tatankato/openldap2
SHA256
1
0
Fork 0
forked from jengelh/openldap2
Code Pull Requests Activity

Accepting request 358524 from home:guohouzuo:branches:network:ldap

Browse Source 
good stuff

OBS-URL: https://build.opensuse.org/request/show/358524
OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=152
This commit is contained in:
Howard Guo 2016-02-09 14:32:56 +00:00 committed by Git OBS Bridge
parent c4e540aea8
commit d2c6a28c89
12 changed files with 549 additions and 3391 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
0002-slapd.conf.dif
View File

@ -1,63 +0,0 @@
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index b225fe5..e22e7f2 100644
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -3,6 +3,10 @@
# This file should NOT be world readable.
#
include %SYSCONFDIR%/schema/core.schema
+include %SYSCONFDIR%/schema/cosine.schema
+include %SYSCONFDIR%/schema/inetorgperson.schema
+include %SYSCONFDIR%/schema/rfc2307bis.schema
+include %SYSCONFDIR%/schema/yast.schema
# Define global ACLs to disable default read access.
@@ -10,12 +14,12 @@ include %SYSCONFDIR%/schema/core.schema
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
-pidfile %LOCALSTATEDIR%/run/slapd.pid
-argsfile %LOCALSTATEDIR%/run/slapd.args
+pidfile %LOCALSTATEDIR%/slapd.pid
+argsfile %LOCALSTATEDIR%/slapd.args
# Load dynamic backend modules:
# modulepath %MODULEDIR%
-# moduleload back_mdb.la
+moduleload back_mdb.la
# moduleload back_ldap.la
# Sample security restrictions
@@ -45,6 +49,23 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
#
# rootdn can always read and write EVERYTHING!
+access to dn.base=""
+ by * read
+
+access to dn.base="cn=Subschema"
+ by * read
+
+access to attrs=userPassword,userPKCS12
+ by self write
+ by * auth
+
+access to attrs=shadowLastChange
+ by self write
+ by * read
+
+access to *
+ by * read
+
#######################################################################
# MDB database definitions
#######################################################################
@@ -60,6 +81,6 @@ rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
-directory %LOCALSTATEDIR%/openldap-data
+directory /var/lib/ldap
# Indices to maintain
index objectClass eq

11
ldapns.ldif Normal file
View File

@ -0,0 +1,11 @@
dn: cn=ldapns,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: ldapns
olcAttributeTypes: {0}( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DES
C 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.
3.6.1.4.1.1466.115.121.1.15{256} )
olcObjectClasses: {0}( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject
' DESC 'Auxiliary object class for adding authorizedService attribute' SUP
top AUXILIARY MAY authorizedService )
olcObjectClasses: {1}( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxil
iary object class for adding host attribute' SUP top AUXILIARY MAY host )

