forget to add the "TLSCertificateFile" and "TLSCertificateKeyFile" options
|
||||||
|
# to the /etc/openldap/slapd.conf (man slapd.conf).
|
||||||
|
# Note: Don't confuse this with "START_TLS", the preferred method for
|
||||||
|
# making encrypted LDAP connections, which is enabled as soon as You
|
||||||
|
# specify "TLSCertificateFile" and "TLSCertificateKeyFile" in your config
|
||||||
|
# file
|
||||||
|
#
|
||||||
|
OPENLDAP_START_LDAPS="no"
|
||||||
|
|
||||||
|
## Type: yesno
|
||||||
|
## Default: no
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# If set to "yes", "ldap over IPC" feature of slapd will be enabled.
|
||||||
|
# The ldap server creates a Unix domain socket as /var/run/slapd/ldapi.
|
||||||
|
# Default: no
|
||||||
|
#
|
||||||
|
OPENLDAP_START_LDAPI="yes"
|
||||||
|
|
||||||
|
## Type: string
|
||||||
|
## Default: ""
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# If not empty, additional parameters for slapd daemon.
|
||||||
|
# Default: ""
|
||||||
|
#
|
||||||
|
OPENLDAP_SLAPD_PARAMS=""
|
||||||
|
|
||||||
|
## Type: string
|
||||||
|
## Default: ldap
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# specifies a user, as which the openldap server should be executed
|
||||||
|
# Default: ldap
|
||||||
|
#
|
||||||
|
OPENLDAP_USER="ldap"
|
||||||
|
|
||||||
|
## Type: string
|
||||||
|
## Default: ldap
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# specifies a group, as which the openldap server should be executed
|
||||||
|
# Default: ldap
|
||||||
|
#
|
||||||
|
OPENLDAP_GROUP="ldap"
|
||||||
|
|
||||||
|
## Type: yesno
|
||||||
|
## Default: yes
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# If set to "yes" the init scripts will change the owner/group of the
|
||||||
|
# different backend database directories (e.g. /var/lib/ldap) to the
|
||||||
|
# user/group specified above
|
||||||
|
#
|
||||||
|
OPENLDAP_CHOWN_DIRS="yes"
|
||||||
|
|
||||||
|
## Type: string
|
||||||
|
## Default: ""
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# Use this to specify the interfaces that the server such accept
|
||||||
|
# LDAP connections from. The values are specified in the format
|
||||||
|
# <address>:<port>, where address is an IP address and port is the
|
||||||
|
# portnumber, the daemon should listen to (defaulting to 389). If this
|
||||||
|
# parameter is empty the server will attach to all interfaces. This
|
||||||
|
# parameter is only evaluated if "OPENLDAP_START_LDAP" is set to
|
||||||
|
# "yes"
|
||||||
|
# Default: ""
|
||||||
|
#
|
||||||
|
OPENLDAP_LDAP_INTERFACES=""
|
||||||
|
|
||||||
|
## Type: string
|
||||||
|
## Default: ""
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# Use this to specify the interfaces that the server such accept
|
||||||
|
# LDAPS connections from. The values are specified in the format
|
||||||
|
# <address>:<port>, where address is an IP address and port is the
|
||||||
|
# portnumber, the daemon should listen to (defaulting to 636). If this
|
||||||
|
# parameter is empty the server will attach to all interfaces. This
|
||||||
|
# parameter is only evaluated if "OPENLDAP_START_LDAPS" is set to
|
||||||
|
# "yes"
|
||||||
|
# Default: ""
|
||||||
|
#
|
||||||
|
OPENLDAP_LDAPS_INTERFACES=""
|
||||||
|
|
||||||
|
## Type: string
|
||||||
|
## Default: ""
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# Use this to specify the paths of the Unix Domain Sockets that
|
||||||
|
# the server should create an accept incoming LDAPI connections
|
||||||
|
# on. This parameter is only evaluated if "OPENLDAP_START_LDAPI"
|
||||||
|
# is set to "yes".
|
||||||
|
# Default: ""
|
||||||
|
#
|
||||||
|
OPENLDAP_LDAPI_INTERFACES=""
|
||||||
|
|
||||||
|
## Type: yesno
|
||||||
|
## Default: "yes"
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# If set to "no" the LDAP server will not try itself at a running SLP
