forked from pool/openldap2
Accepting request 355757 from network:ldap
- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch - Upgrade to upstream 2.4.43 release with accumulated bug fixes. - Still build on SLES12 - Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap - All backends and overlays as modules for smaller memory footprint on memory constrained systems - Added extra package for back-sock - Consequent use of %{_rundir} everywhere - Rely on upstream ./configure script instead of any other macro foo - Dropped linking with libwrap - Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete - New sub-package openldap2-contrib with selected contrib/ overlays - Replaced addonschema.tar.gz with separate schema sources - Updated ldapns.schema from recent slapo-nssov source tree - Added symbolic link to slapd executable in /usr/sbin/ - Added more complex example configuration file /etc/openldap/slapd.conf.example - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap - Added patch for OpenLDAP ITS#7796 to avoid excessive "not index" logging: 0011-openldap-re24-its7796.patch - Replaced openldap-rc.tgz with single source files - Added soft dependency (Recommends) to cyrus-sasl - Added soft dependency (Recommends) to cyrus-sasl-devel OBS-URL: https://build.opensuse.org/request/show/355757 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openldap2?expand=0&rev=115
This commit is contained in:
commit
6e7c0583c1
@ -1,39 +0,0 @@
|
||||
From 39e5cc1cbae0f7c64ba242357a5d50f23a8475ba Mon Sep 17 00:00:00 2001
|
||||
From: Ralf Haferkamp <rhafer@suse.de>
|
||||
Date: Wed, 16 Jun 2010 14:04:07 +0200
|
||||
Subject: build-adjustments
|
||||
|
||||
- Adjusted modules path
|
||||
- don't use automake macro
|
||||
|
||||
diff --git a/build/top.mk b/build/top.mk
|
||||
index 14e291e..633c9a4 100644
|
||||
--- a/build/top.mk
|
||||
+++ b/build/top.mk
|
||||
@@ -40,7 +40,7 @@ libdir = @libdir@
|
||||
libexecdir = @libexecdir@
|
||||
localstatedir = @localstatedir@
|
||||
mandir = @mandir@
|
||||
-moduledir = @libexecdir@$(ldap_subdir)
|
||||
+moduledir = @libexecdir@/modules
|
||||
sbindir = @sbindir@
|
||||
sharedstatedir = @sharedstatedir@
|
||||
sysconfdir = @sysconfdir@$(ldap_subdir)
|
||||
diff --git a/configure.in b/configure.in
|
||||
index 792cf0c..6c357ee 100644
|
||||
--- a/configure.in
|
||||
+++ b/configure.in
|
||||
@@ -69,7 +69,9 @@ dnl Determine host platform
|
||||
dnl we try not to use this for much
|
||||
AC_CANONICAL_TARGET([])
|
||||
|
||||
-AM_INIT_AUTOMAKE([$OL_PACKAGE],[$OL_VERSION], [no defines])dnl
|
||||
+AC_PROG_MAKE_SET
|
||||
+PACKAGE=$OL_PACKAGE
|
||||
+VERSION=$OL_VERSION
|
||||
AC_SUBST(PACKAGE)dnl
|
||||
AC_SUBST(VERSION)dnl
|
||||
AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package)
|
||||
--
|
||||
1.7.10.4
|
||||
|
@ -1,35 +1,38 @@
|
||||
From a8be17d4a1db1c6ee24b328f3f34e21ccb02ca3f Mon Sep 17 00:00:00 2001
|
||||
From: Ralf Haferkamp <rhafer@suse.de>
|
||||
Date: Wed, 16 Jun 2010 14:05:49 +0200
|
||||
Subject: slapd.conf
|
||||
|
||||
|
||||
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
|
||||
index 4938b85..9caf292 100644
|
||||
index 4938b85..b9bec75 100644
|
||||
--- a/servers/slapd/slapd.conf
|
||||
+++ b/servers/slapd/slapd.conf
|
||||
@@ -3,6 +3,10 @@
|
||||
@@ -2,7 +2,11 @@
|
||||
# See slapd.conf(5) for details on configuration options.
|
||||
# This file should NOT be world readable.
|
||||
#
|
||||
include %SYSCONFDIR%/schema/core.schema
|
||||
+include %SYSCONFDIR%/schema/cosine.schema
|
||||
+include %SYSCONFDIR%/schema/inetorgperson.schema
|
||||
+include %SYSCONFDIR%/schema/rfc2307bis.schema
|
||||
+include %SYSCONFDIR%/schema/yast.schema
|
||||
-include %SYSCONFDIR%/schema/core.schema
|
||||
+include /etc/openldap/schema/core.schema
|
||||
+include /etc/openldap/schema/cosine.schema
|
||||
+include /etc/openldap/schema/inetorgperson.schema
|
||||
+include /etc/openldap/schema/rfc2307bis.schema
|
||||
+include /etc/openldap/schema/yast.schema
|
||||
|
||||
# Define global ACLs to disable default read access.
|
||||
|
||||
@@ -10,8 +14,8 @@ include %SYSCONFDIR%/schema/core.schema
|
||||
@@ -10,13 +14,13 @@ include %SYSCONFDIR%/schema/core.schema
|
||||
# service AND an understanding of referrals.
|
||||
#referral ldap://root.openldap.org
|
||||
|
||||
-pidfile %LOCALSTATEDIR%/run/slapd.pid
|
||||
-argsfile %LOCALSTATEDIR%/run/slapd.args
|
||||
+pidfile %LOCALSTATEDIR%/slapd.pid
|
||||
+argsfile %LOCALSTATEDIR%/slapd.args
|
||||
+pidfile /run/slapd/slapd.pid
|
||||
+argsfile /run/slapd/slapd.args
|
||||
|
||||
# Load dynamic backend modules:
|
||||
# modulepath %MODULEDIR%
|
||||
-# modulepath %MODULEDIR%
|
||||
+# modulepath /usr/lib/openldap
|
||||
# moduleload back_bdb.la
|
||||
-# moduleload back_hdb.la
|
||||
+moduleload back_hdb.la
|
||||
# moduleload back_ldap.la
|
||||
|
||||
# Sample security restrictions
|
||||
@@ -26,20 +30,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
|
||||
# security ssf=1 update_ssf=112 simple_bind=64
|
||||
|
||||
@ -75,9 +78,12 @@ index 4938b85..9caf292 100644
|
||||
# if no access controls are present, the default policy
|
||||
# allows anyone and everyone to read anything but restricts
|
||||
# updates to rootdn. (e.g., "access to * by * read")
|
||||
@@ -52,6 +66,8 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
|
||||
@@ -50,8 +64,10 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
|
||||
# BDB database definitions
|
||||
#######################################################################
|
||||
|
||||
database bdb
|
||||
-database bdb
|
||||
+database hdb
|
||||
suffix "dc=my-domain,dc=com"
|
||||
+checkpoint 1024 5
|
||||
+cachesize 10000
|
||||
@ -92,6 +98,3 @@ index 4938b85..9caf292 100644
|
||||
+directory /var/lib/ldap
|
||||
# Indices to maintain
|
||||
index objectClass eq
|
||||
--
|
||||
1.7.10.4
|
||||
|
||||
|
@ -1,31 +0,0 @@
|
||||
From a36c907fe49e96a304c294a0d46b34c374c29c7f Mon Sep 17 00:00:00 2001
|
||||
From: Ralf Haferkamp <rhafer@suse.de>
|
||||
Date: Wed, 16 Jun 2010 14:08:03 +0200
|
||||
Subject: libldap use gethostbyname_r
|
||||
|
||||
|
||||
diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c
|
||||
index 3510aec..666cdad 100644
|
||||
--- a/libraries/libldap/util-int.c
|
||||
+++ b/libraries/libldap/util-int.c
|
||||
@@ -52,7 +52,7 @@ extern int h_errno;
|
||||
#ifndef LDAP_R_COMPILE
|
||||
# undef HAVE_REENTRANT_FUNCTIONS
|
||||
# undef HAVE_CTIME_R
|
||||
-# undef HAVE_GETHOSTBYNAME_R
|
||||
+/* # undef HAVE_GETHOSTBYNAME_R */
|
||||
# undef HAVE_GETHOSTBYADDR_R
|
||||
|
||||
#else
|
||||
@@ -317,7 +317,7 @@ ldap_pvt_csnstr(char *buf, size_t len, unsigned int replica, unsigned int mod)
|
||||
#define BUFSTART (1024-32)
|
||||
#define BUFMAX (32*1024-32)
|
||||
|
||||
-#if defined(LDAP_R_COMPILE)
|
||||
+#if defined(LDAP_R_COMPILE) || defined(HAVE_GETHOSTBYNAME_R)
|
||||
static char *safe_realloc( char **buf, int len );
|
||||
|
||||
#if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R))
|
||||
--
|
||||
1.7.10.4
|
||||
|
@ -1,27 +0,0 @@
|
||||
From 844ee7df820fa397249ce76984d2e7094746cd93 Mon Sep 17 00:00:00 2001
|
||||
From: Howard Chu <hyc@symas.com>
|
||||
Date: Sat, 12 Sep 2015 22:18:22 +0100
|
||||
Subject: [PATCH] Revert "Revert "ITS#8240 remove obsolete assert""
|
||||
|
||||
We have never documented our use of assert, so can't expect
|
||||
builders to do the right thing.
|
||||
This reverts commit 55dd4d3275d24c5190fdfada8dfae0320628b993.
|
||||
|
||||
The commit fixes CVE-2015-6908.
|
||||
|
||||
diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
|
||||
index 85c3e23..c05dcf8 100644
|
||||
--- a/libraries/liblber/io.c
|
||||
+++ b/libraries/liblber/io.c
|
||||
@@ -679,7 +679,7 @@ done:
|
||||
return (ber->ber_tag);
|
||||
}
|
||||
|
||||
- assert( 0 ); /* ber structure is messed up ?*/
|
||||
+ /* invalid input */
|
||||
return LBER_DEFAULT;
|
||||
}
|
||||
|
||||
--
|
||||
2.6.3
|
||||
|
80
0011-openldap-re24-its7796.patch
Normal file
80
0011-openldap-re24-its7796.patch
Normal file
@ -0,0 +1,80 @@
|
||||
diff --git a/servers/slapd/back-bdb/filterindex.c b/servers/slapd/back-bdb/filterindex.c
|
||||
index 71e3ea4..bafef72 100644
|
||||
--- a/servers/slapd/back-bdb/filterindex.c
|
||||
+++ b/servers/slapd/back-bdb/filterindex.c
|
||||
@@ -741,7 +741,7 @@ equality_candidates(
|
||||
&db, &mask, &prefix );
|
||||
|
||||
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
|
||||
- Debug( LDAP_DEBUG_ANY,
|
||||
+ Debug( LDAP_DEBUG_TRACE,
|
||||
"<= bdb_equality_candidates: (%s) not indexed\n",
|
||||
ava->aa_desc->ad_cname.bv_val, 0, 0 );
|
||||
return 0;
|
||||
@@ -858,7 +858,7 @@ approx_candidates(
|
||||
&db, &mask, &prefix );
|
||||
|
||||
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
|
||||
- Debug( LDAP_DEBUG_ANY,
|
||||
+ Debug( LDAP_DEBUG_TRACE,
|
||||
"<= bdb_approx_candidates: (%s) not indexed\n",
|
||||
ava->aa_desc->ad_cname.bv_val, 0, 0 );
|
||||
return 0;
|
||||
@@ -978,7 +978,7 @@ substring_candidates(
|
||||
&db, &mask, &prefix );
|
||||
|
||||
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
|
||||
- Debug( LDAP_DEBUG_ANY,
|
||||
+ Debug( LDAP_DEBUG_TRACE,
|
||||
"<= bdb_substring_candidates: (%s) not indexed\n",
|
||||
sub->sa_desc->ad_cname.bv_val, 0, 0 );
|
||||
return 0;
|
||||
@@ -1095,7 +1095,7 @@ inequality_candidates(
|
||||
&db, &mask, &prefix );
|
||||
|
||||
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
|
||||
- Debug( LDAP_DEBUG_ANY,
|
||||
+ Debug( LDAP_DEBUG_TRACE,
|
||||
"<= bdb_inequality_candidates: (%s) not indexed\n",
|
||||
ava->aa_desc->ad_cname.bv_val, 0, 0 );
|
||||
return 0;
|
||||
diff --git a/servers/slapd/back-mdb/filterindex.c b/servers/slapd/back-mdb/filterindex.c
|
||||
index 58c1cc8..20c58b7 100644
|
||||
--- a/servers/slapd/back-mdb/filterindex.c
|
||||
+++ b/servers/slapd/back-mdb/filterindex.c
|
||||
@@ -709,7 +709,7 @@ equality_candidates(
|
||||
&dbi, &mask, &prefix );
|
||||
|
||||
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
|
||||
- Debug( LDAP_DEBUG_ANY,
|
||||
+ Debug( LDAP_DEBUG_TRACE,
|
||||
"<= mdb_equality_candidates: (%s) not indexed\n",
|
||||
ava->aa_desc->ad_cname.bv_val, 0, 0 );
|
||||
return 0;
|
||||
@@ -825,7 +825,7 @@ approx_candidates(
|
||||
&dbi, &mask, &prefix );
|
||||
|
||||
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
|
||||
- Debug( LDAP_DEBUG_ANY,
|
||||
+ Debug( LDAP_DEBUG_TRACE,
|
||||
"<= mdb_approx_candidates: (%s) not indexed\n",
|
||||
ava->aa_desc->ad_cname.bv_val, 0, 0 );
|
||||
return 0;
|
||||
@@ -944,7 +944,7 @@ substring_candidates(
|
||||
&dbi, &mask, &prefix );
|
||||
|
||||
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
|
||||
- Debug( LDAP_DEBUG_ANY,
|
||||
+ Debug( LDAP_DEBUG_TRACE,
|
||||
"<= mdb_substring_candidates: (%s) not indexed\n",
|
||||
sub->sa_desc->ad_cname.bv_val, 0, 0 );
|
||||
return 0;
|
||||
@@ -1060,7 +1060,7 @@ inequality_candidates(
|
||||
&dbi, &mask, &prefix );
|
||||
|
||||
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
|
||||
- Debug( LDAP_DEBUG_ANY,
|
||||
+ Debug( LDAP_DEBUG_TRACE,
|
||||
"<= mdb_inequality_candidates: (%s) not indexed\n",
|
||||
ava->aa_desc->ad_cname.bv_val, 0, 0 );
|
||||
return 0;
|
25
0012-openldap-re24-its8336.patch
Normal file
25
0012-openldap-re24-its8336.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From fd7bfbc0df0ade534bea84914d385ecf2a73f678 Mon Sep 17 00:00:00 2001
|
||||
From: Howard Chu <hyc@openldap.org>
|
||||
Date: Tue, 8 Dec 2015 18:17:24 +0000
|
||||
Subject: ITS#8336 fix page_search_root assert on FreeDB
|
||||
|
||||
Let "illegal" branch pages thru on the FreeDB - the condition
|
||||
is only temporary and will be fixed by the time rebalance finishes.