2514
openldap2-client.changes
View File

File diff suppressed because it is too large Load Diff

610
openldap2-client.spec
View File

@ -1,610 +0,0 @@
#
# spec file for package openldap2-client
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define run_test_suite 0
%define version_main 2.4.44
%if %{suse_version} >= 1310 && %{suse_version} != 1315
%define _rundir /run/slapd
%else
%define _rundir /var/run/slapd
%endif
Name: openldap2-client
Summary: The OpenLDAP commandline client tools
License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Clients
Version: %{version_main}
Release: 0
Url: http://www.openldap.org
Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
Source3: DB_CONFIG
Source4: sasl-slapd.conf
Source5: README.module-loading
Source6: schema2ldif
Source7: baselibs.conf
Source9: ldapns.schema
Source10: rfc2307bis.schema
Source11: yast.schema
Source12: slapd.conf.example
Source13: start
Source14: slapd.service
Source15: SuSEfirewall2.openldap
Source16: sysconfig.openldap
Patch2: 0002-slapd.conf.dif
Patch3: 0003-LDAPI-socket-location.dif
Patch5: 0005-pie-compile.dif
Patch6: 0006-No-Build-date-and-time-in-binaries.dif
Patch7: 0007-Recover-on-DB-version-change.dif
Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
Patch11: 0011-openldap-re24-its7796.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: cyrus-sasl-devel
BuildRequires: groff
BuildRequires: libopenssl-devel
BuildRequires: libtool
Requires: libldap-2_4-2 = %{version_main}
Recommends: cyrus-sasl
%if "%{name}" == "openldap2"
BuildRequires: db-devel
BuildRequires: openslp-devel
BuildRequires: unixODBC-devel
Conflicts: openldap
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
%if %{suse_version} >= 1310 && %{suse_version} != 1315
# avoid cycle with krb5
BuildRequires: krb5-mini
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
%endif
%else
Conflicts: openldap-client
%endif
# For /usr/bin/strings
Requires(pre): binutils
%if "%{name}" == "openldap2"
%description
OpenLDAP is a client and server reference implementation of the
Lightweight Directory Access Protocol v3 (LDAPv3).
The server provides several database backends and overlays.
%package -n openldap2-back-perl
Summary: OpenLDAP Perl Back-End
Group: Productivity/Networking/LDAP/Servers
Requires: openldap2 = %{version_main}
Requires: perl = %{perl_version}
%description -n openldap2-back-perl
The OpenLDAP Perl back-end allows you to execute Perl code specific to
different LDAP operations.
%package -n openldap2-back-sock
Summary: OpenLDAP Socket Back-End
Group: Productivity/Networking/LDAP/Servers
Requires: openldap2 = %{version_main}
Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz
%description -n openldap2-back-sock
The OpenLDAP socket back-end allows you to handle LDAP requests and
results with an external process listening on a Unix domain socket.
%package -n openldap2-back-meta
Summary: OpenLDAP Meta Back-End
Group: Productivity/Networking/LDAP/Servers
Requires: openldap2 = %{version_main}
Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz
%description -n openldap2-back-meta
The OpenLDAP Meta back-end is able to perform basic LDAP proxying with
respect to a set of remote LDAP servers. The information contained in
these servers can be presented as belonging to a single Directory
Information Tree (DIT).
%package -n openldap2-back-sql
Summary: OpenLDAP SQL Back-End
Group: Productivity/Networking/LDAP/Servers
Requires: openldap2 = %{version_main}
%description -n openldap2-back-sql
The primary purpose of this OpenLDAP backend is to present information
stored in a Relational (SQL) Database as an LDAP subtree without the need
to do any programming.
%package -n openldap2-contrib
Summary: OpenLDAP Contrib Modules
Group: Productivity/Networking/LDAP/Servers
Requires: openldap2 = %{version_main}
%description -n openldap2-contrib
Various overlays found in contrib/:
allop
allowed Generates attributes indicating access rights
autogroup
cloak
denyop
lastbind writes last bind timestamp to entry
noopsrch handles no-op search control
nops
pw-sha2 generates/validates SHA-2 password hashes
pw-pbkdf2 generates/validates PBKDF2 password hashes
smbk5pwd generates Samba3 password hashes (heimdal krb disabled)
%package -n openldap2-doc
Summary: OpenLDAP Documentation
Group: Documentation/Other
Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README
%if 0%{?suse_version} > 1110
BuildArch: noarch
%endif
%description -n openldap2-doc
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
Authors:
--------
The OpenLDAP Project <project@openldap.org>
%else
%description
This package contains the OpenLDAP client utilities.
%package -n openldap2-devel
Summary: Libraries, Header Files and Documentation for OpenLDAP
Group: Development/Libraries/C and C++
# bug437293
%ifarch ppc64
Obsoletes: openldap2-devel-64bit
%endif
#
Conflicts: openldap-devel
Requires: libldap-2_4-2 = %{version_main}
Recommends: cyrus-sasl-devel
%description -n openldap2-devel
This package provides the OpenLDAP libraries, header files, and
documentation.
%package -n openldap2-devel-static
Summary: Static libraries for the OpenLDAP libraries
Group: Development/Libraries/C and C++
Requires: cyrus-sasl-devel
Requires: libopenssl-devel
Requires: openldap2-devel = %version
%description -n openldap2-devel-static
This package provides the static versions of the OpenLDAP libraries
for development.
%package -n libldap-2_4-2
Summary: OpenLDAP Client Libraries
Group: Productivity/Networking/LDAP/Clients
%description -n libldap-2_4-2
This package contains the OpenLDAP client libraries.
%endif
%prep
%setup -q -n openldap-%{version_main}
%patch2 -p1
%patch3 -p1
#%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
cp %{SOURCE5} .
%build
export CFLAGS="%{optflags} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
export STRIP=""
./configure \
--prefix=/usr \
--sysconfdir=%{_sysconfdir} \
--libdir=%{_libdir} \
--libexecdir=%{_libdir} \
--localstatedir=%{_rundir} \
--enable-wrappers=no \
--enable-spasswd \
--enable-modules \
--enable-shared \
--enable-dynamic \
--with-tls=openssl \
--with-cyrus-sasl \
--enable-crypt \
--enable-ipv6=yes \
%if "%{name}" == "openldap2"
--enable-aci \
--enable-bdb=mod \
--enable-hdb=mod \
--enable-rewrite \
--enable-ldap=mod \
--enable-meta=mod \
--enable-monitor=mod \
--enable-perl=mod \
--enable-sock=mod \
--enable-sql=mod \
--enable-mdb=mod \
--enable-relay=mod \
--enable-slp \
--enable-overlays=mod \
--enable-syncprov=mod \
--enable-ppolicy=mod \
%else
--disable-slapd \
%endif
--enable-lmpasswd \
--with-yielding-select \
|| cat config.log
make depend
make %{?_smp_mflags}
%if "%{name}" == "openldap2"
# Build selected contrib overlays
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
do
make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
done
# One more level up needed because of passwd/sha2
# slapo-smbk5pwd only for Samba password hashes
make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""
%endif
%check
%if %run_test_suite
# calculate the base port to be use in the test-suite
SLAPD_BASEPORT=10000
if [ -f /.buildenv ] ; then
. /.buildenv
SLAPD_BASEPORT=$(($SLAPD_BASEPORT + ${BUILD_INCARNATION:-0} * 10))
fi
export SLAPD_BASEPORT
%ifnarch %arm alpha
rm -f tests/scripts/test019-syncreplication-cascade
rm -f tests/scripts/test022-ppolicy
rm -f tests/scripts/test023-refint
rm -f tests/scripts/test033-glue-syncrepl
#rm -f tests/scripts/test036-meta-concurrency
#rm -f tests/scripts/test039-glue-ldap-concurrency
rm -f tests/scripts/test043-delta-syncrepl
#rm -f tests/scripts/test045-syncreplication-proxied
rm -f tests/scripts/test048-syncrepl-multiproxy
rm -f tests/scripts/test050-syncrepl-multimaster
rm -f tests/scripts/test058-syncrepl-asymmetric
make SLAPD_DEBUG=0 test
%endif
%endif
%install
mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}/openldap
mkdir -p ${RPM_BUILD_ROOT}/usr/lib/openldap
mkdir -p ${RPM_BUILD_ROOT}/usr/sbin
mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir}
make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
# Additional symbolic link to slapd executable in /usr/sbin/
%if "%{name}" == "openldap2"
ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd
%endif
%if "%{name}" == "openldap2"
# Install selected contrib overlays
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
do
make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
done
# slapo-smbk5pwd only for Samba password hashes
make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
%endif
install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start
