Hello community,
here is the log from the commit of package openldap2 for openSUSE:Factory checked in at 2016-01-30 11:30:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openldap2 (Old)
and /work/SRC/openSUSE:Factory/.openldap2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openldap2"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openldap2/openldap2-client.changes 2015-12-06 07:38:31.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.openldap2.new/openldap2-client.changes 2016-01-30 11:30:52.000000000 +0100
@@ -2 +2,42 @@
-Wed Dec 2 12:51:10 UTC 2015 - hguo@suse.com
+Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com
+
+- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch
+ into 0010-Enforce-minimum-DH-size-of-1024.patch
+
+-------------------------------------------------------------------
+Tue Dec 8 11:36:16 UTC 2015 - michael@stroeder.com
+
+- Upgrade to upstream 2.4.43 release with accumulated bug fixes.
+- Still build on SLES12
+- Loadable backend and overlay modules are now installed
+ into arch-specific path %{_libdir}/openldap
+- All backends and overlays as modules for smaller memory footprint
+ on memory constrained systems
+- Added extra package for back-sock
+- Consequent use of %{_rundir} everywhere
+- Rely on upstream ./configure script instead of any other
+ macro foo
+- Dropped linking with libwrap
+- Dropped 0004-libldap-use-gethostbyname_r.dif because this
+ work-around for nss_ldap is obsolete
+- New sub-package openldap2-contrib with selected contrib/ overlays
+- Replaced addonschema.tar.gz with separate schema sources
+- Updated ldapns.schema from recent slapo-nssov source tree
+- Added symbolic link to slapd executable in /usr/sbin/
+- Added more complex example configuration file
+ /etc/openldap/slapd.conf.example
+- Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap
+- Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap
+- Added patch for OpenLDAP ITS#7796 to avoid excessive
+ "not index" logging:
+ 0011-openldap-re24-its7796.patch
+- Replaced openldap-rc.tgz with single source files
+- Added soft dependency (Recommends) to cyrus-sasl
+- Added soft dependency (Recommends) to cyrus-sasl-devel
+ to openldap2-devel
+- Added patch for OpenLDAP ITS#8336 (assert in liblmdb):
+ 0012-openldap-re24-its8336.patch
+- Remove obsolete patch 0001-build-adjustments.dif
+
+-------------------------------------------------------------------
+Wed Dec 2 12:50:47 UTC 2015 - hguo@suse.com
@@ -39 +80 @@
-Thu Oct 1 11:08:59 UTC 2015 - hguo@suse.com
+Thu Oct 1 11:08:41 UTC 2015 - hguo@suse.com
--- /work/SRC/openSUSE:Factory/openldap2/openldap2.changes 2015-12-06 07:38:31.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.openldap2.new/openldap2.changes 2016-01-30 11:30:52.000000000 +0100
@@ -1,0 +2,41 @@
+Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com
+
+- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch
+ into 0010-Enforce-minimum-DH-size-of-1024.patch
+
+-------------------------------------------------------------------
+Tue Dec 8 11:36:16 UTC 2015 - michael@stroeder.com
+
+- Upgrade to upstream 2.4.43 release with accumulated bug fixes.