|
||||
|
||||
diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
|
||||
index fa0c9e5..a624cba 100644
|
||||
--- a/libraries/liblmdb/mdb.c
|
||||
+++ b/libraries/liblmdb/mdb.c
|
||||
@@ -5279,7 +5279,11 @@ mdb_page_search_root(MDB_cursor *mc, MDB_val *key, int flags)
|
||||
indx_t i;
|
||||
|
||||
DPRINTF(("branch page %"Z"u has %u keys", mp->mp_pgno, NUMKEYS(mp)));
|
||||
- mdb_cassert(mc, NUMKEYS(mp) > 1);
|
||||
+ /* Don't assert on branch pages in the FreeDB. We can get here
|
||||
+ * while in the process of rebalancing a FreeDB branch page; we must
|
||||
+ * let that proceed. ITS#8336
|
||||
+ */
|
||||
+ mdb_cassert(mc, !mc->mc_dbi || NUMKEYS(mp) > 1);
|
||||
DPRINTF(("found index 0 to page %"Z"u", NODEPGNO(NODEPTR(mp, 0))));
|
||||
|
||||
if (flags & (MDB_PS_FIRST|MDB_PS_LAST)) {
|
@ -1,19 +0,0 @@
|
||||
Most of the OpenLDAP overlays are now compiled as dynamic modules in our
|
||||
packages. If you want to use any of these in your setup make sure to put
|
||||
the correct "olcModuleLoad" or "moduleload" statements in your configuration.
|
||||
For details please see the slapd-config(5) and slapd.conf(5) manpages
|
||||
(depending on which config mechanism you use).
|
||||
|
||||
For a list of the list of included dynamic modules see the
|
||||
"/usr/lib/openldap/modules/" directory.
|
||||
|
||||
For convenience and backwards compatibility some overlays are are still
|
||||
compiled statically into the slapd binary. To see which overlays that are
|
||||
call "/usr/lib/openldap/slapd -VVV". Currently these are:
|
||||
|
||||
syncprov (the provider part of syncrepl replication)
|
||||
ppolicy (a LDAP Password Policy implementation)
|
||||
|
||||
Documentations for the overlays can be found in the respective man pages
|
||||
(named "slapo-<overlay-name>") or the OpenLDAP Administration Guide which
|
||||
is part of the "openldap2-doc" package.
|
25
README.module-loading
Normal file
25
README.module-loading
Normal file
@ -0,0 +1,25 @@
|
||||
All of the OpenLDAP backends (except back-config) and overlays are now
|
||||
compiled as dynamic modules in our packages. If you want to use any of
|
||||
these in your setup make sure to put the correct "olcModuleLoad" or
|
||||
"moduleload" statements in your configuration.
|
||||
|
||||
For details please see the slapd-config(5) and slapd.conf(5) manpages
|
||||
(depending on which config mechanism you use).
|
||||
|
||||
For a list of the included dynamic modules list all modules files:
|
||||
|
||||
ls /usr/lib*/openldap/*.so
|
||||
|
||||
Or just the backend files:
|
||||
|
||||
ls /usr/lib*/openldap/back_*.so
|
||||
|
||||
Documentations for the overlays can be found in the respective man pages or
|
||||
the OpenLDAP Administration Guide which is part of the "openldap2-doc"
|
||||
package.
|
||||
|
||||
Backend man-pages:
|
||||
man 5 slapo-<back_name>
|
||||
|
||||
Overlays man-pages:
|
||||
man 5 slapo-<name>
|
17
SuSEfirewall2.openldap
Normal file
17
SuSEfirewall2.openldap
Normal file
@ -0,0 +1,17 @@
|
||||
## Name: OpenLDAP Server
|
||||
## Description: Opens ports for the OpenLDAP Server (slapd).
|
||||
|
||||
# space separated list of allowed TCP ports
|
||||
TCP="ldap ldaps"
|
||||
|
||||
# space separated list of allowed UDP ports
|
||||
UDP="ldap"
|
||||
|
||||
# space separated list of allowed RPC services
|
||||
RPC=""
|
||||
|
||||
# space separated list of allowed IP protocols
|
||||
IP=""
|
||||
|
||||
# space separated list of allowed UDP broadcast ports
|
||||
BROADCAST=""
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a1a0de4fe8c80b0210a706a9e8313b3c2f8b72b2de88961acf433a4e09752a4f
|
||||
size 3480
|
23
ldapns.schema
Normal file
23
ldapns.schema
Normal file
@ -0,0 +1,23 @@
|
||||
# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $
|
||||
|
||||
# LDAP Name Service Additional Schema
|
||||
|
||||
# http://www.iana.org/assignments/gssapi-service-names
|
||||
|
||||
attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
|
||||
DESC 'IANA GSS-API authorized service name'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
||||
|
||||
objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
|
||||
DESC 'Auxiliary object class for adding authorizedService attribute'
|
||||
SUP top
|
||||
AUXILIARY
|
||||
MAY authorizedService )
|
||||
|
||||
objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject'
|
||||
DESC 'Auxiliary object class for adding host attribute'
|
||||
SUP top
|
||||
AUXILIARY
|
||||
MAY host )
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:eeb7b0e2c5852bfd2650e83909bb6152835c0b862fab10b63954dc1bcbba8e63
|
||||
size 5645925
|
3
openldap-2.4.43.tgz
Normal file
3
openldap-2.4.43.tgz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:34d78e5598a2b0360d26a9050fcdbbe198c65493b013bb607839d5598b6978c8
|
||||
size 5654057
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5ec6d4241cd2080d20f9d8da8d76e51cfbe88ab14cdb9cbff4fea1348ce174c4
|
||||
size 4018
|
@ -1,5 +1,46 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 2 12:51:10 UTC 2015 - hguo@suse.com
|
||||
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com
|
||||
|
||||
- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch
|
||||
into 0010-Enforce-minimum-DH-size-of-1024.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 8 11:36:16 UTC 2015 - michael@stroeder.com
|
||||
|
||||
- Upgrade to upstream 2.4.43 release with accumulated bug fixes.
|
||||
- Still build on SLES12
|
||||
- Loadable backend and overlay modules are now installed
|
||||
into arch-specific path %{_libdir}/openldap
|
||||
- All backends and overlays as modules for smaller memory footprint
|
||||
on memory constrained systems
|
||||
- Added extra package for back-sock
|
||||
- Consequent use of %{_rundir} everywhere
|
||||
- Rely on upstream ./configure script instead of any other
|
||||
macro foo
|
||||
- Dropped linking with libwrap
|
||||
- Dropped 0004-libldap-use-gethostbyname_r.dif because this
|
||||
work-around for nss_ldap is obsolete
|
||||
- New sub-package openldap2-contrib with selected contrib/ overlays
|
||||
- Replaced addonschema.tar.gz with separate schema sources
|
||||
- Updated ldapns.schema from recent slapo-nssov source tree
|
||||
- Added symbolic link to slapd executable in /usr/sbin/
|
||||
- Added more complex example configuration file
|
||||
/etc/openldap/slapd.conf.example
|
||||
- Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap
|
||||
- Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap
|
||||
- Added patch for OpenLDAP ITS#7796 to avoid excessive
|
||||
"not index" logging:
|
||||
0011-openldap-re24-its7796.patch
|
||||
- Replaced openldap-rc.tgz with single source files
|
||||
- Added soft dependency (Recommends) to cyrus-sasl
|
||||
- Added soft dependency (Recommends) to cyrus-sasl-devel
|
||||
to openldap2-devel
|
||||
- Added patch for OpenLDAP ITS#8336 (assert in liblmdb):
|
||||
0012-openldap-re24-its8336.patch
|
||||
- Remove obsolete patch 0001-build-adjustments.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 2 12:50:47 UTC 2015 - hguo@suse.com
|
||||
|
||||
- Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch
|
||||
to fix CVE-2015-6908. (bsc#945582)
|
||||
@ -36,7 +77,7 @@ Fri Oct 9 09:19:35 UTC 2015 - hguo@suse.com
|
||||
check-build.sh
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 1 11:08:59 UTC 2015 - hguo@suse.com
|
||||
Thu Oct 1 11:08:41 UTC 2015 - hguo@suse.com
|
||||
|
||||
- Upgrade to upstream 2.4.42 release with accumulated bug fixes.
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package openldap2-client
|
||||
#
|
||||
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -17,52 +17,59 @@
|
||||
|
||||
|
||||
%define run_test_suite 0
|
||||
%define version_main 2.4.42
|
||||
%define version_main 2.4.43
|
||||
|
||||
%if ! %{defined _rundir}
|
||||
%define _rundir %{_localstatedir}/run
|
||||
%if %{suse_version} >= 1310 && %{suse_version} != 1315
|
||||
%define _rundir /run/slapd
|
||||
%else
|
||||
%define _rundir /var/run/slapd
|
||||
%endif
|
||||
|
||||
Name: openldap2-client
|
||||
Summary: The OpenLDAP commandline client tools
|
||||
License: OLDAP-2.8
|
||||
Group: Productivity/Networking/LDAP/Clients
|
||||
Version: 2.4.42
|
||||
Version: %{version_main}
|
||||
Release: 0
|
||||
Url: http://www.openldap.org
|
||||
Source: openldap-%{version_main}.tgz
|
||||
Source1: openldap-rc.tgz
|
||||
Source2: addonschema.tar.gz
|
||||
Source3: DB_CONFIG
|
||||
Source4: sasl-slapd.conf
|
||||
Source5: README.dynamic-overlays
|
||||
Source5: README.module-loading
|
||||
Source6: schema2ldif
|
||||
Source7: baselibs.conf
|
||||
Patch1: 0001-build-adjustments.dif
|
||||
Source9: ldapns.schema
|
||||
Source10: rfc2307bis.schema
|
||||
Source11: yast.schema
|
||||
Source12: slapd.conf.example
|
||||
Source13: start
|
||||
Source14: slapd.service
|
||||
Source15: SuSEfirewall2.openldap
|
||||
Source16: sysconfig.openldap
|
||||
Patch2: 0002-slapd.conf.dif
|
||||
Patch3: 0003-LDAPI-socket-location.dif
|
||||
Patch4: 0004-libldap-use-gethostbyname_r.dif
|
||||
Patch5: 0005-pie-compile.dif
|
||||
Patch6: 0006-No-Build-date-and-time-in-binaries.dif
|
||||
Patch7: 0007-Recover-on-DB-version-change.dif
|
||||
Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
|
||||
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
|
||||
Patch10: 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch
|
||||
Patch11: 0011-Enforce-minimum-DH-size-of-1024.patch
|
||||
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
|
||||
Patch11: 0011-openldap-re24-its7796.patch
|
||||
Patch12: 0012-openldap-re24-its8336.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
BuildRequires: groff
|
||||
BuildRequires: libopenssl-devel
|
||||
BuildRequires: libtool
|
||||
Requires: libldap-2_4-2 = %{version_main}
|
||||
Recommends: cyrus-sasl
|
||||
%if "%{name}" == "openldap2"
|
||||
BuildRequires: db-devel
|
||||
BuildRequires: openslp-devel
|
||||
BuildRequires: tcpd-devel
|
||||
BuildRequires: unixODBC-devel
|
||||
Conflicts: openldap
|
||||
Requires: libldap-2_4-2 = %{version_main}
|
||||
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
|
||||
%if 0%{?suse_version} >= 1140
|
||||
%if %{suse_version} >= 1310 && %{suse_version} != 1315
|
||||
# avoid cycle with krb5
|
||||
BuildRequires: krb5-mini
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
@ -70,7 +77,6 @@ BuildRequires: pkgconfig(systemd)
|
||||
%endif
|
||||
%else
|
||||
Conflicts: openldap-client
|
||||
Requires: libldap-2_4-2 = %{version_main}
|
||||
%endif
|
||||
# For /usr/bin/strings
|
||||
Requires(pre): binutils
|
||||
@ -78,10 +84,10 @@ Requires(pre): binutils
|
||||
%if "%{name}" == "openldap2"
|
||||
|
||||
%description
|
||||
The Lightweight Directory Access Protocol (LDAP) is used to access
|
||||
online directory services. It runs directly over TCP and can be used to
|
||||
access a stand-alone LDAP directory service or to access a directory
|
||||
service that has an X.500 back-end.
|
||||
OpenLDAP is a client and server reference implementation of the
|
||||
Lightweight Directory Access Protocol v3 (LDAPv3).
|
||||
|
||||
The server provides several database backends and overlays.
|
||||
|
||||
%package -n openldap2-back-perl
|
||||
Summary: OpenLDAP Perl Back-End
|
||||
@ -93,6 +99,16 @@ Requires: perl = %{perl_version}
|
||||
The OpenLDAP Perl back-end allows you to execute Perl code specific to
|
||||
different LDAP operations.
|
||||
|
||||
%package -n openldap2-back-sock
|
||||
Summary: OpenLDAP Socket Back-End
|
||||
Group: Productivity/Networking/LDAP/Servers
|
||||
Requires: openldap2 = %{version_main}
|
||||
Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz
|
||||
|
||||
%description -n openldap2-back-sock
|
||||
The OpenLDAP socket back-end allows you to handle LDAP requests and
|
||||
results with an external process listening on a Unix domain socket.
|
||||
|
||||
%package -n openldap2-back-meta
|
||||
Summary: OpenLDAP Meta Back-End
|
||||
Group: Productivity/Networking/LDAP/Servers
|
||||
@ -115,6 +131,25 @@ The primary purpose of this OpenLDAP backend is to present information
|
||||
stored in a Relational (SQL) Database as an LDAP subtree without the need
|
||||
to do any programming.
|
||||
|
||||
%package -n openldap2-contrib
|
||||
Summary: OpenLDAP Contrib Modules
|
||||
Group: Productivity/Networking/LDAP/Servers
|
||||
Requires: openldap2 = %{version_main}
|
||||
|
||||
%description -n openldap2-contrib
|
||||
Various overlays found in contrib/:
|
||||
allop
|
||||
allowed Generates attributes indicating access rights
|
||||
autogroup
|
||||
cloak
|
||||
denyop
|
||||
lastbind writes last bind timestamp to entry
|
||||
noopsrch handles no-op search control
|
||||
nops
|
||||
pw-sha2 generates/validates SHA-2 password hashes
|
||||
pw-pbkdf2 generates/validates PBKDF2 password hashes
|
||||
smbk5pwd generates Samba3 password hashes (heimdal krb disabled)
|
||||
|
||||
%package -n openldap2-doc
|
||||
Summary: OpenLDAP Documentation
|
||||
Group: Documentation/Other
|
||||
@ -126,6 +161,7 @@ BuildArch: noarch
|
||||
%description -n openldap2-doc
|
||||
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The OpenLDAP Project <project@openldap.org>
|
||||
@ -145,6 +181,7 @@ Obsoletes: openldap2-devel-64bit
|
||||
#
|
||||
Conflicts: openldap-devel
|
||||
Requires: libldap-2_4-2 = %{version_main}
|
||||
Recommends: cyrus-sasl-devel
|
||||
|
||||
%description -n openldap2-devel
|
||||
This package provides the OpenLDAP libraries, header files, and
|
||||
@ -171,11 +208,10 @@ This package contains the OpenLDAP client libraries.