install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir}
mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d
mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2
install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2/slapd.conf
install -m 755 -d ${RPM_BUILD_ROOT}/var/lib/ldap
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so*
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so*
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so*
install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif
%if "%{name}" == "openldap2"
%define DOCDIR %{_defaultdocdir}/%{name}
mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates
install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap
install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG
install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example
install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap
rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d`
rm -rf doc/guide/release
install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \
${RPM_BUILD_ROOT}/%{DOCDIR}/images \
${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
install -m 644 doc/guide/admin/* ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide
install -m 644 doc/guide/images/*.gif ${RPM_BUILD_ROOT}/%{DOCDIR}/images
install -m 644 doc/drafts/* ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
install -m 644 ANNOUNCEMENT \
COPYRIGHT \
LICENSE \
README \
CHANGES \
%{SOURCE5} \
${RPM_BUILD_ROOT}/%{DOCDIR}
install -m 644 servers/slapd/slapd.ldif \
${RPM_BUILD_ROOT}/%{DOCDIR}/slapd.ldif.default
rm -f ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example
rm -f ${RPM_BUILD_ROOT}/etc/openldap/schema/README
rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif*
rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example
mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
# Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO
# /usr/sbin/service exists only since openSUSE 12.3:
%if 0%{?suse_version} > 1220
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcslapd
%else
ln -s /sbin/service %{buildroot}%{_sbindir}/rcslapd
%endif
%endif
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-null.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-passwd.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-shell.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5
# Remove *.la files, libtool does not handle this correct
rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la
#put filelists into files
cat >openldap2.filelist <<EOF
/var/adm/fillup-templates/sysconfig.openldap
%config /etc/sysconfig/SuSEfirewall2.d/services/openldap
/usr/sbin/slap*
/usr/sbin/rcslapd
%dir /etc/sasl2
%dir /etc/openldap
%dir %attr(0770, ldap, ldap) /etc/openldap/slapd.d
%dir /etc/openldap/schema
%config /etc/openldap/schema/*.schema
%config /etc/openldap/schema/*.ldif
%config(noreplace) %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf
%config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG
%config /var/lib/ldap/DB_CONFIG.example
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.example
%config(noreplace) /etc/sasl2/slapd.conf
%dir /usr/lib/openldap
%dir /%{_libdir}/openldap
%{_libdir}/openldap/back_bdb*
%{_libdir}/openldap/back_hdb*
%{_libdir}/openldap/back_ldap*
%{_libdir}/openldap/back_mdb*
%{_libdir}/openldap/back_monitor*
%{_libdir}/openldap/back_relay*
%{_libdir}/openldap/accesslog*
%{_libdir}/openldap/auditlog*
%{_libdir}/openldap/collect*
%{_libdir}/openldap/constraint*
%{_libdir}/openldap/dds*
%{_libdir}/openldap/deref*
%{_libdir}/openldap/dyngroup*
%{_libdir}/openldap/dynlist*
%{_libdir}/openldap/memberof*
%{_libdir}/openldap/pcache*
%{_libdir}/openldap/ppolicy*
%{_libdir}/openldap/refint*
%{_libdir}/openldap/retcode*
%{_libdir}/openldap/rwm*
%{_libdir}/openldap/seqmod*
%{_libdir}/openldap/sssvlv*
%{_libdir}/openldap/syncprov*
%{_libdir}/openldap/translucent*
%{_libdir}/openldap/unique*
%{_libdir}/openldap/valsort*
%{_libdir}/slapd
/usr/lib/openldap/start
%{_unitdir}/slapd.service
%dir %attr(0750, ldap, ldap) /var/lib/ldap
%ghost %attr(0750, ldap, ldap) %{_rundir}
%doc %{_mandir}/man8/sl*
%doc %{_mandir}/man5/slapd.*
%doc %{_mandir}/man5/slapd-bdb.*
%doc %{_mandir}/man5/slapd-config.*
%doc %{_mandir}/man5/slapd-hdb.*
%doc %{_mandir}/man5/slapd-ldbm.*
%doc %{_mandir}/man5/slapd-ldap.*
%doc %{_mandir}/man5/slapd-ldif.*
%doc %{_mandir}/man5/slapd-mdb.*
%doc %{_mandir}/man5/slapd-monitor.*
%doc %{_mandir}/man5/slapd-relay.*
%doc %{_mandir}/man5/slapo-*
%dir %{DOCDIR}
%doc %{DOCDIR}/ANNOUNCEMENT
%doc %{DOCDIR}/COPYRIGHT
%doc %{DOCDIR}/LICENSE
%doc %{DOCDIR}/README*
%doc %{DOCDIR}/CHANGES
%doc %{DOCDIR}/slapd.ldif.default
EOF
#
#
cat > openldap2-client.filelist <<EOF
%dir /etc/openldap
%config(noreplace) /etc/openldap/ldap.conf
/etc/openldap/ldap.conf.default
/usr/bin/ldapadd
/usr/bin/ldapcompare
/usr/bin/ldapdelete
/usr/bin/ldapexop
/usr/bin/ldapmodify
/usr/bin/ldapmodrdn
/usr/bin/ldapsearch
/usr/bin/ldappasswd
/usr/bin/ldapurl
/usr/bin/ldapwhoami
/usr/sbin/schema2ldif
%doc %{_mandir}/man1/ldap*
%doc %{_mandir}/man5/ldap.conf*
%doc %{_mandir}/man5/ldif.*
EOF
cat > libldap.filelist <<EOF
%{_libdir}/liblber*2.4.so.*
%{_libdir}/libldap*2.4.so.*
EOF
cat > openldap2-devel.filelist <<EOF
/usr/include/*.h
%{_libdir}/liblber.so
%{_libdir}/libldap*.so
%doc %{_mandir}/man3/ber*
%doc %{_mandir}/man3/lber*
%doc %{_mandir}/man3/ld_errno*
%doc %{_mandir}/man3/ldap*
EOF
cat > openldap2-devel-static.filelist <<-EOF
%_libdir/liblber.a
%_libdir/libldap*.a
EOF
cat > openldap2-back-perl.filelist <<EOF
%{_libdir}/openldap/back_perl*
%doc %{_mandir}/man5/slapd-perl.*
EOF
cat > openldap2-back-sock.filelist <<EOF
%{_libdir}/openldap/back_sock*
%doc %{_mandir}/man5/slapd-sock.*
EOF
cat > openldap2-back-meta.filelist <<EOF
%{_libdir}/openldap/back_meta*
%doc %{_mandir}/man5/slapd-meta.*
EOF
cat > openldap2-back-sql.filelist <<EOF
%{_libdir}/openldap/back_sql*
%doc %{_mandir}/man5/slapd-sql.*
%doc servers/slapd/back-sql/examples
%doc servers/slapd/back-sql/docs/bugs
%doc servers/slapd/back-sql/docs/install
EOF
cat > openldap2-contrib.filelist <<EOF
%{_libdir}/openldap/allowed.*
%{_libdir}/openldap/allop.*
%{_libdir}/openldap/autogroup.*
%{_libdir}/openldap/lastbind.*
%{_libdir}/openldap/noopsrch.*
%{_libdir}/openldap/nops.*
%{_libdir}/openldap/pw-sha2.*
%{_libdir}/openldap/pw-pbkdf2.*
%{_libdir}/openldap/denyop.*
%{_libdir}/openldap/cloak.*
%{_libdir}/openldap/smbk5pwd.*
EOF
cat >openldap2-doc.filelist <<EOF
%dir %{DOCDIR}
%doc %{DOCDIR}/drafts
%doc %{DOCDIR}/adminguide
%doc %{DOCDIR}/images
EOF
#remove files from other spec file
%if "%{name}" == "openldap2"
cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \
openldap2-devel-static.filelist |
%else
cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-sock.filelist \
openldap2-back-meta.filelist openldap2-back-sql.filelist \
openldap2-doc.filelist openldap2-contrib.filelist |
%endif
grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
rm -rf ${RPM_BUILD_ROOT}${name}
done
%if "%{name}" == "openldap2"
%pre
/usr/sbin/groupadd -g 70 -o -r ldap || :
/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || :
if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then
touch %{_rundir}/enable_slapd_service
fi
%service_add_pre slapd.service
%post
if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
fi
%{fillup_only -n openldap ldap}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%service_add_post slapd.service
if [ -f %{_rundir}/enable_slapd_service ]; then
/usr/bin/systemctl --quiet enable slapd
fi
%preun
%service_del_preun slapd.service
%postun
%service_del_postun slapd.service
%files -f openldap2.filelist
%defattr(-,root,root)
%files -n openldap2-back-perl -f openldap2-back-perl.filelist
%defattr(-,root,root)
%files -n openldap2-back-sock -f openldap2-back-sock.filelist
%defattr(-,root,root)
%files -n openldap2-back-meta -f openldap2-back-meta.filelist
%defattr(-,root,root)
%files -n openldap2-back-sql -f openldap2-back-sql.filelist
%defattr(-,root,root)
%files -n openldap2-doc -f openldap2-doc.filelist
%defattr(-,root,root)
%files -n openldap2-contrib -f openldap2-contrib.filelist
%defattr(-,root,root)
%else
%post -n libldap-2_4-2 -p /sbin/ldconfig
%postun -n libldap-2_4-2 -p /sbin/ldconfig
%files -f openldap2-client.filelist
%defattr(-,root,root)
%files -n libldap-2_4-2 -f libldap.filelist
%defattr(-,root,root)
%files -n openldap2-devel -f openldap2-devel.filelist
%defattr(-,root,root)
%files -n openldap2-devel-static -f openldap2-devel-static.filelist
%defattr(-,root,root)
%endif
%changelog