+- Still build on SLES12
+- Loadable backend and overlay modules are now installed
+ into arch-specific path %{_libdir}/openldap
+- All backends and overlays as modules for smaller memory footprint
+ on memory constrained systems
+- Added extra package for back-sock
+- Consequent use of %{_rundir} everywhere
+- Rely on upstream ./configure script instead of any other
+ macro foo
+- Dropped linking with libwrap
+- Dropped 0004-libldap-use-gethostbyname_r.dif because this
+ work-around for nss_ldap is obsolete
+- New sub-package openldap2-contrib with selected contrib/ overlays
+- Replaced addonschema.tar.gz with separate schema sources
+- Updated ldapns.schema from recent slapo-nssov source tree
+- Added symbolic link to slapd executable in /usr/sbin/
+- Added more complex example configuration file
+ /etc/openldap/slapd.conf.example
+- Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap
+- Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap
+- Added patch for OpenLDAP ITS#7796 to avoid excessive
+ "not index" logging:
+ 0011-openldap-re24-its7796.patch
+- Replaced openldap-rc.tgz with single source files
+- Added soft dependency (Recommends) to cyrus-sasl
+- Added soft dependency (Recommends) to cyrus-sasl-devel
+ to openldap2-devel
+- Added patch for OpenLDAP ITS#8336 (assert in liblmdb):
+ 0012-openldap-re24-its8336.patch
+- Remove obsolete patch 0001-build-adjustments.dif
+
+-------------------------------------------------------------------
Old:
----
0001-build-adjustments.dif
0004-libldap-use-gethostbyname_r.dif
0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch
0011-Enforce-minimum-DH-size-of-1024.patch
README.dynamic-overlays
addonschema.tar.gz
openldap-2.4.42.tgz
openldap-rc.tgz
New:
----
0010-Enforce-minimum-DH-size-of-1024.patch
0011-openldap-re24-its7796.patch
0012-openldap-re24-its8336.patch
README.module-loading
SuSEfirewall2.openldap
ldapns.schema
openldap-2.4.43.tgz
rfc2307bis.schema
slapd.conf.example
slapd.service
start
sysconfig.openldap
yast.schema
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openldap2-client.spec ++++++
--- /var/tmp/diff_new_pack.UGwmDj/_old 2016-01-30 11:30:55.000000000 +0100
+++ /var/tmp/diff_new_pack.UGwmDj/_new 2016-01-30 11:30:55.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openldap2-client
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,52 +17,59 @@
%define run_test_suite 0
-%define version_main 2.4.42
+%define version_main 2.4.43
-%if ! %{defined _rundir}
-%define _rundir %{_localstatedir}/run
+%if %{suse_version} >= 1310 && %{suse_version} != 1315
+%define _rundir /run/slapd
+%else
+%define _rundir /var/run/slapd
%endif
Name: openldap2-client
Summary: The OpenLDAP commandline client tools
License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Clients
-Version: 2.4.42
+Version: %{version_main}
Release: 0
Url: http://www.openldap.org
Source: openldap-%{version_main}.tgz
-Source1: openldap-rc.tgz
-Source2: addonschema.tar.gz
Source3: DB_CONFIG
Source4: sasl-slapd.conf
-Source5: README.dynamic-overlays
+Source5: README.module-loading
Source6: schema2ldif
Source7: baselibs.conf
-Patch1: 0001-build-adjustments.dif
+Source9: ldapns.schema
+Source10: rfc2307bis.schema
+Source11: yast.schema
+Source12: slapd.conf.example
+Source13: start
+Source14: slapd.service
+Source15: SuSEfirewall2.openldap
+Source16: sysconfig.openldap
Patch2: 0002-slapd.conf.dif
Patch3: 0003-LDAPI-socket-location.dif
-Patch4: 0004-libldap-use-gethostbyname_r.dif
Patch5: 0005-pie-compile.dif
Patch6: 0006-No-Build-date-and-time-in-binaries.dif
Patch7: 0007-Recover-on-DB-version-change.dif
Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
-Patch10: 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch
-Patch11: 0011-Enforce-minimum-DH-size-of-1024.patch
+Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
+Patch11: 0011-openldap-re24-its7796.patch
+Patch12: 0012-openldap-re24-its8336.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: cyrus-sasl-devel
BuildRequires: groff
BuildRequires: libopenssl-devel
BuildRequires: libtool
+Requires: libldap-2_4-2 = %{version_main}
+Recommends: cyrus-sasl
%if "%{name}" == "openldap2"
BuildRequires: db-devel
BuildRequires: openslp-devel
-BuildRequires: tcpd-devel
BuildRequires: unixODBC-devel
Conflicts: openldap
-Requires: libldap-2_4-2 = %{version_main}
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
-%if 0%{?suse_version} >= 1140
+%if %{suse_version} >= 1310 && %{suse_version} != 1315
# avoid cycle with krb5
BuildRequires: krb5-mini
BuildRequires: pkgconfig(systemd)
@@ -70,7 +77,6 @@
%endif
%else
Conflicts: openldap-client
-Requires: libldap-2_4-2 = %{version_main}
%endif
# For /usr/bin/strings
Requires(pre): binutils
@@ -78,10 +84,10 @@
%if "%{name}" == "openldap2"
%description
-The Lightweight Directory Access Protocol (LDAP) is used to access
-online directory services. It runs directly over TCP and can be used to
-access a stand-alone LDAP directory service or to access a directory
-service that has an X.500 back-end.