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n openldap-%{version_main} -a1 -a2
|
||||
%patch1 -p1
|
||||
%setup -q -n openldap-%{version_main}
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
#%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
@ -183,48 +219,66 @@ This package contains the OpenLDAP client libraries.
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
cp %{SOURCE5} .
|
||||
|
||||
%build
|
||||
%{?suse_update_config:%{suse_update_config -f build}}
|
||||
libtoolize --force
|
||||
autoreconf
|
||||
export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE"
|
||||
# %{?suse_update_config:%{suse_update_config -f build}}
|
||||
#libtoolize --force
|
||||
#autoreconf
|
||||
# export CFLAGS="${RPM_OPT_FLAGS} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
|
||||
export CFLAGS="-Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
|
||||
export STRIP=""
|
||||
%configure \
|
||||
--localstatedir=%{_rundir}/slapd \
|
||||
--libexecdir=/usr/lib/openldap \
|
||||
--enable-wrappers \
|
||||
./configure \
|
||||
--prefix=/usr \
|
||||
--sysconfdir=%{_sysconfdir} \
|
||||
--libdir=%{_libdir} \
|
||||
--libexecdir=%{_libdir} \
|
||||
--localstatedir=%{_rundir} \
|
||||
--enable-wrappers=no \
|
||||
--enable-spasswd \
|
||||
--enable-modules \
|
||||
--enable-shared \
|
||||
--enable-dynamic \
|
||||
--with-tls \
|
||||
--with-tls=openssl \
|
||||
--with-cyrus-sasl \
|
||||
--enable-crypt \
|
||||
--enable-ipv6=yes \
|
||||
%if "%{name}" == "openldap2"
|
||||
--enable-aci \
|
||||
--enable-bdb \
|
||||
--enable-hdb \
|
||||
--enable-bdb=mod \
|
||||
--enable-hdb=mod \
|
||||
--enable-rewrite \
|
||||
--enable-ldap=yes \
|
||||
--enable-ldap=mod \
|
||||
--enable-meta=mod \
|
||||
--enable-monitor=yes \
|
||||
--enable-monitor=mod \
|
||||
--enable-perl=mod \
|
||||
--enable-sock=mod \
|
||||
--enable-sql=mod \
|
||||
--enable-mdb=yes \
|
||||
--enable-mdb=mod \
|
||||
--enable-relay=mod \
|
||||
--enable-slp \
|
||||
--enable-overlays=mod \
|
||||
--enable-syncprov=yes \
|
||||
--enable-ppolicy=yes \
|
||||
--enable-syncprov=mod \
|
||||
--enable-ppolicy=mod \
|
||||
%else
|
||||
--disable-slapd \
|
||||
%endif
|
||||
--enable-lmpasswd \
|
||||
--with-yielding-select
|
||||
--with-yielding-select \
|
||||
|| cat config.log
|
||||
make depend
|
||||
make %{?_smp_mflags}
|
||||
%if "%{name}" == "openldap2"
|
||||
# Build selected contrib overlays
|
||||
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
|
||||
do
|
||||
make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
|
||||
done
|
||||
# One more level up needed because of passwd/sha2
|
||||
# slapo-smbk5pwd only for Samba password hashes
|
||||
make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""
|
||||
%endif
|
||||
|
||||
%check
|
||||
%if %run_test_suite
|
||||
@ -252,50 +306,67 @@ make SLAPD_DEBUG=0 test
|
||||
%endif
|
||||
|
||||
%install
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/lib/openldap/
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/sbin
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
|
||||
make STRIP="" DESTDIR=$RPM_BUILD_ROOT install
|
||||
install -m 755 start $RPM_BUILD_ROOT/usr/lib/openldap/start
|
||||
install -m 644 slapd.service $RPM_BUILD_ROOT/%{_unitdir}
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2
|
||||
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
|
||||
install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap
|
||||
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so*
|
||||
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so*
|
||||
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so*
|
||||
install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/usr/sbin/schema2ldif
|
||||
mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}/openldap
|
||||
mkdir -p ${RPM_BUILD_ROOT}/usr/lib/openldap
|
||||
mkdir -p ${RPM_BUILD_ROOT}/usr/sbin
|
||||
mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir}
|
||||
make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
|
||||
# Additional symbolic link to slapd executable in /usr/sbin/
|
||||
%if "%{name}" == "openldap2"
|
||||
ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd
|
||||
%endif
|
||||
%if "%{name}" == "openldap2"
|
||||
# Install selected contrib overlays
|
||||
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
|
||||
do
|
||||
make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
|
||||
done
|
||||
# slapo-smbk5pwd only for Samba password hashes
|
||||
make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
|
||||
%endif
|
||||
install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start
|
||||
install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir}
|
||||
mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d
|
||||
mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2
|
||||
install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2/slapd.conf
|
||||
install -m 755 -d ${RPM_BUILD_ROOT}/var/lib/ldap
|
||||
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so*
|
||||
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so*
|
||||
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so*
|
||||
install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif
|
||||
%if "%{name}" == "openldap2"
|
||||
%define DOCDIR %{_defaultdocdir}/%{name}
|
||||
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
|
||||
install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap
|
||||
install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema
|
||||
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG
|
||||
install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example
|
||||
install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/
|
||||
install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap
|
||||
mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates
|
||||
install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap
|
||||
install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
|
||||
install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
|
||||
install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
|
||||
install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
|
||||
install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG
|
||||
install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example
|
||||
install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/
|
||||
install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap
|
||||
rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d`
|
||||
rm -rf doc/guide/release
|
||||
install -d $RPM_BUILD_ROOT/%{DOCDIR}/adminguide \
|
||||
$RPM_BUILD_ROOT/%{DOCDIR}/images \
|
||||
$RPM_BUILD_ROOT/%{DOCDIR}/drafts
|
||||
install -m 644 doc/guide/admin/* $RPM_BUILD_ROOT/%{DOCDIR}/adminguide
|
||||
install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images
|
||||
install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts
|
||||
install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \
|
||||
${RPM_BUILD_ROOT}/%{DOCDIR}/images \
|
||||
${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
|
||||
install -m 644 doc/guide/admin/* ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide
|
||||
install -m 644 doc/guide/images/*.gif ${RPM_BUILD_ROOT}/%{DOCDIR}/images
|
||||
install -m 644 doc/drafts/* ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
|
||||
install -m 644 ANNOUNCEMENT \
|
||||
COPYRIGHT \
|
||||
LICENSE \
|
||||
README \
|
||||
CHANGES \
|
||||
%{SOURCE5} \
|
||||
$RPM_BUILD_ROOT/%{DOCDIR}
|
||||
${RPM_BUILD_ROOT}/%{DOCDIR}
|
||||
install -m 644 servers/slapd/slapd.ldif \
|
||||
$RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default
|
||||
rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example
|
||||
rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README
|
||||
rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif*
|
||||
rm -f $RPM_BUILD_ROOT%{_rundir}/slapd/openldap-data/DB_CONFIG.example
|
||||
${RPM_BUILD_ROOT}/%{DOCDIR}/slapd.ldif.default
|
||||
rm -f ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example
|
||||
rm -f ${RPM_BUILD_ROOT}/etc/openldap/schema/README
|
||||
rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif*
|
||||
rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example
|
||||
mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
|
||||
# Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO
|
||||
# /usr/sbin/service exists only since openSUSE 12.3:
|
||||
@ -305,16 +376,15 @@ ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcslapd
|
||||
ln -s /sbin/service %{buildroot}%{_sbindir}/rcslapd
|
||||
%endif
|
||||
%endif
|
||||
rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5
|
||||
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-null.5
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-passwd.5
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-shell.5
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5
|
||||
# Remove *.la files, libtool does not handle this correct
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
|
||||
rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la
|
||||
|
||||
#put filelists into files
|
||||
cat >openldap2.filelist <<EOF
|
||||
@ -328,36 +398,45 @@ cat >openldap2.filelist <<EOF
|
||||
%dir /etc/openldap/schema
|
||||
%config /etc/openldap/schema/*.schema
|
||||
%config /etc/openldap/schema/*.ldif
|
||||
%config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf
|
||||
%config(noreplace) %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf
|
||||
%config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG
|
||||
%config /var/lib/ldap/DB_CONFIG.example
|
||||
%attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default
|
||||
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default
|
||||
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.example
|
||||
%config(noreplace) /etc/sasl2/slapd.conf
|
||||
%dir /usr/lib/openldap
|
||||
%dir /usr/lib/openldap/modules
|
||||
/usr/lib/openldap/modules/accesslog*
|
||||
/usr/lib/openldap/modules/auditlog*
|
||||
/usr/lib/openldap/modules/collect*
|
||||
/usr/lib/openldap/modules/constraint*
|
||||
/usr/lib/openldap/modules/dds*
|
||||
/usr/lib/openldap/modules/deref*
|
||||
/usr/lib/openldap/modules/dyngroup*
|
||||
/usr/lib/openldap/modules/dynlist*
|
||||
/usr/lib/openldap/modules/memberof*
|
||||
/usr/lib/openldap/modules/pcache*
|
||||
/usr/lib/openldap/modules/refint*
|
||||
/usr/lib/openldap/modules/retcode*
|
||||
/usr/lib/openldap/modules/rwm*
|
||||
/usr/lib/openldap/modules/seqmod*
|
||||
/usr/lib/openldap/modules/sssvlv*
|
||||
/usr/lib/openldap/modules/translucent*
|
||||
/usr/lib/openldap/modules/unique*
|
||||
/usr/lib/openldap/modules/valsort*
|
||||
/usr/lib/openldap/slapd
|
||||
%dir /%{_libdir}/openldap
|
||||
%{_libdir}/openldap/back_bdb*
|
||||
%{_libdir}/openldap/back_hdb*
|
||||
%{_libdir}/openldap/back_ldap*
|
||||
%{_libdir}/openldap/back_mdb*
|
||||
%{_libdir}/openldap/back_monitor*
|
||||
%{_libdir}/openldap/back_relay*
|
||||
%{_libdir}/openldap/accesslog*
|
||||
%{_libdir}/openldap/auditlog*
|
||||
%{_libdir}/openldap/collect*
|
||||
%{_libdir}/openldap/constraint*
|
||||
%{_libdir}/openldap/dds*
|
||||
%{_libdir}/openldap/deref*
|
||||
%{_libdir}/openldap/dyngroup*
|
||||
%{_libdir}/openldap/dynlist*
|
||||
%{_libdir}/openldap/memberof*
|
||||
%{_libdir}/openldap/pcache*
|
||||
%{_libdir}/openldap/ppolicy*
|
||||
%{_libdir}/openldap/refint*
|
||||
%{_libdir}/openldap/retcode*
|
||||
%{_libdir}/openldap/rwm*
|
||||
%{_libdir}/openldap/seqmod*
|
||||
%{_libdir}/openldap/sssvlv*
|
||||
%{_libdir}/openldap/syncprov*
|
||||
%{_libdir}/openldap/translucent*
|
||||
%{_libdir}/openldap/unique*
|
||||
%{_libdir}/openldap/valsort*
|
||||
%{_libdir}/slapd
|
||||
/usr/lib/openldap/start
|
||||
/usr/lib/systemd/system/slapd.service
|
||||
%dir %attr(0700, ldap, ldap) /var/lib/ldap
|
||||
%dir %attr(0755, ldap, ldap) %ghost %{_rundir}/slapd
|
||||
%{_unitdir}/slapd.service
|
||||
%dir %attr(0750, ldap, ldap) /var/lib/ldap
|
||||
%ghost %attr(0750, ldap, ldap) %{_rundir}
|
||||
%doc %{_mandir}/man8/sl*
|
||||
%doc %{_mandir}/man5/slapd.*
|
||||
%doc %{_mandir}/man5/slapd-bdb.*
|
||||
@ -417,20 +496,37 @@ cat > openldap2-devel-static.filelist <<-EOF
|
||||
%_libdir/libldap*.a
|
||||
EOF
|
||||
cat > openldap2-back-perl.filelist <<EOF
|
||||
/usr/lib/openldap/modules/back_perl*
|
||||
%{_libdir}/openldap/back_perl*
|
||||
%doc %{_mandir}/man5/slapd-perl.*
|
||||
EOF
|
||||
cat > openldap2-back-sock.filelist <<EOF
|
||||
%{_libdir}/openldap/back_sock*
|
||||
%doc %{_mandir}/man5/slapd-sock.*
|
||||
EOF
|
||||
cat > openldap2-back-meta.filelist <<EOF
|
||||
/usr/lib/openldap/modules/back_meta*
|
||||
%{_libdir}/openldap/back_meta*
|
||||
%doc %{_mandir}/man5/slapd-meta.*
|
||||
EOF
|
||||
cat > openldap2-back-sql.filelist <<EOF
|
||||
/usr/lib/openldap/modules/back_sql*
|
||||
%{_libdir}/openldap/back_sql*
|
||||
%doc %{_mandir}/man5/slapd-sql.*
|
||||
%doc servers/slapd/back-sql/examples
|
||||
%doc servers/slapd/back-sql/docs/bugs
|
||||
%doc servers/slapd/back-sql/docs/install
|
||||
EOF
|
||||
cat > openldap2-contrib.filelist <<EOF
|
||||
%{_libdir}/openldap/allowed.*
|
||||
%{_libdir}/openldap/allop.*
|
||||
%{_libdir}/openldap/autogroup.*
|
||||
%{_libdir}/openldap/lastbind.*
|
||||
%{_libdir}/openldap/noopsrch.*
|
||||
%{_libdir}/openldap/nops.*
|
||||
%{_libdir}/openldap/pw-sha2.*
|
||||
%{_libdir}/openldap/pw-pbkdf2.*
|
||||
%{_libdir}/openldap/denyop.*
|
||||
%{_libdir}/openldap/cloak.*
|
||||
%{_libdir}/openldap/smbk5pwd.*
|
||||
EOF
|
||||
cat >openldap2-doc.filelist <<EOF
|
||||
%dir %{DOCDIR}
|
||||
%doc %{DOCDIR}/drafts
|
||||
@ -442,20 +538,20 @@ EOF
|
||||
cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \
|
||||
openldap2-devel-static.filelist |
|
||||
%else
|
||||
cat openldap2.filelist openldap2-back-perl.filelist \
|
||||
cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-sock.filelist \
|
||||
openldap2-back-meta.filelist openldap2-back-sql.filelist \
|
||||
openldap2-doc.filelist compat-libldap.filelist |
|
||||
openldap2-doc.filelist openldap2-contrib.filelist |
|
||||
%endif
|
||||
grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
|
||||
rm -rf $RPM_BUILD_ROOT$name
|
||||
rm -rf ${RPM_BUILD_ROOT}${name}
|
||||
done
|
||||
%if "%{name}" == "openldap2"
|
||||
|
||||
%pre
|
||||
/usr/sbin/groupadd -g 70 -o -r ldap || :
|
||||
/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/bash -c "User for OpenLDAP" -d /var/lib/ldap ldap || :
|
||||
/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || :
|
||||
if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then
|
||||
touch /var/run/enable_slapd_service
|
||||
touch %{_rundir}/enable_slapd_service
|
||||
fi
|
||||
%service_add_pre slapd.service
|
||||
|
||||
@ -467,7 +563,7 @@ fi
|
||||
%{fillup_only -n openldap ldap}
|
||||
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
|
||||
%service_add_post slapd.service
|
||||
if [ -f /var/run/enable_slapd_service ]; then
|
||||
if [ -f %{_rundir}/enable_slapd_service ]; then
|
||||
/usr/bin/systemctl --quiet enable slapd
|
||||
fi
|
||||
|
||||
@ -483,6 +579,9 @@ fi
|
||||
%files -n openldap2-back-perl -f openldap2-back-perl.filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%files -n openldap2-back-sock -f openldap2-back-sock.filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%files -n openldap2-back-meta -f openldap2-back-meta.filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
@ -492,6 +591,9 @@ fi
|
||||
%files -n openldap2-doc -f openldap2-doc.filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%files -n openldap2-contrib -f openldap2-contrib.filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%else
|
||||
|
||||
%post -n libldap-2_4-2 -p /sbin/ldconfig
|
||||
|
@ -1,3 +1,44 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com
|
||||
|
||||
- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch
|
||||
into 0010-Enforce-minimum-DH-size-of-1024.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 8 11:36:16 UTC 2015 - michael@stroeder.com
|
||||
|
||||
- Upgrade to upstream 2.4.43 release with accumulated bug fixes.