22
openldap2.changes
View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Mon Feb 8 14:40:32 UTC 2016 - hguo@suse.com
- Remove openldap2-client.spec and openldap2-client.changes
openldap2.spec now builds client utilities and libraries.
Thus pre_checkin.sh is removed.
- Move ldap.conf and its manual page from openldap2-client package
to libldap-2_4-2 package, which is more appropriate.
- Use RPM_OPT_FLAGS in build flags.
- Macros dealing with old/unsupported distributions are removed.
- Remove 0002-slapd.conf.dif and install improved slapd.conf from
new source file slapd.conf.
- Install slapd.conf.olctemplate to assist in preparing slapd.d
for OLC.
- Be explicit in sysconfig that by default openldap will use
static file configuration.
- Add the following schemas in LDIF format:
* rfc2307bis.ldif
* ldapns.ldif
* yast.ldif
- Other minor clean-ups in the spec file.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 8 13:24:49 UTC 2016 - mpluskal@suse.com Mon Feb 8 13:24:49 UTC 2016 - mpluskal@suse.com

324
openldap2.spec
View File

@ -26,13 +26,15 @@
%endif %endif
Name: openldap2 Name: openldap2
Summary: The OpenLDAP Server Summary: An open source implementation of the Lightweight Directory Access Protocol
License: OLDAP-2.8 License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Clients Group: Productivity/Networking/LDAP/Servers
Version: %{version_main} Version: %{version_main}
Release: 0 Release: 0
Url: http://www.openldap.org Url: http://www.openldap.org
Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
Source1: slapd.conf
Source2: slapd.conf.olctemplate
Source3: DB_CONFIG Source3: DB_CONFIG
Source4: sasl-slapd.conf Source4: sasl-slapd.conf
Source5: README.module-loading Source5: README.module-loading
@ -46,7 +48,9 @@ Source13: start
Source14: slapd.service Source14: slapd.service
Source15: SuSEfirewall2.openldap Source15: SuSEfirewall2.openldap
Source16: sysconfig.openldap Source16: sysconfig.openldap
Patch2: 0002-slapd.conf.dif Source17: ldapns.ldif
Source18: rfc2307bis.ldif
Source19: yast.ldif
Patch3: 0003-LDAPI-socket-location.dif Patch3: 0003-LDAPI-socket-location.dif
Patch5: 0005-pie-compile.dif Patch5: 0005-pie-compile.dif
Patch6: 0006-No-Build-date-and-time-in-binaries.dif Patch6: 0006-No-Build-date-and-time-in-binaries.dif
@ -57,31 +61,25 @@ Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
Patch11: 0011-openldap-re24-its7796.patch Patch11: 0011-openldap-re24-its7796.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: cyrus-sasl-devel BuildRequires: cyrus-sasl-devel
BuildRequires: db-devel
BuildRequires: groff BuildRequires: groff
BuildRequires: libopenssl-devel BuildRequires: libopenssl-devel
BuildRequires: libtool BuildRequires: libtool
Requires: libldap-2_4-2 = %{version_main}
Recommends: cyrus-sasl
%if "%{name}" == "openldap2"
BuildRequires: db-devel
BuildRequires: openslp-devel BuildRequires: openslp-devel
BuildRequires: unixODBC-devel BuildRequires: unixODBC-devel
Conflicts: openldap
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
%if %{suse_version} >= 1310 && %{suse_version} != 1315 %if %{suse_version} >= 1310 && %{suse_version} != 1315
# avoid cycle with krb5 # avoid cycle with krb5
BuildRequires: krb5-mini BuildRequires: krb5-mini
BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(systemd)
%{?systemd_requires} %{?systemd_requires}
%endif %endif
%else Requires: libldap-2_4-2 = %{version_main}
Conflicts: openldap-client Recommends: cyrus-sasl
%endif Conflicts: openldap
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
# For /usr/bin/strings # For /usr/bin/strings
Requires(pre): binutils Requires(pre): binutils
%if "%{name}" == "openldap2"
%description %description
OpenLDAP is a client and server reference implementation of the OpenLDAP is a client and server reference implementation of the
Lightweight Directory Access Protocol v3 (LDAPv3). Lightweight Directory Access Protocol v3 (LDAPv3).
@ -156,19 +154,21 @@ Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README
%if 0%{?suse_version} > 1110 %if 0%{?suse_version} > 1110
BuildArch: noarch BuildArch: noarch
%endif %endif
%description -n openldap2-doc %description -n openldap2-doc
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts.
Authors: Authors:
-------- --------
The OpenLDAP Project <project@openldap.org> The OpenLDAP Project <project@openldap.org>
%else
%description %package -n openldap2-client
This package contains the OpenLDAP client utilities. Summary: OpenLDAP client utilities
Group: Productivity/Networking/LDAP/Clients
Requires: libldap-2_4-2 = %{version_main}
%description -n openldap2-client
OpenLDAP client utilities such as ldapadd, ldapsearch, ldapmodify.
%package -n openldap2-devel %package -n openldap2-devel
Summary: Libraries, Header Files and Documentation for OpenLDAP Summary: Libraries, Header Files and Documentation for OpenLDAP
@ -204,13 +204,9 @@ Group: Productivity/Networking/LDAP/Clients
%description -n libldap-2_4-2 %description -n libldap-2_4-2
This package contains the OpenLDAP client libraries. This package contains the OpenLDAP client libraries.
%endif
%prep %prep
%setup -q -n openldap-%{version_main} %setup -q -n openldap-%{version_main}
%patch2 -p1
%patch3 -p1 %patch3 -p1
#%patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
@ -238,7 +234,6 @@ export STRIP=""
--with-cyrus-sasl \ --with-cyrus-sasl \
--enable-crypt \ --enable-crypt \
--enable-ipv6=yes \ --enable-ipv6=yes \
%if "%{name}" == "openldap2"
--enable-aci \ --enable-aci \
--enable-bdb=mod \ --enable-bdb=mod \
--enable-hdb=mod \ --enable-hdb=mod \
@ -255,15 +250,11 @@ export STRIP=""
--enable-overlays=mod \ --enable-overlays=mod \
--enable-syncprov=mod \ --enable-syncprov=mod \
--enable-ppolicy=mod \ --enable-ppolicy=mod \
%else
--disable-slapd \
%endif
--enable-lmpasswd \ --enable-lmpasswd \
--with-yielding-select \ --with-yielding-select \
|| cat config.log || cat config.log
make depend make depend
make %{?_smp_mflags} make %{?_smp_mflags}
%if "%{name}" == "openldap2"
# Build selected contrib overlays # Build selected contrib overlays
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
do do
@ -272,7 +263,6 @@ done
# One more level up needed because of passwd/sha2 # One more level up needed because of passwd/sha2
# slapo-smbk5pwd only for Samba password hashes # slapo-smbk5pwd only for Samba password hashes
make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB="" make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""
%endif