|
||||||
|
# daemon.
|
||||||
|
# Default: "yes"
|
||||||
|
#
|
||||||
|
OPENLDAP_REGISTER_SLP="no"
|
||||||
|
|
||||||
|
## Type: string
|
||||||
|
## Default: ""
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# Set this to the name of the keytab, if you want to use a non-default
|
||||||
|
# Kerberos Keytab. If OPENLDAP_CHOWN_DIRS is set to "yes" the permissions of
|
||||||
|
# this file will be changed so that the group OPENLDAP_GROUP has read
|
||||||
|
# access to the file.
|
||||||
|
# Example: OPENLDAP_KRB5_KEYTAB="FILE:/etc/openldap/krb5.keytab
|
||||||
|
# Default: ""
|
||||||
|
#
|
||||||
|
OPENLDAP_KRB5_KEYTAB=""
|
||||||
|
|
||||||
|
## Type: string
|
||||||
|
## Default: "files"
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# Here you can configure which of the configuration backends you want to
|
||||||
|
# use. Possible values are "files" for slapd.conf(5) styleconfiguration or
|
||||||
|
# "ldap" for the slapd-config(5) LDAP based configuration backend.
|
||||||
|
#
|
||||||
|
OPENLDAP_CONFIG_BACKEND="files"
|
||||||
|
|
||||||
|
## Type: yesno
|
||||||
|
## Default: "yes"
|
||||||
|
## ServiceRestart: ldap
|
||||||
|
#
|
||||||
|
# Here you can configure if the slapd shall start with or without memory limit.
|
||||||
|
#
|
||||||
|
OPENLDAP_MEMORY_LIMIT="yes"
|
||||||
|
|
67
update-crc.sh
Normal file
67
update-crc.sh
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Script to fix the crc of openldap slapd.d ldifs.
|
||||||
|
|
||||||
|
do_update_crc () {
|
||||||
|
if [ -z ${1} ]; then
|
||||||
|
echo "Invalid call to do_update_crc() - no filename provided"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
tgt_ldif=$1
|
||||||
|
|
||||||
|
if [ ! -f "${tgt_ldif}" ]; then
|
||||||
|
echo "invalid call to do_update_crc() - file ${tgt_ldif} does not exist?"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -f "${tgt_ldif}.crcbak"
|
||||||
|
mv "${tgt_ldif}" "${tgt_ldif}.crcbak"
|
||||||
|
|
||||||
|
/usr/bin/awk '
|
||||||
|
BEGIN {
|
||||||
|
# CRC-32 ZIP polynomial in reversed bit order.
|
||||||
|
POLY = 0xedb88320
|
||||||
|
|
||||||
|
# 8-bit character -> ordinal table.
|
||||||
|
for (i = 0; i < 256; i++)
|
||||||
|
ORD[sprintf("%c", i)] = i
|
||||||
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
# Remember each input line.
|
||||||
|
input[NR] = $0
|
||||||
|
|
||||||
|
# Verify the file header.
|
||||||
|
if (NR == 1 && $0 != "# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.")
|
||||||
|
exit 1
|
||||||
|
if (NR == 2 && $0 !~ /# CRC32 ......../)
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# Calculate CRC-32.
|
||||||
|
function crc32(crc, string, i, j, c) {
|
||||||
|
crc = and(compl(crc), 0xffffffff)
|
||||||
|
for (i = 1; i <= length(string); i++) {
|
||||||
|
c = substr(string, i, 1)
|
||||||
|
crc = xor(crc, ORD[c])
|
||||||
|
for (j = 0; j < 8; j++)
|
||||||
|
crc = and(crc, 1) ? xor(rshift(crc, 1), POLY) : rshift(crc, 1)
|
||||||
|
}
|
||||||
|
crc = and(compl(crc), 0xffffffff)
|
||||||
|
return crc
|
||||||
|
}
|
||||||
|
|
||||||
|
END {
|
||||||
|
# Calculate CRC-32 of the file and update it in the header.
|
||||||
|
crc = 0
|
||||||
|
for (i = 3; i <= length(input); i++)
|
||||||
|
crc = crc32(crc, input[i] "\n")
|
||||||
|
input[2] = "# CRC32 " sprintf("%08x", crc)
|
||||||
|
|
||||||
|
# Print the output.
|
||||||
|
for (i = 1; i <= length(input); i++)
|
||||||
|
print input[i]
|
||||||
|
}' "${tgt_ldif}.crcbak" > "${tgt_ldif}"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user