|
||||
- Still build on SLES12
|
||||
- Loadable backend and overlay modules are now installed
|
||||
into arch-specific path %{_libdir}/openldap
|
||||
- All backends and overlays as modules for smaller memory footprint
|
||||
on memory constrained systems
|
||||
- Added extra package for back-sock
|
||||
- Consequent use of %{_rundir} everywhere
|
||||
- Rely on upstream ./configure script instead of any other
|
||||
macro foo
|
||||
- Dropped linking with libwrap
|
||||
- Dropped 0004-libldap-use-gethostbyname_r.dif because this
|
||||
work-around for nss_ldap is obsolete
|
||||
- New sub-package openldap2-contrib with selected contrib/ overlays
|
||||
- Replaced addonschema.tar.gz with separate schema sources
|
||||
- Updated ldapns.schema from recent slapo-nssov source tree
|
||||
- Added symbolic link to slapd executable in /usr/sbin/
|
||||
- Added more complex example configuration file
|
||||
/etc/openldap/slapd.conf.example
|
||||
- Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap
|
||||
- Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap
|
||||
- Added patch for OpenLDAP ITS#7796 to avoid excessive
|
||||
"not index" logging:
|
||||
0011-openldap-re24-its7796.patch
|
||||
- Replaced openldap-rc.tgz with single source files
|
||||
- Added soft dependency (Recommends) to cyrus-sasl
|
||||
- Added soft dependency (Recommends) to cyrus-sasl-devel
|
||||
to openldap2-devel
|
||||
- Added patch for OpenLDAP ITS#8336 (assert in liblmdb):
|
||||
0012-openldap-re24-its8336.patch
|
||||
- Remove obsolete patch 0001-build-adjustments.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 2 12:50:47 UTC 2015 - hguo@suse.com
|
||||
|
||||
|
349
openldap2.spec
349
openldap2.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package openldap2
|
||||
#
|
||||
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -17,52 +17,59 @@
|
||||
|
||||
|
||||
%define run_test_suite 0
|
||||
%define version_main 2.4.42
|
||||
%define version_main 2.4.43
|
||||
|
||||
%if ! %{defined _rundir}
|
||||
%define _rundir %{_localstatedir}/run
|
||||
%if %{suse_version} >= 1310 && %{suse_version} != 1315
|
||||
%define _rundir /run/slapd
|
||||
%else
|
||||
%define _rundir /var/run/slapd
|
||||
%endif
|
||||
|
||||
Name: openldap2
|
||||
Summary: The OpenLDAP Server
|
||||
License: OLDAP-2.8
|
||||
Group: Productivity/Networking/LDAP/Clients
|
||||
Version: 2.4.42
|
||||
Version: %{version_main}
|
||||
Release: 0
|
||||
Url: http://www.openldap.org
|
||||
Source: openldap-%{version_main}.tgz
|
||||
Source1: openldap-rc.tgz
|
||||
Source2: addonschema.tar.gz
|
||||
Source3: DB_CONFIG
|
||||
Source4: sasl-slapd.conf
|
||||
Source5: README.dynamic-overlays
|
||||
Source5: README.module-loading
|
||||
Source6: schema2ldif
|
||||
Source7: baselibs.conf
|
||||
Patch1: 0001-build-adjustments.dif
|
||||
Source9: ldapns.schema
|
||||
Source10: rfc2307bis.schema
|
||||
Source11: yast.schema
|
||||
Source12: slapd.conf.example
|
||||
Source13: start
|
||||
Source14: slapd.service
|
||||
Source15: SuSEfirewall2.openldap
|
||||
Source16: sysconfig.openldap
|
||||
Patch2: 0002-slapd.conf.dif
|
||||
Patch3: 0003-LDAPI-socket-location.dif
|
||||
Patch4: 0004-libldap-use-gethostbyname_r.dif
|
||||
Patch5: 0005-pie-compile.dif
|
||||
Patch6: 0006-No-Build-date-and-time-in-binaries.dif
|
||||
Patch7: 0007-Recover-on-DB-version-change.dif
|
||||
Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
|
||||
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
|
||||
Patch10: 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch
|
||||
Patch11: 0011-Enforce-minimum-DH-size-of-1024.patch
|
||||
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
|
||||
Patch11: 0011-openldap-re24-its7796.patch
|
||||
Patch12: 0012-openldap-re24-its8336.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
BuildRequires: groff
|
||||
BuildRequires: libopenssl-devel
|
||||
BuildRequires: libtool
|
||||
Requires: libldap-2_4-2 = %{version_main}
|
||||
Recommends: cyrus-sasl
|
||||
%if "%{name}" == "openldap2"
|
||||
BuildRequires: db-devel
|
||||
BuildRequires: openslp-devel
|
||||
BuildRequires: tcpd-devel
|
||||
BuildRequires: unixODBC-devel
|
||||
Conflicts: openldap
|
||||
Requires: libldap-2_4-2 = %{version_main}
|
||||
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
|
||||
%if 0%{?suse_version} >= 1140
|
||||
%if %{suse_version} >= 1310 && %{suse_version} != 1315
|
||||
# avoid cycle with krb5
|
||||
BuildRequires: krb5-mini
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
@ -70,7 +77,6 @@ BuildRequires: pkgconfig(systemd)
|
||||
%endif
|
||||
%else
|
||||
Conflicts: openldap-client
|
||||
Requires: libldap-2_4-2 = %{version_main}
|
||||
%endif
|
||||
# For /usr/bin/strings
|
||||
Requires(pre): binutils
|
||||
@ -78,10 +84,10 @@ Requires(pre): binutils
|
||||
%if "%{name}" == "openldap2"
|
||||
|
||||
%description
|
||||
The Lightweight Directory Access Protocol (LDAP) is used to access
|
||||
online directory services. It runs directly over TCP and can be used to
|
||||
access a stand-alone LDAP directory service or to access a directory
|
||||
service that has an X.500 back-end.
|
||||
OpenLDAP is a client and server reference implementation of the
|
||||
Lightweight Directory Access Protocol v3 (LDAPv3).
|
||||
|
||||
The server provides several database backends and overlays.
|
||||
|
||||
%package -n openldap2-back-perl
|
||||
Summary: OpenLDAP Perl Back-End
|
||||
@ -93,6 +99,16 @@ Requires: perl = %{perl_version}
|
||||
The OpenLDAP Perl back-end allows you to execute Perl code specific to
|
||||
different LDAP operations.
|
||||
|
||||
%package -n openldap2-back-sock
|
||||
Summary: OpenLDAP Socket Back-End
|
||||
Group: Productivity/Networking/LDAP/Servers
|
||||
Requires: openldap2 = %{version_main}
|
||||
Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz
|
||||
|
||||
%description -n openldap2-back-sock
|
||||
The OpenLDAP socket back-end allows you to handle LDAP requests and
|
||||
results with an external process listening on a Unix domain socket.
|
||||
|
||||
%package -n openldap2-back-meta
|
||||
Summary: OpenLDAP Meta Back-End
|
||||
Group: Productivity/Networking/LDAP/Servers
|
||||
@ -115,6 +131,25 @@ The primary purpose of this OpenLDAP backend is to present information
|
||||
stored in a Relational (SQL) Database as an LDAP subtree without the need
|
||||
to do any programming.
|
||||
|
||||
%package -n openldap2-contrib
|
||||
Summary: OpenLDAP Contrib Modules
|
||||
Group: Productivity/Networking/LDAP/Servers
|
||||
Requires: openldap2 = %{version_main}
|
||||
|
||||
%description -n openldap2-contrib
|
||||
Various overlays found in contrib/:
|
||||
allop
|
||||
allowed Generates attributes indicating access rights
|
||||
autogroup
|
||||
cloak
|
||||
denyop
|
||||
lastbind writes last bind timestamp to entry
|
||||
noopsrch handles no-op search control
|
||||
nops
|
||||
pw-sha2 generates/validates SHA-2 password hashes
|
||||
pw-pbkdf2 generates/validates PBKDF2 password hashes
|
||||
smbk5pwd generates Samba3 password hashes (heimdal krb disabled)
|
||||
|
||||
%package -n openldap2-doc
|
||||
Summary: OpenLDAP Documentation
|
||||
Group: Documentation/Other
|
||||
@ -126,6 +161,7 @@ BuildArch: noarch
|
||||
%description -n openldap2-doc
|
||||
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The OpenLDAP Project <project@openldap.org>
|
||||
@ -145,6 +181,7 @@ Obsoletes: openldap2-devel-64bit
|
||||
#
|
||||
Conflicts: openldap-devel
|
||||
Requires: libldap-2_4-2 = %{version_main}
|
||||
Recommends: cyrus-sasl-devel
|
||||
|
||||
%description -n openldap2-devel
|
||||
This package provides the OpenLDAP libraries, header files, and
|
||||
@ -171,11 +208,10 @@ This package contains the OpenLDAP client libraries.
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n openldap-%{version_main} -a1 -a2
|
||||
%patch1 -p1
|
||||
%setup -q -n openldap-%{version_main}
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
#%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
@ -183,49 +219,65 @@ This package contains the OpenLDAP client libraries.
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
cp %{SOURCE5} .