%check %check
%if %run_test_suite %if %run_test_suite
@ -306,10 +296,7 @@ mkdir -p ${RPM_BUILD_ROOT}/usr/sbin
mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir} mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir}
make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
# Additional symbolic link to slapd executable in /usr/sbin/ # Additional symbolic link to slapd executable in /usr/sbin/
%if "%{name}" == "openldap2"
ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd
%endif
%if "%{name}" == "openldap2"
# Install selected contrib overlays # Install selected contrib overlays
for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
do do
@ -317,7 +304,6 @@ do
done done
# slapo-smbk5pwd only for Samba password hashes # slapo-smbk5pwd only for Samba password hashes
make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
%endif
install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start
install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir} install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir}
mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d
@ -328,20 +314,28 @@ chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so*
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so* chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so*
chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so* chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so*
install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif
%if "%{name}" == "openldap2"
%define DOCDIR %{_defaultdocdir}/%{name}
mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates
install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap
install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE17} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE18} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
install -m 644 %{SOURCE19} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
# Install default and sample configuration files
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
install -m 644 %{SOURCE2} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
# Install default database optimisations
install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG
install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example
install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/ install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap
rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d` rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d`
rm -rf doc/guide/release rm -rf doc/guide/release
%define DOCDIR %{_defaultdocdir}/%{name}
install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \ install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \
${RPM_BUILD_ROOT}/%{DOCDIR}/images \ ${RPM_BUILD_ROOT}/%{DOCDIR}/images \
${RPM_BUILD_ROOT}/%{DOCDIR}/drafts ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
@ -362,14 +356,9 @@ rm -f ${RPM_BUILD_ROOT}/etc/openldap/schema/README
rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif* rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif*
rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example
mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
# Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO
# /usr/sbin/service exists only since openSUSE 12.3:
%if 0%{?suse_version} > 1220
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcslapd ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcslapd
%else
ln -s /sbin/service %{buildroot}%{_sbindir}/rcslapd
%endif
%endif
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5 rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5 rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5
@ -380,26 +369,57 @@ rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5
# Remove *.la files, libtool does not handle this correct # Remove *.la files, libtool does not handle this correct
rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la
#put filelists into files %pre
cat >openldap2.filelist <<EOF /usr/sbin/groupadd -g 70 -o -r ldap || :
/var/adm/fillup-templates/sysconfig.openldap /usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || :
%config /etc/sysconfig/SuSEfirewall2.d/services/openldap if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then
/usr/sbin/slap* touch %{_rundir}/enable_slapd_service
/usr/sbin/rcslapd fi
%dir /etc/sasl2 %service_add_pre slapd.service
%dir /etc/openldap
%dir %attr(0770, ldap, ldap) /etc/openldap/slapd.d %post
%dir /etc/openldap/schema if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
%config /etc/openldap/schema/*.schema cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
%config /etc/openldap/schema/*.ldif cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
%config(noreplace) %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf fi
%{fillup_only -n openldap ldap}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%service_add_post slapd.service
if [ -f %{_rundir}/enable_slapd_service ]; then
/usr/bin/systemctl --quiet enable slapd
fi
%post -n libldap-2_4-2 -p /sbin/ldconfig
%postun -n libldap-2_4-2 -p /sbin/ldconfig
%preun
%service_del_preun slapd.service
%postun
%service_del_postun slapd.service
%files
%defattr(-,root,root)
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/openldap
%config %{_sysconfdir}/openldap/schema/*.schema
%config %{_sysconfdir}/openldap/schema/*.ldif
%config(noreplace) /etc/sasl2/slapd.conf
%config(noreplace) %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf
%config(noreplace) %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf.olctemplate
%config %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf.default
%config %attr(640, root, ldap) %{_sysconfdir}/openldap/slapd.conf.example
%config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG %config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG
%config /var/lib/ldap/DB_CONFIG.example %config /var/lib/ldap/DB_CONFIG.example
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default %dir %{_libdir}/openldap
%config %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.example %dir %{_libexecdir}/openldap
%config(noreplace) /etc/sasl2/slapd.conf %dir %{_sysconfdir}/sasl2
%dir /usr/lib/openldap %dir %{_sysconfdir}/openldap
%dir /%{_libdir}/openldap %dir %attr(0770, ldap, ldap) %{_sysconfdir}/openldap/slapd.d
%dir %{_sysconfdir}/openldap/schema
/var/adm/fillup-templates/sysconfig.openldap
%{_sbindir}/slap*
%{_sbindir}/rcslapd
%{_libdir}/openldap/back_bdb* %{_libdir}/openldap/back_bdb*
%{_libdir}/openldap/back_hdb* %{_libdir}/openldap/back_hdb*
%{_libdir}/openldap/back_ldap* %{_libdir}/openldap/back_ldap*
@ -427,7 +447,7 @@ cat >openldap2.filelist <<EOF
%{_libdir}/openldap/unique* %{_libdir}/openldap/unique*
%{_libdir}/openldap/valsort* %{_libdir}/openldap/valsort*
%{_libdir}/slapd %{_libdir}/slapd
/usr/lib/openldap/start %{_libexecdir}/openldap/start
%{_unitdir}/slapd.service %{_unitdir}/slapd.service
%dir %attr(0750, ldap, ldap) /var/lib/ldap %dir %attr(0750, ldap, ldap) /var/lib/ldap
%ghost %attr(0750, ldap, ldap) %{_rundir} %ghost %attr(0750, ldap, ldap) %{_rundir}
@ -450,65 +470,39 @@ cat >openldap2.filelist <<EOF
%doc %{DOCDIR}/README* %doc %{DOCDIR}/README*
%doc %{DOCDIR}/CHANGES %doc %{DOCDIR}/CHANGES
%doc %{DOCDIR}/slapd.ldif.default %doc %{DOCDIR}/slapd.ldif.default
EOF
# %files -n openldap2-back-perl
# %defattr(-,root,root)
cat > openldap2-client.filelist <<EOF
%dir /etc/openldap
%config(noreplace) /etc/openldap/ldap.conf
/etc/openldap/ldap.conf.default
/usr/bin/ldapadd
/usr/bin/ldapcompare
/usr/bin/ldapdelete
/usr/bin/ldapexop
/usr/bin/ldapmodify
/usr/bin/ldapmodrdn
/usr/bin/ldapsearch
/usr/bin/ldappasswd
/usr/bin/ldapurl
/usr/bin/ldapwhoami
/usr/sbin/schema2ldif
%doc %{_mandir}/man1/ldap*
%doc %{_mandir}/man5/ldap.conf*
%doc %{_mandir}/man5/ldif.*
EOF
cat > libldap.filelist <<EOF
%{_libdir}/liblber*2.4.so.*
%{_libdir}/libldap*2.4.so.*
EOF
cat > openldap2-devel.filelist <<EOF
/usr/include/*.h
%{_libdir}/liblber.so
%{_libdir}/libldap*.so
%doc %{_mandir}/man3/ber*
%doc %{_mandir}/man3/lber*
%doc %{_mandir}/man3/ld_errno*
%doc %{_mandir}/man3/ldap*
EOF
cat > openldap2-devel-static.filelist <<-EOF
%_libdir/liblber.a
%_libdir/libldap*.a
EOF
cat > openldap2-back-perl.filelist <<EOF
%{_libdir}/openldap/back_perl* %{_libdir}/openldap/back_perl*
%doc %{_mandir}/man5/slapd-perl.* %doc %{_mandir}/man5/slapd-perl.*
EOF
cat > openldap2-back-sock.filelist <<EOF %files -n openldap2-back-sock
%defattr(-,root,root)
%{_libdir}/openldap/back_sock* %{_libdir}/openldap/back_sock*
%doc %{_mandir}/man5/slapd-sock.* %doc %{_mandir}/man5/slapd-sock.*
EOF
cat > openldap2-back-meta.filelist <<EOF %files -n openldap2-back-meta
%defattr(-,root,root)
%{_libdir}/openldap/back_meta* %{_libdir}/openldap/back_meta*
%doc %{_mandir}/man5/slapd-meta.* %doc %{_mandir}/man5/slapd-meta.*
EOF
cat > openldap2-back-sql.filelist <<EOF %files -n openldap2-back-sql
%defattr(-,root,root)
%{_libdir}/openldap/back_sql* %{_libdir}/openldap/back_sql*
%doc %{_mandir}/man5/slapd-sql.* %doc %{_mandir}/man5/slapd-sql.*
%doc servers/slapd/back-sql/examples %doc servers/slapd/back-sql/examples
%doc servers/slapd/back-sql/docs/bugs %doc servers/slapd/back-sql/docs/bugs
%doc servers/slapd/back-sql/docs/install %doc servers/slapd/back-sql/docs/install
EOF
cat > openldap2-contrib.filelist <<EOF %files -n openldap2-doc
%defattr(-,root,root)
%dir %{DOCDIR}
%doc %{DOCDIR}/drafts
%doc %{DOCDIR}/adminguide
%doc %{DOCDIR}/images
%files -n openldap2-contrib
%defattr(-,root,root)
%{_libdir}/openldap/allowed.* %{_libdir}/openldap/allowed.*
%{_libdir}/openldap/allop.* %{_libdir}/openldap/allop.*
%{_libdir}/openldap/autogroup.* %{_libdir}/openldap/autogroup.*
@ -520,91 +514,45 @@ cat > openldap2-contrib.filelist <<EOF
%{_libdir}/openldap/denyop.* %{_libdir}/openldap/denyop.*
%{_libdir}/openldap/cloak.* %{_libdir}/openldap/cloak.*
%{_libdir}/openldap/smbk5pwd.* %{_libdir}/openldap/smbk5pwd.*
EOF
cat >openldap2-doc.filelist <<EOF
%dir %{DOCDIR}
%doc %{DOCDIR}/drafts
%doc %{DOCDIR}/adminguide
%doc %{DOCDIR}/images
EOF
#remove files from other spec file
%if "%{name}" == "openldap2"
cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \
openldap2-devel-static.filelist |
%else
cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-sock.filelist \
openldap2-back-meta.filelist openldap2-back-sql.filelist \
openldap2-doc.filelist openldap2-contrib.filelist |
%endif
grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
rm -rf ${RPM_BUILD_ROOT}${name}
done
%if "%{name}" == "openldap2"
%pre %files -n openldap2-client
/usr/sbin/groupadd -g 70 -o -r ldap || :
/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || :
if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then
touch %{_rundir}/enable_slapd_service
fi
%service_add_pre slapd.service
%post
if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
fi
%{fillup_only -n openldap ldap}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%service_add_post slapd.service
if [ -f %{_rundir}/enable_slapd_service ]; then
/usr/bin/systemctl --quiet enable slapd
fi
%preun
%service_del_preun slapd.service
%postun
%service_del_postun slapd.service
%files -f openldap2.filelist
%defattr(-,root,root) %defattr(-,root,root)
%doc %{_mandir}/man1/ldap*
%doc %{_mandir}/man5/ldif.*
%dir /etc/openldap
/usr/sbin/schema2ldif
/usr/bin/ldapadd
/usr/bin/ldapcompare
/usr/bin/ldapdelete
/usr/bin/ldapexop
/usr/bin/ldapmodify
/usr/bin/ldapmodrdn
/usr/bin/ldapsearch
/usr/bin/ldappasswd
/usr/bin/ldapurl
/usr/bin/ldapwhoami
%files -n openldap2-back-perl -f openldap2-back-perl.filelist %files -n libldap-2_4-2
%defattr(-,root,root) %defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/openldap/ldap.conf
%doc %{_mandir}/man5/ldap.conf*
%{_sysconfdir}/openldap/ldap.conf.default
%{_libdir}/liblber*2.4.so.*
%{_libdir}/libldap*2.4.so.*
%files -n openldap2-back-sock -f openldap2-back-sock.filelist %files -n openldap2-devel
%defattr(-,root,root) %defattr(-,root,root)
%doc %{_mandir}/man3/ber*
%doc %{_mandir}/man3/lber*
%doc %{_mandir}/man3/ld_errno*
%doc %{_mandir}/man3/ldap*
%{_includedir}/*.h
%{_libdir}/liblber.so
%{_libdir}/libldap*.so
%files -n openldap2-back-meta -f openldap2-back-meta.filelist %files -n openldap2-devel-static
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/liblber.a
%files -n openldap2-back-sql -f openldap2-back-sql.filelist %_libdir/libldap*.a
%defattr(-,root,root)
%files -n openldap2-doc -f openldap2-doc.filelist
%defattr(-,root,root)
%files -n openldap2-contrib -f openldap2-contrib.filelist
%defattr(-,root,root)
%else
%post -n libldap-2_4-2 -p /sbin/ldconfig
%postun -n libldap-2_4-2 -p /sbin/ldconfig
%files -f openldap2-client.filelist
%defattr(-,root,root)
%files -n libldap-2_4-2 -f libldap.filelist
%defattr(-,root,root)
%files -n openldap2-devel -f openldap2-devel.filelist
%defattr(-,root,root)
%files -n openldap2-devel-static -f openldap2-devel-static.filelist
%defattr(-,root,root)
%endif
%changelog %changelog