|
||||
|
||||
%build
|
||||
%{?suse_update_config:%{suse_update_config -f build}}
|
||||
libtoolize --force
|
||||
autoreconf
|
||||
export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE"
|
||||
# %{?suse_update_config:%{suse_update_config -f build}}
|
||||
#libtoolize --force
|
||||
#autoreconf
|
||||
# export CFLAGS="${RPM_OPT_FLAGS} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
|
||||
export CFLAGS="-Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
|
||||
export STRIP=""
|
||||
%configure \
|
||||
--localstatedir=%{_rundir}/slapd \
|
||||
--libexecdir=/usr/lib/openldap \
|
||||
--enable-wrappers \
|
||||
./configure \
|
||||
--prefix=/usr \
|
||||
--sysconfdir=%{_sysconfdir} \
|
||||
--libdir=%{_libdir} \
|
||||
--libexecdir=%{_libdir} \
|
||||
--localstatedir=%{_rundir} \
|
||||
--enable-wrappers=no \
|
||||
--enable-spasswd \
|
||||
--enable-modules \
|
||||
--enable-shared \
|
||||
--enable-dynamic \
|
||||
--with-tls \
|
||||
--with-tls=openssl \
|
||||
--with-cyrus-sasl \
|
||||
--enable-crypt \
|
||||
--enable-ipv6=yes \
|
||||
%if "%{name}" == "openldap2"
|
||||
--enable-aci \
|
||||
--enable-bdb \
|
||||
--enable-hdb \
|
||||
--enable-bdb=mod \
|
||||
--enable-hdb=mod \
|
||||
--enable-rewrite \
|
||||
--enable-ldap=yes \
|
||||
--enable-ldap=mod \
|
||||
--enable-meta=mod \
|
||||
--enable-monitor=yes \
|
||||
--enable-monitor=mod \
|
||||
--enable-perl=mod \
|
||||
--enable-sock=mod \
|
||||
--enable-sql=mod \
|
||||
--enable-mdb=yes \
|
||||
--enable-mdb=mod \
|
||||
--enable-relay=mod \
|
||||
--enable-slp \
|
||||
--enable-overlays=mod \
|
||||
--enable-syncprov=yes \
|
||||
--enable-ppolicy=yes \
|
||||
--enable-syncprov=mod \
|
||||
--enable-ppolicy=mod \
|
||||
%else
|
||||
--disable-slapd \
|
||||
%endif
|
||||
--enable-lmpasswd \
|
||||
--with-yielding-select
|
||||
--with-yielding-select \
|
||||
|| cat config.log
|
||||
make depend
|
||||
make %{?_smp_mflags}
|
||||
%if "%{name}" == "openldap2"
|
||||
# Build selected contrib overlays
|
||||
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
|
||||
do
|
||||
make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
|
||||
done
|
||||
# One more level up needed because of passwd/sha2
|
||||
# slapo-smbk5pwd only for Samba password hashes
|
||||
make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""
|
||||
%endif
|
||||
|
||||
%check
|
||||
@ -254,50 +306,67 @@ make SLAPD_DEBUG=0 test
|
||||
%endif
|
||||
|
||||
%install
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/lib/openldap/
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/sbin
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
|
||||
make STRIP="" DESTDIR=$RPM_BUILD_ROOT install
|
||||
install -m 755 start $RPM_BUILD_ROOT/usr/lib/openldap/start
|
||||
install -m 644 slapd.service $RPM_BUILD_ROOT/%{_unitdir}
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2
|
||||
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
|
||||
install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap
|
||||
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so*
|
||||
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so*
|
||||
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so*
|
||||
install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/usr/sbin/schema2ldif
|
||||
mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}/openldap
|
||||
mkdir -p ${RPM_BUILD_ROOT}/usr/lib/openldap
|
||||
mkdir -p ${RPM_BUILD_ROOT}/usr/sbin
|
||||
mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir}
|
||||
make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
|
||||
# Additional symbolic link to slapd executable in /usr/sbin/
|
||||
%if "%{name}" == "openldap2"
|
||||
ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd
|
||||
%endif
|
||||
%if "%{name}" == "openldap2"
|
||||
# Install selected contrib overlays
|
||||
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
|
||||
do
|
||||
make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
|
||||
done
|
||||
# slapo-smbk5pwd only for Samba password hashes
|
||||
make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
|
||||
%endif
|
||||
install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start
|
||||
install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir}
|
||||
mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d
|
||||
mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2
|
||||
install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2/slapd.conf
|
||||
install -m 755 -d ${RPM_BUILD_ROOT}/var/lib/ldap
|
||||
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so*
|
||||
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so*
|
||||
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so*
|
||||
install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif
|
||||
%if "%{name}" == "openldap2"
|
||||
%define DOCDIR %{_defaultdocdir}/%{name}
|
||||
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
|
||||
install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap
|
||||
install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema
|
||||
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG
|
||||
install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example
|
||||
install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/
|
||||
install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap
|
||||
mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates
|
||||
install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap
|
||||
install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
|
||||
install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
|
||||
install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
|
||||
install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
|
||||
install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG
|
||||
install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example
|
||||
install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/
|
||||
install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap
|
||||
rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d`
|
||||
rm -rf doc/guide/release
|
||||
install -d $RPM_BUILD_ROOT/%{DOCDIR}/adminguide \
|
||||
$RPM_BUILD_ROOT/%{DOCDIR}/images \
|
||||
$RPM_BUILD_ROOT/%{DOCDIR}/drafts
|
||||
install -m 644 doc/guide/admin/* $RPM_BUILD_ROOT/%{DOCDIR}/adminguide
|
||||
install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images
|
||||
install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts
|
||||
install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \
|
||||
${RPM_BUILD_ROOT}/%{DOCDIR}/images \
|
||||
${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
|
||||
install -m 644 doc/guide/admin/* ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide
|
||||
install -m 644 doc/guide/images/*.gif ${RPM_BUILD_ROOT}/%{DOCDIR}/images
|
||||
install -m 644 doc/drafts/* ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
|
||||
install -m 644 ANNOUNCEMENT \
|
||||
COPYRIGHT \
|
||||
LICENSE \
|
||||
README \
|
||||
CHANGES \
|
||||
%{SOURCE5} \
|
||||
$RPM_BUILD_ROOT/%{DOCDIR}
|
||||
${RPM_BUILD_ROOT}/%{DOCDIR}
|
||||
install -m 644 servers/slapd/slapd.ldif \
|
||||
$RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default
|
||||
rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example
|
||||
rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README
|
||||
rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif*
|
||||
rm -f $RPM_BUILD_ROOT%{_rundir}/slapd/openldap-data/DB_CONFIG.example
|
||||
${RPM_BUILD_ROOT}/%{DOCDIR}/slapd.ldif.default
|
||||
rm -f ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example
|
||||
rm -f ${RPM_BUILD_ROOT}/etc/openldap/schema/README
|
||||
rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif*
|
||||
rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example
|
||||
mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
|
||||
# Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO
|
||||
# /usr/sbin/service exists only since openSUSE 12.3:
|
||||
@ -307,16 +376,15 @@ ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcslapd
|
||||
ln -s /sbin/service %{buildroot}%{_sbindir}/rcslapd
|
||||
%endif
|
||||
%endif
|
||||
rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5
|
||||
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5
|
||||
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-null.5
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-passwd.5
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-shell.5
|
||||
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5
|
||||
# Remove *.la files, libtool does not handle this correct
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
|
||||
rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la
|
||||
|
||||
#put filelists into files
|
||||
cat >openldap2.filelist <<EOF
|
||||
@ -330,36 +398,45 @@ cat >openldap2.filelist <<EOF
|
||||
%dir /etc/openldap/schema
|
||||
%config /etc/openldap/schema/*.schema
|
||||
%config /etc/openldap/schema/*.ldif
|
||||
%config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf
|
||||
%config(noreplace) %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf
|
||||
%config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG
|
||||
%config /var/lib/ldap/DB_CONFIG.example
|
||||
%attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default
|
||||
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default
|
||||
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.example
|
||||
%config(noreplace) /etc/sasl2/slapd.conf
|
||||
%dir /usr/lib/openldap
|
||||
%dir /usr/lib/openldap/modules
|
||||
/usr/lib/openldap/modules/accesslog*
|
||||
/usr/lib/openldap/modules/auditlog*
|
||||
/usr/lib/openldap/modules/collect*
|
||||
/usr/lib/openldap/modules/constraint*
|
||||
/usr/lib/openldap/modules/dds*
|
||||
/usr/lib/openldap/modules/deref*
|
||||
/usr/lib/openldap/modules/dyngroup*
|
||||
/usr/lib/openldap/modules/dynlist*
|
||||
/usr/lib/openldap/modules/memberof*
|
||||
/usr/lib/openldap/modules/pcache*
|
||||
/usr/lib/openldap/modules/refint*
|
||||
/usr/lib/openldap/modules/retcode*
|
||||
/usr/lib/openldap/modules/rwm*
|
||||
/usr/lib/openldap/modules/seqmod*
|
||||
/usr/lib/openldap/modules/sssvlv*
|
||||
/usr/lib/openldap/modules/translucent*
|
||||
/usr/lib/openldap/modules/unique*
|
||||
/usr/lib/openldap/modules/valsort*
|
||||
/usr/lib/openldap/slapd
|
||||
%dir /%{_libdir}/openldap
|
||||
%{_libdir}/openldap/back_bdb*
|
||||
%{_libdir}/openldap/back_hdb*
|
||||
%{_libdir}/openldap/back_ldap*
|
||||
%{_libdir}/openldap/back_mdb*
|
||||
%{_libdir}/openldap/back_monitor*
|
||||
%{_libdir}/openldap/back_relay*
|
||||
%{_libdir}/openldap/accesslog*
|
||||
%{_libdir}/openldap/auditlog*
|
||||
%{_libdir}/openldap/collect*
|
||||
%{_libdir}/openldap/constraint*
|
||||
%{_libdir}/openldap/dds*
|
||||
%{_libdir}/openldap/deref*
|
||||
%{_libdir}/openldap/dyngroup*
|
||||
%{_libdir}/openldap/dynlist*
|
||||
%{_libdir}/openldap/memberof*
|
||||
%{_libdir}/openldap/pcache*
|
||||
%{_libdir}/openldap/ppolicy*
|
||||
%{_libdir}/openldap/refint*
|
||||
%{_libdir}/openldap/retcode*
|
||||
%{_libdir}/openldap/rwm*
|
||||
%{_libdir}/openldap/seqmod*
|
||||
%{_libdir}/openldap/sssvlv*
|
||||
%{_libdir}/openldap/syncprov*
|
||||
%{_libdir}/openldap/translucent*
|
||||
%{_libdir}/openldap/unique*
|
||||
%{_libdir}/openldap/valsort*
|
||||
%{_libdir}/slapd
|
||||
/usr/lib/openldap/start
|
||||
/usr/lib/systemd/system/slapd.service
|
||||
%dir %attr(0700, ldap, ldap) /var/lib/ldap
|
||||
%dir %attr(0755, ldap, ldap) %ghost %{_rundir}/slapd
|
||||
%{_unitdir}/slapd.service
|
||||
%dir %attr(0750, ldap, ldap) /var/lib/ldap
|
||||
%ghost %attr(0750, ldap, ldap) %{_rundir}
|
||||
%doc %{_mandir}/man8/sl*
|
||||
%doc %{_mandir}/man5/slapd.*
|
||||
%doc %{_mandir}/man5/slapd-bdb.*
|
||||
@ -380,11 +457,6 @@ cat >openldap2.filelist <<EOF
|
||||
%doc %{DOCDIR}/CHANGES
|
||||
%doc %{DOCDIR}/slapd.ldif.default
|
||||
EOF
|
||||
%if %suse_version < 1130
|
||||
cat >>openldap2.filelist <<EOF
|
||||
/usr/sbin/openldap-2.3-slapcat
|
||||
EOF
|
||||
%endif
|
||||
#
|
||||
#
|
||||
cat > openldap2-client.filelist <<EOF
|
||||
@ -424,20 +496,37 @@ cat > openldap2-devel-static.filelist <<-EOF
|
||||
%_libdir/libldap*.a
|
||||
EOF
|
||||
cat > openldap2-back-perl.filelist <<EOF
|
||||
/usr/lib/openldap/modules/back_perl*
|
||||
%{_libdir}/openldap/back_perl*
|
||||
%doc %{_mandir}/man5/slapd-perl.*
|
||||
EOF
|
||||
cat > openldap2-back-sock.filelist <<EOF
|
||||
%{_libdir}/openldap/back_sock*
|
||||
%doc %{_mandir}/man5/slapd-sock.*
|
||||
EOF
|
||||
cat > openldap2-back-meta.filelist <<EOF
|
||||
/usr/lib/openldap/modules/back_meta*
|
||||
%{_libdir}/openldap/back_meta*
|
||||
%doc %{_mandir}/man5/slapd-meta.*
|
||||
EOF
|
||||
cat > openldap2-back-sql.filelist <<EOF
|
||||
/usr/lib/openldap/modules/back_sql*
|
||||
%{_libdir}/openldap/back_sql*
|
||||
%doc %{_mandir}/man5/slapd-sql.*
|
||||
%doc servers/slapd/back-sql/examples
|
||||
%doc servers/slapd/back-sql/docs/bugs
|
||||
%doc servers/slapd/back-sql/docs/install
|
||||
EOF
|
||||
cat > openldap2-contrib.filelist <<EOF
|
||||
%{_libdir}/openldap/allowed.*
|
||||
%{_libdir}/openldap/allop.*
|
||||
%{_libdir}/openldap/autogroup.*
|
||||
%{_libdir}/openldap/lastbind.*
|
||||
%{_libdir}/openldap/noopsrch.*
|
||||
%{_libdir}/openldap/nops.*
|
||||
%{_libdir}/openldap/pw-sha2.*
|
||||
%{_libdir}/openldap/pw-pbkdf2.*
|
||||
%{_libdir}/openldap/denyop.*
|
||||
%{_libdir}/openldap/cloak.*
|
||||
%{_libdir}/openldap/smbk5pwd.*
|
||||
EOF
|
||||
cat >openldap2-doc.filelist <<EOF
|
||||
%dir %{DOCDIR}
|
||||
%doc %{DOCDIR}/drafts
|
||||
@ -449,32 +538,20 @@ EOF
|
||||
cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \
|
||||
openldap2-devel-static.filelist |
|
||||
%else
|
||||
cat openldap2.filelist openldap2-back-perl.filelist \
|
||||
cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-sock.filelist \
|
||||
openldap2-back-meta.filelist openldap2-back-sql.filelist \
|
||||
openldap2-doc.filelist
|
||||
openldap2-doc.filelist openldap2-contrib.filelist |
|
||||
%endif
|
||||
grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
|
||||
rm -rf $RPM_BUILD_ROOT$name
|
||||
rm -rf ${RPM_BUILD_ROOT}${name}
|
||||
done
|
||||
%if "%{name}" == "openldap2"
|
||||
|
||||
%pre
|
||||
/usr/sbin/groupadd -g 70 -o -r ldap || :
|
||||
/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/bash -c "User for OpenLDAP" -d /var/lib/ldap ldap || :
|
||||
# try to figure out if a db update is needed
|
||||
if [ ${1:-0} -gt 1 ] && [ -f /usr/lib/openldap/slapd ] &&
|
||||
/usr/bin/strings /usr/lib/openldap/slapd | \
|
||||
grep "slapd 2.3" 2>&1 > /dev/null;
|
||||
then
|
||||
# create a backup of the schema shipped with 2.3
|
||||
# at least core.schema changed between 2.3 and 2.4
|
||||
TEMPDIR=`mktemp -d /etc/openldap/schema.backup.XXXXXX`
|
||||
echo "Schema backup created in $TEMPDIR"
|
||||
cp -p --remove-destination /etc/openldap/schema/* $TEMPDIR
|
||||
echo $TEMPDIR > /etc/openldap/UPDATE_NEEDED ;
|
||||
fi
|
||||
/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || :
|
||||
if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then
|
||||
touch /var/run/enable_slapd_service
|
||||
touch %{_rundir}/enable_slapd_service
|
||||
fi
|
||||
%service_add_pre slapd.service
|
||||
|
||||
@ -486,7 +563,7 @@ fi
|
||||
%{fillup_only -n openldap ldap}
|
||||
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
|
||||
%service_add_post slapd.service
|
||||
if [ -f /var/run/enable_slapd_service ]; then
|
||||
if [ -f %{_rundir}/enable_slapd_service ]; then
|
||||
/usr/bin/systemctl --quiet enable slapd
|
||||
fi
|
||||
|
||||
@ -502,6 +579,9 @@ fi
|
||||
%files -n openldap2-back-perl -f openldap2-back-perl.filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%files -n openldap2-back-sock -f openldap2-back-sock.filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%files -n openldap2-back-meta -f openldap2-back-meta.filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
@ -511,6 +591,9 @@ fi
|
||||
%files -n openldap2-doc -f openldap2-doc.filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%files -n openldap2-contrib -f openldap2-contrib.filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%else
|
||||
|
||||
%post -n libldap-2_4-2 -p /sbin/ldconfig
|
||||
|
288
rfc2307bis.schema
Normal file
288
rfc2307bis.schema
Normal file
@ -0,0 +1,288 @@
|
||||
# builtin
|
||||
#
|
||||
#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
|
||||
# DESC 'An integer uniquely identifying a user in an administrative domain'
|
||||
# EQUALITY integerMatch
|
||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
# SINGLE-VALUE )
|
||||
|
||||
# builtin
|
||||
#
|
||||
#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
|
||||
# DESC 'An integer uniquely identifying a group in an
|
||||
# administrative domain'
|
||||
# EQUALITY integerMatch
|
||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
# SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
|
||||
DESC 'The GECOS field; the common name'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
|
||||
DESC 'The absolute path to the home directory'
|
||||
EQUALITY caseExactIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
|
||||
DESC 'The path to the login shell'
|
||||
EQUALITY caseExactIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
|
||||
EQUALITY caseExactIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
|
||||
EQUALITY caseExactIA5Match
|
||||
SUBSTR caseExactIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
|
||||
DESC 'Netgroup triple'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
|
||||
DESC 'Service port number'
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
|
||||
DESC 'Service protocol name'
|
||||
SUP name )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
|
||||
DESC 'IP protocol number'
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
|
||||
DESC 'ONC RPC number'
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
|
||||
DESC 'IPv4 addresses as a dotted decimal omitting leading
|
||||
zeros or IPv6 addresses as defined in RFC2373'
|
||||
SUP name )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
|
||||
DESC 'IP network as a dotted decimal, eg. 192.168,
|
||||
omitting leading zeros'
|
||||
SUP name
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
|
||||
DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0,
|
||||
omitting leading zeros'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
|
||||
DESC 'MAC address in maximal, colon separated hex
|
||||
notation, eg. 00:00:92:90:ee:e2'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
|
||||
DESC 'rpc.bootparamd parameter'
|
||||
EQUALITY caseExactIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
|
||||
DESC 'Boot image name'
|
||||
EQUALITY caseExactIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
|
||||
DESC 'Name of a A generic NIS map'
|
||||
SUP name )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
|
||||
DESC 'A generic NIS entry'
|
||||
EQUALITY caseExactIA5Match
|
||||
SUBSTR caseExactIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
|
||||
DESC 'NIS public key'
|
||||
EQUALITY octetStringMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
|
||||
DESC 'NIS secret key'
|
||||
EQUALITY octetStringMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.30 NAME 'nisDomain'
|
||||
DESC 'NIS domain'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName'
|
||||
DESC 'automount Map Name'
|
||||
EQUALITY caseExactIA5Match
|
||||
SUBSTR caseExactIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey'
|
||||
DESC 'Automount Key value'
|
||||
EQUALITY caseExactIA5Match
|
||||
SUBSTR caseExactIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||
|
||||
attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation'
|
||||
DESC 'Automount information'
|
||||
EQUALITY caseExactIA5Match
|
||||
SUBSTR caseExactIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
|
||||
DESC 'Abstraction of an account with POSIX attributes'
|
||||
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
|
||||
MAY ( userPassword $ loginShell $ gecos $
|
||||
description ) )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
|
||||
DESC 'Additional attributes for shadow passwords'
|
||||
MUST uid
|
||||
MAY ( userPassword $ description $
|
||||
shadowLastChange $ shadowMin $ shadowMax $
|
||||
shadowWarning $ shadowInactive $
|
||||
shadowExpire $ shadowFlag ) )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
|
||||
DESC 'Abstraction of a group of accounts'
|
||||
MUST gidNumber
|
||||
MAY ( userPassword $ memberUid $
|
||||
description ) )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL
|
||||
DESC 'Abstraction an Internet Protocol service.