14
pre_checkin.sh
View File

@ -1,14 +0,0 @@
#!/bin/bash
echo -n "Generating openldap2-client "
cp openldap2.changes openldap2-client.changes
cp openldap2.spec openldap2-client.spec
perl -pi -e "s/^Name:.*openldap2$/Name: openldap2-client/g" openldap2-client.spec
perl -pi -e "s/^Summary:.*Server$/Summary: The OpenLDAP commandline client tools/" openldap2-client.spec
osc service localrun format_spec_file
echo "Done."

146
rfc2307bis.ldif Normal file
View File

@ -0,0 +1,146 @@
dn: cn=rfc2307bis,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: rfc2307bis
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field;
the common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absol
ute path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4
.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to
the login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121
.1.26 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY int
egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY intege
rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integ
erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY intege
rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExac
tIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY
caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.146
6.115.121.1.26 )
olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Net
group triple' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1
.26 )
olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Service
port number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI
NGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Ser
vice protocol name' SUP name )
olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'IP p
rotocol number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'ONC RPC
number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V
ALUE )
olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IPv4 add
resses as a dotted decimal omitting leading zeros or IPv6 addresses
as defined in RFC2373' SUP name )
olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP ne
twork as a dotted decimal, eg. 192.168, omitting leading zeros' SUP
name SINGLE-VALUE )
olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP ne
tmask as a dotted decimal, eg. 255.255.255.0, omitting leading zeros
' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V
ALUE )
olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC addres
s in maximal, colon separated hex notation, eg. 00:00:92:90:ee:e2' E
QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.boo
tparamd parameter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.26 )
olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image n
ame' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Name of a
A generic NIS map' SUP name )
olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'A generic
NIS entry' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch S
YNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {25}( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' DESC 'NIS publ
ic key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING
LE-VALUE )
olcAttributeTypes: {26}( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' DESC 'NIS secr
et key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SING
LE-VALUE )
olcAttributeTypes: {27}( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {28}( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'auto
mount Map Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {29}( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automoun
t Key value' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {30}( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC '
Automount information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substr
ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction
of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ u
idNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ ge
cos $ description ) )
olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional
attributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPass
word $ description $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarni
ng $ shadowInactive $ shadowExpire $ shadowFlag ) )
olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction o
f a group of accounts' SUP top AUXILIARY MUST gidNumber MAY ( userPassword
$ memberUid $ description ) )
olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an
Internet Protocol service. Maps an IP port and protocol (such as tc
p or udp) to one or more names; the distinguished value of th
e cn attribute denotes the services canonical name' SUP top STRUCTUR
AL MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY description )
olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction o
f an IP protocol. Maps a protocol number to one or more names. The d
istinguished value of the cn attribute denotes the protocols canonic
al name' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber ) MAY description
)
olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an
Open Network Computing (ONC) [RFC1057] Remote Procedure Call (RPC) b
inding. This class maps an ONC RPC number to a name. The distin
guished value of the cn attribute denotes the RPC services canonical
name' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber ) MAY description )
olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a
host, an IP device. The distinguished value of the cn attribute deno
tes the hosts canonical name. Device SHOULD be used as a structural
class' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( userPassword $ l
$ description $ manager ) )
olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of
a network. The distinguished value of the cn attribute denotes the
networks canonical name' SUP top STRUCTURAL MUST ipNetworkNumber MAY ( cn $
ipNetmaskNumber $ l $ description $ manager ) )
olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction
of a netgroup. May refer to other netgroups' SUP top STRUCTURAL MUST cn MAY
( nisNetgroupTriple $ memberNisNetgroup $ description ) )
olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstrac
tion of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in
a NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY de
scription )
olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device
with a MAC address; device SHOULD be used as a structural class' SU
P top AUXILIARY MAY macAddress )
olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A devic
e with boot parameters; device SHOULD be used as a structural class'
SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
olcObjectClasses: {13}( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' DESC 'An object
with a public and secret key' SUP top AUXILIARY MUST ( cn $ nisPublicKey $
nisSecretKey ) MAY ( uidNumber $ description ) )
olcObjectClasses: {14}( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'Associ
ates a NIS domain with a naming context' SUP top AUXILIARY MUST nisDomain )
olcObjectClasses: {15}( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTU
RAL MUST automountMapName MAY description )
olcObjectClasses: {16}( 1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount in
formation' SUP top STRUCTURAL MUST ( automountKey $ automountInformation )
MAY description )
olcObjectClasses: {17}( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top S
TRUCTURAL MAY cn )

87
slapd.conf Normal file
View File

@ -0,0 +1,87 @@
# This file (slapd.conf) is the static configuration file of OpenLDAP server daemon.
#
# OpenLDAP daemon (slapd.service) supports two configuration styles:
# - Simple configuration with this file
# - Online configuration (OLC)
#
# You may choose the configuration style by setting it in:
# /etc/sysconfig/openldap OPENLDAP_CONFIG_BACKEND="files|ldap"
# If the value is set to "files", this configuration file will be used.
# If the value is set to "ldap", this configuration file will be entirely ignored, and
# the OLC configuration from /etc/openldap/slapd.d will be loaded.
#
# If you decide to use online configuration, please read the additional instructions in:
# /etc/openldap/slapd.conf.olctemplate
#
# Feel free to customise this file according to your needs, and start OpenLDAP
# server daemon by executing:
# systemctl start slapd.service
#
# To verify that LDAP service is running properly, try the following command:
# ldapsearch -x -D cn=Manager,dc=my-domain,dc=com -w secret -s base namingContexts
#
# See slapd.conf(5) for details on configuration options.
# See /etc/openldap/slapd.conf.example for more examples.
# This file should NOT be world readable.
#
pidfile /run/slapd/slapd.pid
argsfile /run/slapd/slapd.args
# The following schema files are often useful
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
# Load backend modules such as databas engines
modulepath /usr/lib64/openldap
moduleload back_mdb.la
#moduleload back_hdb.la
#moduleload back_bdb.la
# Very important: define ACL to authorise client access
# The default settings permit rootdn to read and write, while other users
# may read the entire database or change their own password.
# If no ACL is present, everyone will be allowed to read the database.
# rootdn can always read and write everything.
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attrs=userPassword,userPKCS12
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
# Define a LDAP database
database mdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# Please avoid using clear text for root password
# See slappasswd(8) for instructions on creating a salted+hashed password
rootpw secret
# The database directory must exist prior to the start of OpenLDAP daemon
# The directory should be owned by ldap user and permission 0700 is recommended
directory /var/lib/ldap
# Indices to maintain
index objectClass eq
# Using TLS to secure communication between LDAP clients and the server is strongly recommended
# To enable TLS, first visit /etc/sysconfig/openldap and set OPENLDAP_START_LDAPS="yes", then
# set and uncomment the following lines:
#TLSProtocolMin 3.1
#TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH
#TLSCACertificateFile /my/ca.crt
#TLSCertificateFile /my/tls.crt
#TLSCertificateKeyFile /my/tls.key

46
slapd.conf.olctemplate Normal file
View File

@ -0,0 +1,46 @@
# This file (slapd.conf.olctemplate) is a template for creating the initial
# online configuration for OpenLDAP server daemon.
#
# In order to use online configuration for OpenLDAP server daemon, make sure to set:
# /etc/sysconfig/openldap OPENLDAP_CONFIG_BACKEND="ldap"
#
# Before starting the OpenLDAP daemon (slapd.conf) with onlne configuration for
# the very first time, you have to prepare the online configuration directory
# from this template file - first, make necessary customisations if you wish, and then
# run:
# cd /etc/openldap && slaptest -f slapd.conf.olctemplate -F slapd.d
#
# Then you may start OpenLDAP daemon:
# systemctl start slapd.service
#
# To verify that LDAP service is running properly, try the following command:
# ldapsearch -x -D cn=admin,cn=config -w secret -b cn=config
#
# See slapd.conf(5) for details on configuration options.
# See /etc/openldap/slapd.conf.example for more examples.
# This file should NOT be world readable.
#
pidfile /run/slapd/slapd.pid
argsfile /run/slapd/slapd.args
# The following schema files are often useful
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
# Load backend modules such as database engines
modulepath /usr/lib64/openldap
moduleload back_mdb.la
#moduleload back_hdb.la
#moduleload back_bdb.la
# Define the config database that holds all online configurations
database config
rootdn "cn=admin,cn=config"
# Please avoid using clear text for root password
# See slappasswd(8) for instructions on creating a salted+hashed password
rootpw secret

2
sysconfig.openldap
View File

@ -146,7 +146,7 @@ OPENLDAP_KRB5_KEYTAB=""
# use. Possible values are "files" for slapd.conf(5) styleconfiguration or # use. Possible values are "files" for slapd.conf(5) styleconfiguration or
# "ldap" for the slapd-config(5) LDAP based configuration backend. # "ldap" for the slapd-config(5) LDAP based configuration backend.
# #
OPENLDAP_CONFIG_BACKEND="" OPENLDAP_CONFIG_BACKEND="files"
## Type: yesno ## Type: yesno
## Default: "yes" ## Default: "yes"