|
||||
Maps an IP port and protocol (such as tcp or udp)
|
||||
to one or more names; the distinguished value of
|
||||
the cn attribute denotes the services canonical
|
||||
name'
|
||||
MUST ( cn $ ipServicePort $ ipServiceProtocol )
|
||||
MAY description )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
|
||||
DESC 'Abstraction of an IP protocol. Maps a protocol number
|
||||
to one or more names. The distinguished value of the cn
|
||||
attribute denotes the protocols canonical name'
|
||||
MUST ( cn $ ipProtocolNumber )
|
||||
MAY description )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL
|
||||
DESC 'Abstraction of an Open Network Computing (ONC)
|
||||
[RFC1057] Remote Procedure Call (RPC) binding.
|
||||
This class maps an ONC RPC number to a name.
|
||||
The distinguished value of the cn attribute denotes
|
||||
the RPC services canonical name'
|
||||
MUST ( cn $ oncRpcNumber )
|
||||
MAY description )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY
|
||||
DESC 'Abstraction of a host, an IP device. The distinguished
|
||||
value of the cn attribute denotes the hosts canonical
|
||||
name. Device SHOULD be used as a structural class'
|
||||
MUST ( cn $ ipHostNumber )
|
||||
MAY ( userPassword $ l $ description $ manager ) )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
|
||||
DESC 'Abstraction of a network. The distinguished value of
|
||||
the cn attribute denotes the networks canonical name'
|
||||
MUST ipNetworkNumber
|
||||
MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
|
||||
DESC 'Abstraction of a netgroup. May refer to other netgroups'
|
||||
MUST cn
|
||||
MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
|
||||
DESC 'A generic abstraction of a NIS map'
|
||||
MUST nisMapName
|
||||
MAY description )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
|
||||
DESC 'An entry in a NIS map'
|
||||
MUST ( cn $ nisMapEntry $ nisMapName )
|
||||
MAY description )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY
|
||||
DESC 'A device with a MAC address; device SHOULD be
|
||||
used as a structural class'
|
||||
MAY macAddress )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY
|
||||
DESC 'A device with boot parameters; device SHOULD be
|
||||
used as a structural class'
|
||||
MAY ( bootFile $ bootParameter ) )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
|
||||
DESC 'An object with a public and secret key'
|
||||
MUST ( cn $ nisPublicKey $ nisSecretKey )
|
||||
MAY ( uidNumber $ description ) )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
|
||||
DESC 'Associates a NIS domain with a naming context'
|
||||
MUST nisDomain )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
|
||||
MUST ( automountMapName )
|
||||
MAY description )
|
||||
|
||||
objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
|
||||
DESC 'Automount information'
|
||||
MUST ( automountKey $ automountInformation )
|
||||
MAY description )
|
||||
## namedObject is needed for groups without members
|
||||
objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top
|
||||
STRUCTURAL MAY cn )
|
||||
|
354
slapd.conf.example
Normal file
354
slapd.conf.example
Normal file
@ -0,0 +1,354 @@
|
||||
############################################################################
|
||||
# See slapd.conf(5) for details on configuration options.
|
||||
# This file SHOULD NOT be world readable.
|
||||
#
|
||||
# Important note:
|
||||
# You surely have to adjust some settings to meet your (security)
|
||||
# requirements.
|
||||
# At least you should replace suffix "dc=example,dc=com" by
|
||||
# something meaningful for your setup.
|
||||
# If you plan to use OpenLDAP server as backend for Samba and/or Kerberos
|
||||
# KDC then you MUST add decent ACLs for protecting user credentials!
|
||||
#
|
||||
# Read the man pages before changing something!
|
||||
#
|
||||
# You can debug the config by running (as root while slapd stopped):
|
||||
# /usr/sbin/slapd -f /etc/openldap/slapd.conf -u ldap -g ldap -h "ldapi:/// ldap://127.0.0.1" -d 65535
|
||||
############################################################################
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# slapd global parameters
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
# serverID must be unique across all provider replicas
|
||||
# for using multi-master replication (MMR)
|
||||
serverID 99
|
||||
|
||||
# only alter this when you know what you're doing
|
||||
#threads 4
|
||||
|
||||
# Run-time files
|
||||
pidfile /var/run/slapd/slapd.pid
|
||||
argsfile /var/run/slapd/slapd.args
|
||||
|
||||
# for more debugging set:
|
||||
#loglevel config stats stats2
|
||||
loglevel stats
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Load runtime loadable modules
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
# Load additional backend modules installed by package 'openldap2'
|
||||
# The following backends are statically built-in and therefore don't have
|
||||
# to be loaded here:
|
||||
# config, ldif, monitor, bdb, hdb, ldap, mdb, relay
|
||||
#moduleload back_
|
||||
#moduleload back_
|
||||
#moduleload back_mdb
|
||||
#moduleload back_meta
|
||||
#moduleload back_sock
|
||||
|
||||
# Load additional overlay modules installed by package 'openldap2'
|
||||
# The following overlay are statically built-in and therefore don't have
|
||||
# to be loaded here:
|
||||
# ppolicy, syncprov
|
||||
#moduleload accesslog
|
||||
#moduleload constraint
|
||||
#moduleload dds
|
||||
#moduleload deref
|
||||
#moduleload dynlist
|
||||
#moduleload memberof
|
||||
moduleload refint
|
||||
#moduleload sssvlv
|
||||
#moduleload translucent
|
||||
moduleload unique
|
||||
#moduleload valsort
|
||||
|
||||
# Load additional overlay modules installed by package 'openldap2-contrib'
|
||||
#moduleload allowed
|
||||
#moduleload lastbind
|
||||
#moduleload noopsrch
|
||||
#moduleload pw-pbkdf2
|
||||
#moduleload pw-sha2
|
||||
#moduleload smbk5pwd
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Include schema files
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
# Schema files installed by package 'openldap2'
|
||||
include /etc/openldap/schema/core.schema
|
||||
include /etc/openldap/schema/cosine.schema
|
||||
include /etc/openldap/schema/inetorgperson.schema
|
||||
include /etc/openldap/schema/rfc2307bis.schema
|
||||
include /etc/openldap/schema/ppolicy.schema
|
||||
#include /etc/openldap/schema/yast.schema
|
||||
|
||||
# Schema file installed by package 'dhcp-server'
|
||||
#include /etc/openldap/schema/dhcp.schema
|
||||
|
||||
# Schema file installed by package 'samba'
|
||||
#include /etc/openldap/schema/samba3.schema
|
||||
|
||||
# Schema file installed by package 'krb5-plugin-kdb-ldap'
|
||||
#include /usr/share/doc/packages/krb5/kerberos.schema
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Transport Layer Security (TLS) configuration
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
# require at least TLS 1.0 and highly secure ciphers
|
||||
#TLSProtocolMin 3.1
|
||||
#TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH
|
||||
|
||||
# TLS certificate and key files
|
||||
#TLSCACertificateFile /etc/ssl/ca-bundle.pem
|
||||
#TLSCertificateFile /etc/openldap/ssl.crt/server.crt
|
||||
#TLSCertificateKeyFile /etc/openldap/ssl.key/server.key
|
||||
|
||||
# For enabling Perfect Forward Secrecy (PFS), see dhparam(1)
|
||||
#TLSDHParamFile /etc/openldap/ssl.key/dhparam
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Password hashing
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
#password-hash {CRYPT}
|
||||
# Parameters for {CRYPT} scheme: SHA-512, 72 bits) of salt, 5000 iterations
|
||||
#password-crypt-salt-format "$6$%.12s"
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Security requirements
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
#disallow bind_anon
|
||||
#require bind LDAPv3 strong
|
||||
|
||||
# SSF value for ldapi://
|
||||
localSSF 256
|
||||
|
||||
# minimum required SSF value (security strength factor)
|
||||
# Sample security restrictions
|
||||
# Require integrity protection (prevent hijacking)
|
||||
# Require 112-bit (3DES or better) encryption for updates
|
||||
# Require 63-bit encryption for simple bind
|
||||
# security ssf=1 update_ssf=112 simple_bind=64
|
||||
#security ssf=128 update_ssf=256 simple_bind=128
|
||||
security ssf=0
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Global access control (ACLs)
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
# Root DSE: allow anyone to read it
|
||||
access to
|
||||
dn.base=""
|
||||
by * read
|
||||
|
||||
# Sub schema sub entry: allow anyone to read it
|
||||
access to
|
||||
dn.base="cn=Subschema"
|
||||
by * read
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Authz-DN mappings
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
# If connected via IPC socket (ldapi:///) and SASL/EXTERNAL was used
|
||||
# System user root is mapped to the rootdn in database dc=example,dc=com
|
||||
# which has also read access on config and monitor databases
|
||||
authz-regexp
|
||||
"gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
|
||||
"cn=root,dc=example,dc=com"
|
||||
|
||||
# Map local system user to LDAP entry
|
||||
# if connected via IPC socket (ldapi:///) and SASL/EXTERNAL was used
|
||||
authz-regexp
|
||||
"gidnumber=([0-9]+)\\+uidnumber=([0-9]+),cn=peercred,cn=external,cn=auth"
|
||||
"ldap:///dc=example,dc=com??sub?(&(objectClass=posixAccount)(uidNumber=$2)(gidNumber=$1))"
|
||||
|
||||
# this maps the attribute uid to a LDAP entry
|
||||
# if one of the typical password-based SASL mechs was used
|
||||
authz-regexp
|
||||
"uid=([a-zA-Z0-9_-]+),cn=(DIGEST-MD5|CRAM-MD5|NTLM|PLAIN|LOGIN|SCRAM-SHA-1),cn=auth"
|
||||
"ldap:///dc=example,dc=com??sub?(uid=$1)"
|
||||
|
||||
# this maps the attribute uid to a LDAP entry
|
||||
# if one of the Kerberos based SASL mechs was used
|
||||
#authz-regexp
|
||||
# "uid=([a-zA-Z0-9_-]+),cn=(GSSAPI|GS2-KRB5|GS2-IAKERB),cn=auth"
|
||||
# "ldap:///dc=example,dc=com??sub?(|(krbPrincipalName=$1)(krbPrincipalAlias=$1))"
|
||||
|
||||
# Map client cert subject DN to LDAP entry if SASL/EXTERNAL was used
|
||||
#authz-regexp
|
||||
# "(.+)"
|
||||
# "ldap:///dc=example,dc=com??sub?(&(objectClass=pkiUser)(seeAlso=$1))"
|
||||
|
||||
|
||||
#===========================================================================
|
||||
# Database specific configuration sections below
|
||||
# Required order of databases:
|
||||
# config (first), ...others..., monitor (last)
|
||||
#===========================================================================
|
||||
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# cn=config // Configuration database (always first!)