99
yast.ldif Normal file
View File

@ -0,0 +1,99 @@
dn: cn=yast,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: yast
olcObjectIdentifier: {0}SUSE 1.3.6.1.4.1.7057
olcObjectIdentifier: {1}SUSE.YaST SUSE:10.1
olcObjectIdentifier: {2}SUSE.YaST.ModuleConfig SUSE:10.1.2
olcObjectIdentifier: {3}SUSE.YaST.ModuleConfig.OC SUSE.YaST.ModuleConfig:1
olcObjectIdentifier: {4}SUSE.YaST.ModuleConfig.Attr SUSE.YaST.ModuleConfig:2
olcAttributeTypes: {0}( SUSE.YaST.ModuleConfig.Attr:2 NAME 'suseDefaultBase'
DESC 'Base DN where new Objects should be created by default' EQUALITY dis
tinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: {1}( SUSE.YaST.ModuleConfig.Attr:3 NAME 'suseNextUniqueId
' DESC 'Next unused unique ID, can be used to generate directory wide uniqe
IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.
1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {2}( SUSE.YaST.ModuleConfig.Attr:4 NAME 'suseMinUniqueId'
DESC 'lower Border for Unique IDs' EQUALITY integerMatch ORDERING integerO
rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {3}( SUSE.YaST.ModuleConfig.Attr:5 NAME 'suseMaxUniqueId'
DESC 'upper Border for Unique IDs' EQUALITY integerMatch ORDERING integerO
rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( SUSE.YaST.ModuleConfig.Attr:6 NAME 'suseDefaultTempl
ate' DESC 'The DN of a template that should be used by default' EQUALITY di
stinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: {5}( SUSE.YaST.ModuleConfig.Attr:7 NAME 'suseSearchFilter
' DESC 'Search filter to localize Objects' SYNTAX 1.3.6.1.4.1.1466.115.121.
1.15 SINGLE-VALUE )
olcAttributeTypes: {6}( SUSE.YaST.ModuleConfig.Attr:11 NAME 'suseDefaultValu
e' DESC 'an Attribute-Value-Assertions to define defaults for specific Attr
ibutes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {7}( SUSE.YaST.ModuleConfig.Attr:12 NAME 'suseNamingAttri
bute' DESC 'AttributeType that should be used as the RDN' EQUALITY caseIgno
reIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {8}( SUSE.YaST.ModuleConfig.Attr:15 NAME 'suseSecondaryGr
oup' DESC 'seconday group DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.
1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {9}( SUSE.YaST.ModuleConfig.Attr:16 NAME 'suseMinPassword
Length' DESC 'minimum Password length for new users' EQUALITY integerMatch
ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V
ALUE )
olcAttributeTypes: {10}( SUSE.YaST.ModuleConfig.Attr:17 NAME 'suseMaxPasswor
dLength' DESC 'maximum Password length for new users' EQUALITY integerMatch
ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-
VALUE )
olcAttributeTypes: {11}( SUSE.YaST.ModuleConfig.Attr:18 NAME 'susePasswordHa
sh' DESC 'Hash method to use for new users' EQUALITY caseIgnoreIA5Match SYN
TAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {12}( SUSE.YaST.ModuleConfig.Attr:19 NAME 'suseSkelDir' D
ESC '' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {13}( SUSE.YaST.ModuleConfig.Attr:20 NAME 'susePlugin' DE
SC 'plugin to use upon user/ group creation' EQUALITY caseIgnoreMatch SYNTA
X 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {14}( SUSE.YaST.ModuleConfig.Attr:21 NAME 'suseMapAttribu
te' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {15}( SUSE.YaST.ModuleConfig.Attr:22 NAME 'suseImapServer
' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SIN
GLE-VALUE )
olcAttributeTypes: {16}( SUSE.YaST.ModuleConfig.Attr:23 NAME 'suseImapAdmin'
DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING
LE-VALUE )
olcAttributeTypes: {17}( SUSE.YaST.ModuleConfig.Attr:24 NAME 'suseImapDefaul
tQuota' DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
olcAttributeTypes: {18}( SUSE.YaST.ModuleConfig.Attr:25 NAME 'suseImapUseSsl
' DESC '' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-
VALUE )
olcObjectClasses: {0}( SUSE.YaST.ModuleConfig.OC:2 NAME 'suseModuleConfigura
tion' DESC 'Contains configuration of Management Modules' SUP top STRUCTURA
L MUST cn MAY suseDefaultBase )
olcObjectClasses: {1}( SUSE.YaST.ModuleConfig.OC:3 NAME 'suseUserConfigurati
on' DESC 'Configuration of user management tools' SUP suseModuleConfigurati
on STRUCTURAL MAY ( suseMinPasswordLength $ suseMaxPasswordLength $ susePas
swordHash $ suseSkelDir $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqu
eId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute ) )
olcObjectClasses: {2}( SUSE.YaST.ModuleConfig.OC:4 NAME 'suseObjectTemplate'
DESC 'Base Class for Object-Templates' SUP top STRUCTURAL MUST cn MAY ( su
sePlugin $ suseDefaultValue $ suseNamingAttribute ) )
olcObjectClasses: {3}( SUSE.YaST.ModuleConfig.OC:5 NAME 'suseUserTemplate' D
ESC 'User object template' SUP suseObjectTemplate STRUCTURAL MUST cn MAY su
seSecondaryGroup )
olcObjectClasses: {4}( SUSE.YaST.ModuleConfig.OC:6 NAME 'suseGroupTemplate'
DESC 'Group object template' SUP suseObjectTemplate STRUCTURAL MUST cn )
olcObjectClasses: {5}( SUSE.YaST.ModuleConfig.OC:7 NAME 'suseGroupConfigurat
ion' DESC 'Configuration of user management tools' SUP suseModuleConfigurat
ion STRUCTURAL MAY ( suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $
suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute ) )
olcObjectClasses: {6}( SUSE.YaST.ModuleConfig.OC:8 NAME 'suseCaConfiguration
' DESC 'Configuration of CA management tools' SUP suseModuleConfiguration S
TRUCTURAL )
olcObjectClasses: {7}( SUSE.YaST.ModuleConfig.OC:9 NAME 'suseDnsConfiguratio
n' DESC 'Configuration of mail server management tools' SUP suseModuleConfi
guration STRUCTURAL )
olcObjectClasses: {8}( SUSE.YaST.ModuleConfig.OC:10 NAME 'suseDhcpConfigurat
ion' DESC 'Configuration of DHCP server management tools' SUP suseModuleCon
figuration STRUCTURAL )
olcObjectClasses: {9}( SUSE.YaST.ModuleConfig.OC:11 NAME 'suseMailConfigurat
ion' DESC 'Configuration of IMAP user management tools' SUP suseModuleConfi
guration STRUCTURAL MUST ( suseImapServer $ suseImapAdmin $ suseImapDefault
Quota $ suseImapUseSsl ) )