|
||||
# see slapd-config(5)
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
database config
|
||||
|
||||
# Cleartext passwords, especially for the rootdn, should
|
||||
# be avoid! See slappasswd(8) and slapd.conf(5) for details.
|
||||
# Best thing is not to set rootpw at all!
|
||||
# For local config access by root use LDAPI with SASL/EXTERNAL instead
|
||||
# (see above).
|
||||
#rootpw secret
|
||||
|
||||
access to
|
||||
dn.subtree="cn=config"
|
||||
by dn.exact="cn=root,dc=example,dc=com" manage
|
||||
by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" read
|
||||
by * none
|
||||
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# dc=example,dc=com // Example MDB database to be used by normal clients
|
||||
# see slapd-mdb(5)
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
database mdb
|
||||
|
||||
suffix "dc=example,dc=com"
|
||||
|
||||
# rootdn has to be set for overlays' internal operations
|
||||
rootdn "cn=root,dc=example,dc=com"
|
||||
|
||||
# Cleartext passwords, especially for the rootdn, should
|
||||
# be avoid! See slappasswd(8) and slapd.conf(5) for details.
|
||||
# Best thing is not to set rootpw at all!
|
||||
rootpw secret
|
||||
|
||||
# The database directory MUST exist prior to running slapd and
|
||||
# SHOULD only be accessible by the slapd user 'ldap'.
|
||||
# mkdir /var/lib/ldap/example-db && chown ldap:ldap /var/lib/ldap/example-db && chmod 0700 /var/lib/ldap/example-db
|
||||
directory /var/lib/ldap/example-db
|
||||
|
||||
# Permissions of database files created
|
||||
mode 0600
|
||||
|
||||
# extra information to be available in cn=monitor for this database
|
||||
monitoring on
|
||||
|
||||
# Perform ACL checks on the content of a new entry being added
|
||||
add_content_acl on
|
||||
|
||||
# backend-specific database parameters
|
||||
checkpoint 1024 5
|
||||
# 100 MB (you can raise the limit later)
|
||||
maxsize 104857600
|
||||
|
||||
# Indices to maintain
|
||||
#
|
||||
# Whenever you change indexing configuration you have to re-run slapindex
|
||||
# while slapd being stopped!
|
||||
# Don't forget to fix ownership/permissions of newly generated index files
|
||||
# afterwards!
|
||||
|
||||
# set always!
|
||||
index objectClass eq
|
||||
|
||||
# for typical address book use
|
||||
index cn,sn,givenName,mail eq,sub
|
||||
|
||||
# for user management
|
||||
index uid,uidNumber,gidNumber eq
|
||||
|
||||
# for authz-regexp mapping of Kerberos principal name
|
||||
#index krbPrincipalName,krbPrincipalAlias eq
|
||||
|
||||
# for authz-regexp mapping of client cert subject DNs
|
||||
#index seeAlso eq
|
||||
|
||||
# for syncrepl
|
||||
index entryUUID,entryCSN eq
|
||||
|
||||
# access control lists (ACLs) for dc=example,dc=com
|
||||
# see slapd.access(5) for details on access control lists (ACLs)
|
||||
|
||||
# full read access also to 'userPassword' for group of replicas
|
||||
# and control is forwarded to subsequent ACLs
|
||||
access to
|
||||
dn.subtree=dc=example,dc=com
|
||||
by group.base="cn=slapd replicas,ou=groups,dc=example,dc=com" read
|
||||
by * break
|
||||
|
||||
# write-only access to 'userPassword' for user, auth access else
|
||||
access to
|
||||
attrs=userPassword
|
||||
by self =w
|
||||
by * auth
|
||||
|
||||
# 'userPKCS' must only be accessible by self
|
||||
access to
|
||||
attrs=userPKCS12
|
||||
by self write
|
||||
by * none
|
||||
|
||||
# No access to history of passwords
|
||||
#access to
|
||||
# attrs=pwdHistory
|
||||
# by * none
|
||||
|
||||
# Catch-all ACL for the rest
|
||||
access to
|
||||
dn.subtree=dc=example,dc=com
|
||||
by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" manage
|
||||
by self read
|
||||
by users read
|
||||
by * auth
|
||||
|
||||
# see slapo-ppolicy(5)
|
||||
overlay ppolicy
|
||||
# Default password policy entry
|
||||
#ppolicy_default cn=ppolicy-default,ou=policies,dc=example,dc=com
|
||||
# Hash clear-text userPassword values sent in with add/modify operations
|
||||
#ppolicy_hash_cleartext
|
||||
# Return AccountLocked error code to client
|
||||
#ppolicy_use_lockout
|
||||
|
||||
# see slapo-refint(5)
|
||||
overlay refint
|
||||
refint_attributes member seeAlso
|
||||
refint_nothing cn=dummy
|
||||
|
||||
# Check sub-tree wide uniqueness of certain attributes
|
||||
# see slapo-unique(5)
|
||||
# you have to add eq-index for efficient uniqueness check!
|
||||
# Note that filter part is currently ignored because of OpenLDAP ITS#6825
|
||||
overlay unique
|
||||
unique_uri "ldap:///dc=example,dc=com?uid,uidNumber,homeDirectory?sub"
|
||||
unique_uri "ldap:///ou=groups,dc=example,dc=com?cn,gidNumber?sub?(|(objectClass=groupOfNames)(objectClass=posixGroup))"
|
||||
#unique_uri "ldap:///dc=example,dc=com?krbPrincipalName,krbPrincipalAlias?sub"
|
||||
#unique_uri "ldap:///dc=example,dc=com?ipHostNumber?sub"
|
||||
#unique_uri "ldap:///dc=example,dc=com?employeeNumber?sub"
|
||||
#unique_uri "ldap:///dc=example,dc=com?uniqueIdentifier?sub"
|
||||
|
||||
#overlay syncprov
|
||||
#mirrormode on
|
||||
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# cn=monitor // Monitoring database (always last!)
|
||||
# see slapd-monitor(5)
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
database monitor
|
||||
|
||||
access to
|
||||
dn.subtree="cn=monitor"
|
||||
by dn.exact="cn=root,dc=example,dc=com" write
|
||||
by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" write
|
||||
by users read
|
11
slapd.service
Normal file
11
slapd.service
Normal file
@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=OpenLDAP Server Daemon
|
||||
After=syslog.target network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/usr/lib/openldap/start
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
208
start
Normal file
208
start
Normal file
@ -0,0 +1,208 @@
|
||||
#! /bin/sh
|
||||
# Copyright (c) 1997-2000 SuSE GmbH Nuernberg, Germany.
|
||||
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
|
||||
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# Author: Carsten Hoeger
|
||||
# Ralf Haferkamp
|
||||
#
|
||||
# /etc/init.d/ldap
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides: ldap
|
||||
# Required-Start: $network $remote_fs
|
||||
# Required-Stop: $network $remote_fs
|
||||
# Default-Start: 3 5
|
||||
# Default-Stop: 0 1 2 6
|
||||
# Short-Description: OpenLDAP Server (slapd)
|
||||
# Description: Start and Stop the OpenLDAP Server (slapd) to
|
||||
# provide LDAP directory services.
|
||||
### END INIT INFO
|
||||
|
||||
# Determine the base and follow a runlevel link name.
|
||||
base=${0##*/}
|
||||
link=${base#*[SK][0-9][0-9]}
|
||||
|
||||
test -f /etc/sysconfig/openldap && . /etc/sysconfig/openldap
|
||||
|
||||
SLAPD_BIN=/usr/sbin/slapd
|
||||
LDAP_URLS=""
|
||||
LDAPS_URLS=""
|
||||
LDAPI_URLS=""
|
||||
SLAPD_CONFIG_ARG="-F /etc/openldap/slapd.d"
|
||||
SLAPD_PID_DIR="/var/run/slapd/"
|
||||
|
||||
test -x $SLAPD_BIN || exit 5
|
||||
|
||||
# Shell functions sourced from /etc/rc.status:
|
||||
# rc_check check and set local and overall rc status
|
||||
# rc_status check and set local and overall rc status
|
||||
# rc_status -v ditto but be verbose in local rc status
|
||||
# rc_status -v -r ditto and clear the local rc status
|
||||
# rc_failed set local and overall rc status to failed
|
||||
# rc_failed <num> set local and overall rc status to <num><num>
|
||||
# rc_reset clear local rc status (overall remains)
|
||||
# rc_exit exit appropriate to overall rc status
|
||||
. /etc/rc.status
|
||||
|
||||
# First reset status of this service
|
||||
rc_reset
|
||||
|
||||
function init_ldap_listener_urls(){
|
||||
case "$OPENLDAP_START_LDAP" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -n "$OPENLDAP_LDAP_INTERFACES" ]
|
||||
then
|
||||
for iface in $OPENLDAP_LDAP_INTERFACES ;do
|
||||
LDAP_URLS="$LDAP_URLS ldap://$iface"
|
||||
done
|
||||
else
|
||||
LDAP_URLS="ldap:///"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
function init_ldapi_listener_urls(){
|
||||
case "$OPENLDAP_START_LDAPI" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -n "$OPENLDAP_LDAPI_INTERFACES" ]
|
||||
then
|
||||
for iface in $OPENLDAP_LDAPI_INTERFACES ;do
|
||||
esc_iface=`echo "$iface" | sed -e s'/\\//\\%2f/'g`
|
||||
LDAPI_URLS="$LDAPI_URLS ldapi://$esc_iface"
|
||||
done
|
||||
else
|
||||
LDAPI_URLS="ldapi:///"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
function init_ldaps_listener_urls(){
|
||||
case "$OPENLDAP_START_LDAPS" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -n "$OPENLDAP_LDAPS_INTERFACES" ]
|
||||
then
|
||||
for iface in $OPENLDAP_LDAPS_INTERFACES ;do
|
||||
LDAPS_URLS="$LDAPS_URLS ldaps://$iface"
|
||||
done
|
||||
else
|
||||
LDAPS_URLS="ldaps:///"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
function check_connection(){
|
||||
SLAPD_TIMEOUT=10
|
||||
START=$( date +%s)
|
||||
while [ $(( $( date +%s) - ${START} )) -lt ${SLAPD_TIMEOUT} ]; do
|
||||
ldapsearch -x -H "$LDAP_URLS $LDAPI_URLS $LDAPS_URLS" -b "" -s base &>/dev/null
|
||||
LDAPSEARCH_RC=$?
|
||||
if [ ${LDAPSEARCH_RC} -ge 0 ] && [ ${LDAPSEARCH_RC} -le 80 ] ; then break
|
||||
else sleep 1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
depth=0;
|
||||
|
||||
function chown_database_dirs_bconfig() {
|
||||
ldapdir=$(find $1 -type f -name "olcDatabase*" | xargs grep -i olcdbdirectory | awk '{print $2}')
|
||||
for dir in $ldapdir; do
|
||||
[ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
|
||||
chown -R $OPENLDAP_USER $dir 2>/dev/null
|
||||
[ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
|
||||
chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null
|
||||
done
|
||||
}
|
||||
|
||||
function chown_database_dirs() {
|
||||
ldapdir=`grep ^directory $1 | awk '{print $2}'`
|
||||
for dir in $ldapdir; do
|
||||
[ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
|
||||
chown -R $OPENLDAP_USER $dir 2>/dev/null
|
||||
[ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
|
||||
chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null
|
||||
done
|
||||
includes=`grep ^include $1 | awk '{print $2}'`
|
||||
if [ $depth -le 50 ]; then
|
||||
depth=$(( $depth + 1 ));
|
||||
for i in $includes; do
|
||||
chown_database_dirs "$i" ;
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
USER_CMD=""
|
||||
GROUP_CMD=""
|
||||
[ ! "x$OPENLDAP_USER" = "x" ] && USER_CMD="-u $OPENLDAP_USER"
|
||||
[ ! "x$OPENLDAP_GROUP" = "x" ] && GROUP_CMD="-g $OPENLDAP_GROUP"
|
||||
[ ! "x$OPENLDAP_CONFIG_BACKEND" = "xldap" ] && SLAPD_CONFIG_ARG="-f /etc/openldap/slapd.conf"
|
||||
|
||||
|
||||
if [ -f /etc/openldap/UPDATE_NEEDED ]; then
|
||||
rc_failed 6
|
||||
echo " The configuration of your LDAP server needs to be updated."
|
||||
echo " Please see /usr/share/doc/packages/openldap2/README.update"
|
||||
echo " for details."
|
||||
echo " After the update please remove the file:"
|
||||
echo " /etc/openldap/UPDATE_NEEDED"
|
||||
rc_status -v
|
||||
exit
|
||||
fi
|
||||
# chown backend directories if OPENLDAP_CHOWN_DIRS ist set
|
||||
if [ "$(echo "$OPENLDAP_CHOWN_DIRS" | tr 'A-Z' 'a-z')" = "yes" ]; then
|
||||
if [ -n "$OPENLDAP_USER" -o -n "$OPENLDAP_GROUP" ]; then
|
||||
if [ -n "$OPENLDAP_CONFIG_BACKEND" -a "$OPENLDAP_CONFIG_BACKEND" = "ldap" ]; then
|
||||
chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
|
||||
chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
|
||||
chown_database_dirs_bconfig "/etc/openldap/slapd.d"
|
||||
# assume back-config usage if slapd.conf is not present but slapd.d is
|
||||
elif [ ! -f /etc/openldap/slapd.conf -a /etc/openldap/slapd.d ]; then
|
||||
chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
|
||||
chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
|
||||
chown_database_dirs_bconfig "/etc/openldap/slapd.d"
|
||||
else
|
||||
chown_database_dirs "/etc/openldap/slapd.conf"
|
||||
chgrp $OPENLDAP_GROUP /etc/openldap/slapd.conf 2>/dev/null
|
||||
fi
|
||||
if test -f /etc/sasl2/slapd.conf ; then
|
||||
chgrp $OPENLDAP_GROUP /etc/sasl2/slapd.conf 2>/dev/null
|
||||
chmod 640 /etc/sasl2/slapd.conf 2>/dev/null
|
||||
fi
|
||||
if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
|
||||
keytabfile=${OPENLDAP_KRB5_KEYTAB/#FILE:/}
|
||||
if test -f $keytabfile ; then
|
||||
chgrp $OPENLDAP_GROUP $keytabfile 2>/dev/null
|
||||
chmod g+r $keytabfile 2>/dev/null
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
|
||||
export KRB5_KTNAME=$OPENLDAP_KRB5_KEYTAB
|
||||
fi
|
||||
case "$OPENLDAP_REGISTER_SLP" in
|
||||
[Yy][Ee][Ss])
|
||||
SLAPD_SLP_REG="-o slp=on"
|
||||
;;
|
||||
*)
|
||||
SLAPD_SLP_REG="-o slp=off"
|
||||
;;
|
||||
esac
|
||||
|
||||
init_ldap_listener_urls
|
||||
init_ldapi_listener_urls
|
||||
init_ldaps_listener_urls
|
||||
|
||||
if [ ! -d $SLAPD_PID_DIR ]; then
|
||||
mkdir -p $SLAPD_PID_DIR
|
||||
chown ldap:ldap $SLAPD_PID_DIR
|
||||
fi
|
||||
echo -n "Starting ldap-server"
|
||||
exec $SLAPD_BIN -h "$LDAP_URLS $LDAPS_URLS $LDAPI_URLS" \
|
||||
$SLAPD_CONFIG_ARG $USER_CMD $GROUP_CMD \
|
||||
$OPENLDAP_SLAPD_PARAMS $SLAPD_SLP_REG
|
||||
|
158
sysconfig.openldap
Normal file
158
sysconfig.openldap
Normal file
@ -0,0 +1,158 @@
|
||||
## Path: Network/LDAP
|
||||
## Description: Basic Configuration of the OpenLDAP Directory Server
|
||||
|
||||
## Type: yesno
|
||||
## Default: yes
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# If set to "no" the LDAP server will not accept any "normal" LDAP connections
|
||||
# but just connections over "ldaps" or "ldapi". Setting this to "no" does only
|
||||
# make sense when either OPENLDAP_START_LDAPS or OPENLDAP_START_LDAPI is set
|
||||
# "yes".
|
||||
#
|
||||
OPENLDAP_START_LDAP="yes"
|
||||
|
||||
## Type: yesno
|
||||
## Default: no
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# If set to "yes" the "ldap over ssl" feature of slapd will be enabled. Don't
|
||||
# forget to add the "TLSCertificateFile" and "TLSCertificateKeyFile" options
|
||||
# to the /etc/openldap/slapd.conf (man slapd.conf).
|
||||
# Note: Don't confuse this with "START_TLS", the preferred method for
|
||||
# making encrypted LDAP connections, which is enabled as soon as You
|
||||
# specify "TLSCertificateFile" and "TLSCertificateKeyFile" in your config
|
||||
# file
|
||||
#
|
||||
OPENLDAP_START_LDAPS="no"
|
||||
|
||||
## Type: yesno
|
||||
## Default: no
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# If set to "yes", "ldap over IPC" feature of slapd will be enabled.
|
||||
# The ldap server creates a Unix domain socket as /var/run/slapd/ldapi.
|
||||
# Default: no
|
||||
#
|
||||
OPENLDAP_START_LDAPI="yes"
|
||||
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# If not empty, additional parameters for slapd daemon.
|
||||
# Default: ""
|
||||
#
|
||||
OPENLDAP_SLAPD_PARAMS=""
|
||||
|
||||
## Type: string
|
||||
## Default: ldap
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# specifies a user, as which the openldap server should be executed
|
||||
# Default: ldap
|
||||
#
|
||||
OPENLDAP_USER="ldap"
|
||||
|
||||
## Type: string
|
||||
## Default: ldap
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# specifies a group, as which the openldap server should be executed
|
||||
# Default: ldap
|
||||
#
|
||||
OPENLDAP_GROUP="ldap"
|
||||
|
||||
## Type: yesno
|
||||
## Default: yes
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# If set to "yes" the init scripts will change the owner/group of the
|
||||
# different backend database directories (e.g. /var/lib/ldap) to the
|
||||
# user/group specified above
|
||||
#
|
||||
OPENLDAP_CHOWN_DIRS="yes"
|
||||
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# Use this to specify the interfaces that the server such accept
|
||||
# LDAP connections from. The values are specified in the format
|
||||
# <address>:<port>, where address is an IP address and port is the
|
||||
# portnumber, the daemon should listen to (defaulting to 389). If this
|
||||
# parameter is empty the server will attach to all interfaces. This
|
||||
# parameter is only evaluated if "OPENLDAP_START_LDAP" is set to
|
||||
# "yes"
|
||||
# Default: ""
|
||||
#
|
||||
OPENLDAP_LDAP_INTERFACES=""
|
||||
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# Use this to specify the interfaces that the server such accept
|
||||
# LDAPS connections from. The values are specified in the format
|
||||
# <address>:<port>, where address is an IP address and port is the
|
||||
# portnumber, the daemon should listen to (defaulting to 636). If this
|
||||
# parameter is empty the server will attach to all interfaces. This
|
||||
# parameter is only evaluated if "OPENLDAP_START_LDAPS" is set to
|
||||
# "yes"
|
||||
# Default: ""
|
||||
#
|
||||
OPENLDAP_LDAPS_INTERFACES=""
|
||||
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# Use this to specify the paths of the Unix Domain Sockets that
|
||||
# the server should create an accept incoming LDAPI connections
|
||||
# on. This parameter is only evaluated if "OPENLDAP_START_LDAPI"
|
||||
# is set to "yes".
|
||||
# Default: ""
|
||||
#
|
||||
OPENLDAP_LDAPI_INTERFACES=""
|
||||
|
||||
## Type: yesno
|
||||
## Default: "yes"
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# If set to "no" the LDAP server will not try itself at a running SLP
|
||||
# daemon.
|
||||
# Default: "yes"
|
||||
#
|
||||
OPENLDAP_REGISTER_SLP="no"
|
||||
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# Set this to the name of the keytab, if you want to use a non-default
|
||||
# Kerberos Keytab. If OPENLDAP_CHOWN_DIRS is set to "yes" the permissions of
|
||||
# this file will be changed so that the group OPENLDAP_GROUP has read
|
||||
# access to the file.
|
||||
# Example: OPENLDAP_KRB5_KEYTAB="FILE:/etc/openldap/krb5.keytab
|
||||
# Default: ""
|
||||
#
|
||||
OPENLDAP_KRB5_KEYTAB=""
|
||||
|
||||
## Type: string
|
||||
## Default: "files"
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# Here you can configure which of the configuration backends you want to
|
||||
# use. Possible values are "files" for slapd.conf(5) styleconfiguration or
|
||||
# "ldap" for the slapd-config(5) LDAP based configuration backend.
|
||||
#
|
||||
OPENLDAP_CONFIG_BACKEND=""
|
||||
|
||||
## Type: yesno
|
||||
## Default: "yes"
|
||||
## ServiceRestart: ldap
|
||||
#
|
||||
# Here you can configure if the slapd shall start with or without memory limit.
|
||||
#
|
||||
OPENLDAP_MEMORY_LIMIT="yes"
|
||||
|
202
yast.schema
Normal file
202
yast.schema
Normal file
@ -0,0 +1,202 @@
|
||||
## Some macros
|
||||
objectidentifier SUSE 1.3.6.1.4.1.7057
|
||||
objectidentifier SUSE.YaST SUSE:10.1
|
||||
objectidentifier SUSE.YaST.ModuleConfig SUSE:10.1.2
|
||||
objectidentifier SUSE.YaST.ModuleConfig.OC SUSE.YaST.ModuleConfig:1
|
||||
objectidentifier SUSE.YaST.ModuleConfig.Attr SUSE.YaST.ModuleConfig:2
|
||||
|
||||
# Attributes
|
||||
|
||||
# deprecated
|
||||
#
|
||||
#attributetype ( SUSE.YaST.ModuleConfig.Attr:1 NAME ( 'userConfigDn' )
|
||||
# DESC 'Where is the configuration for user management stored'
|
||||
# EQUALITY distinguishedNameMatch
|
||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:2 NAME ( 'suseDefaultBase' )
|
||||
DESC 'Base DN where new Objects should be created by default'
|
||||
EQUALITY distinguishedNameMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:3 NAME ( 'suseNextUniqueId' )
|
||||
DESC 'Next unused unique ID, can be used to generate directory wide uniqe IDs'
|
||||
EQUALITY integerMatch
|
||||
ORDERING integerOrderingMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:4 NAME ( 'suseMinUniqueId' )
|
||||
DESC 'lower Border for Unique IDs'
|
||||
EQUALITY integerMatch
|
||||
ORDERING integerOrderingMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:5 NAME ( 'suseMaxUniqueId' )
|
||||
DESC 'upper Border for Unique IDs'
|
||||
EQUALITY integerMatch
|
||||
ORDERING integerOrderingMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:6 NAME ( 'suseDefaultTemplate' )
|
||||
DESC 'The DN of a template that should be used by default'
|
||||
EQUALITY distinguishedNameMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:7 NAME ( 'suseSearchFilter' )
|
||||
DESC 'Search filter to localize Objects'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
||||
SINGLE-VALUE )
|
||||
|
||||
# deprecated
|
||||
#
|
||||
#attributetype ( SUSE.YaST.ModuleConfig.Attr:8 NAME ( 'DefaultObjectClass' )
|
||||
# DESC 'ObjectClass that new Objects should use'
|
||||
# EQUALITY caseIgnoreIA5Match
|
||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
#
|
||||
#attributetype ( SUSE.YaST.ModuleConfig.Attr:9 NAME ( 'suseRequiredAttribute' )
|
||||
# DESC ''
|
||||
# EQUALITY caseIgnoreIA5Match
|
||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
#
|
||||
#attributetype ( SUSE.YaST.ModuleConfig.Attr:10 NAME ( 'allowedAttribute' )
|
||||
# DESC ''
|
||||
# EQUALITY caseIgnoreIA5Match
|
||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:11 NAME ( 'suseDefaultValue' )
|
||||
DESC 'an Attribute-Value-Assertions to define defaults for specific Attributes'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:12 NAME ( 'suseNamingAttribute' )
|
||||
DESC 'AttributeType that should be used as the RDN'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:15 NAME ( 'suseSecondaryGroup' )
|
||||
DESC 'seconday group DN'
|
||||
EQUALITY distinguishedNameMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:16 NAME ( 'suseMinPasswordLength' )
|
||||
DESC 'minimum Password length for new users'
|
||||
EQUALITY integerMatch
|
||||
ORDERING integerOrderingMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:17 NAME ( 'suseMaxPasswordLength' )
|
||||
DESC 'maximum Password length for new users'
|
||||
EQUALITY integerMatch
|
||||
ORDERING integerOrderingMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:18 NAME ( 'susePasswordHash' )
|
||||
DESC 'Hash method to use for new users'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:19 NAME ( 'suseSkelDir' )
|
||||
DESC ''
|
||||
EQUALITY caseExactIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:20 NAME ( 'susePlugin' )
|
||||
DESC 'plugin to use upon user/ group creation'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:21 NAME ( 'suseMapAttribute' )
|
||||
DESC ''
|
||||
EQUALITY caseIgnoreMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:22 NAME ( 'suseImapServer' )
|
||||
DESC ''
|
||||
EQUALITY caseIgnoreMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:23 NAME ( 'suseImapAdmin' )
|
||||
DESC ''
|
||||
EQUALITY caseIgnoreMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:24 NAME ( 'suseImapDefaultQuota' )
|
||||
DESC ''
|
||||
EQUALITY integerMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||
SINGLE-VALUE )
|
||||
|
||||
attributetype ( SUSE.YaST.ModuleConfig.Attr:25 NAME ( 'suseImapUseSsl' )
|
||||
DESC ''
|
||||
EQUALITY booleanMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
||||
SINGLE-VALUE )
|
||||
|
||||
# ObjectClasses
|
||||
objectClass ( SUSE.YaST.ModuleConfig.OC:2 NAME 'suseModuleConfiguration'
|
||||
SUP top STRUCTURAL
|
||||
DESC 'Contains configuration of Management Modules'
|
||||
MUST ( cn )
|
||||
MAY ( suseDefaultBase ))
|
||||
|
||||
objectClass ( SUSE.YaST.ModuleConfig.OC:3 NAME 'suseUserConfiguration'
|
||||
SUP suseModuleConfiguration STRUCTURAL
|
||||
DESC 'Configuration of user management tools'
|
||||
MAY ( suseMinPasswordLength $ suseMaxPasswordLength $
|
||||
susePasswordHash $ suseSkelDir $ suseNextUniqueId $ suseMinUniqueId $
|
||||
suseMaxUniqueId $ suseDefaultTemplate $ suseSearchFilter $
|
||||
suseMapAttribute ))
|
||||
|
||||
objectClass ( SUSE.YaST.ModuleConfig.OC:4 NAME 'suseObjectTemplate'
|
||||
SUP top STRUCTURAL
|
||||
DESC 'Base Class for Object-Templates'
|
||||
MUST ( cn )
|
||||
MAY ( susePlugin $ suseDefaultValue $ suseNamingAttribute ))
|
||||
|
||||
objectClass ( SUSE.YaST.ModuleConfig.OC:5 NAME 'suseUserTemplate'
|
||||
SUP suseObjectTemplate STRUCTURAL
|
||||
DESC 'User object template'
|
||||
MUST ( cn )
|
||||
MAY ( suseSecondaryGroup ))
|
||||
|
||||
objectClass ( SUSE.YaST.ModuleConfig.OC:6 NAME 'suseGroupTemplate'
|
||||
SUP suseObjectTemplate STRUCTURAL
|
||||
DESC 'Group object template'
|
||||
MUST ( cn ))
|
||||
|
||||
objectClass ( SUSE.YaST.ModuleConfig.OC:7 NAME 'suseGroupConfiguration'
|
||||
SUP suseModuleConfiguration STRUCTURAL
|
||||
DESC 'Configuration of user management tools'
|
||||
MAY ( suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $
|
||||
suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute ))
|
||||
|
||||
objectClass ( SUSE.YaST.ModuleConfig.OC:8 NAME 'suseCaConfiguration'
|
||||
SUP suseModuleConfiguration STRUCTURAL
|
||||
DESC 'Configuration of CA management tools')
|
||||
|
||||
objectClass ( SUSE.YaST.ModuleConfig.OC:9 NAME 'suseDnsConfiguration'
|
||||
SUP suseModuleConfiguration STRUCTURAL
|
||||
DESC 'Configuration of mail server management tools')
|
||||
|
||||
objectClass ( SUSE.YaST.ModuleConfig.OC:10 NAME 'suseDhcpConfiguration'
|
||||
SUP suseModuleConfiguration STRUCTURAL
|
||||
DESC 'Configuration of DHCP server management tools')
|
||||
|
||||
objectClass ( SUSE.YaST.ModuleConfig.OC:11 NAME 'suseMailConfiguration'
|
||||
SUP suseModuleConfiguration STRUCTURAL
|
||||
DESC 'Configuration of IMAP user management tools'
|
||||
MUST ( suseImapServer $ suseImapAdmin $ suseImapDefaultQuota $
|
||||
suseImapUseSsl ))
|
||||
|
Loading…
Reference in New Issue
Block a user