+OpenLDAP is a client and server reference implementation of the
+Lightweight Directory Access Protocol v3 (LDAPv3).
+
+The server provides several database backends and overlays.
%package -n openldap2-back-perl
Summary: OpenLDAP Perl Back-End
@@ -93,6 +99,16 @@
The OpenLDAP Perl back-end allows you to execute Perl code specific to
different LDAP operations.
+%package -n openldap2-back-sock
+Summary: OpenLDAP Socket Back-End
+Group: Productivity/Networking/LDAP/Servers
+Requires: openldap2 = %{version_main}
+Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz
+
+%description -n openldap2-back-sock
+The OpenLDAP socket back-end allows you to handle LDAP requests and
+results with an external process listening on a Unix domain socket.
+
%package -n openldap2-back-meta
Summary: OpenLDAP Meta Back-End
Group: Productivity/Networking/LDAP/Servers
@@ -115,6 +131,25 @@
stored in a Relational (SQL) Database as an LDAP subtree without the need
to do any programming.
+%package -n openldap2-contrib
+Summary: OpenLDAP Contrib Modules
+Group: Productivity/Networking/LDAP/Servers
+Requires: openldap2 = %{version_main}
+
+%description -n openldap2-contrib
+Various overlays found in contrib/:
+allop
+allowed Generates attributes indicating access rights
+autogroup
+cloak
+denyop
+lastbind writes last bind timestamp to entry
+noopsrch handles no-op search control
+nops
+pw-sha2 generates/validates SHA-2 password hashes
+pw-pbkdf2 generates/validates PBKDF2 password hashes
+smbk5pwd generates Samba3 password hashes (heimdal krb disabled)
+
%package -n openldap2-doc
Summary: OpenLDAP Documentation
Group: Documentation/Other
@@ -126,6 +161,7 @@
%description -n openldap2-doc
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
+
Authors:
--------
The OpenLDAP Project
@@ -145,6 +181,7 @@
#
Conflicts: openldap-devel
Requires: libldap-2_4-2 = %{version_main}
+Recommends: cyrus-sasl-devel
%description -n openldap2-devel
This package provides the OpenLDAP libraries, header files, and
@@ -171,11 +208,10 @@
%endif
%prep
-%setup -q -n openldap-%{version_main} -a1 -a2
-%patch1 -p1
+%setup -q -n openldap-%{version_main}
%patch2 -p1
%patch3 -p1
-%patch4 -p1
+#%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
@@ -183,48 +219,66 @@
%patch9 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
cp %{SOURCE5} .
%build
-%{?suse_update_config:%{suse_update_config -f build}}
-libtoolize --force
-autoreconf
-export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE"
+# %{?suse_update_config:%{suse_update_config -f build}}
+#libtoolize --force
+#autoreconf
+# export CFLAGS="${RPM_OPT_FLAGS} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
+export CFLAGS="-Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
export STRIP=""
-%configure \
- --localstatedir=%{_rundir}/slapd \
- --libexecdir=/usr/lib/openldap \
- --enable-wrappers \
+./configure \
+ --prefix=/usr \
+ --sysconfdir=%{_sysconfdir} \
+ --libdir=%{_libdir} \
+ --libexecdir=%{_libdir} \
+ --localstatedir=%{_rundir} \
+ --enable-wrappers=no \
--enable-spasswd \
--enable-modules \
--enable-shared \
--enable-dynamic \
- --with-tls \
+ --with-tls=openssl \
--with-cyrus-sasl \
--enable-crypt \
--enable-ipv6=yes \
%if "%{name}" == "openldap2"
--enable-aci \
- --enable-bdb \
- --enable-hdb \
+ --enable-bdb=mod \
+ --enable-hdb=mod \
--enable-rewrite \
- --enable-ldap=yes \
+ --enable-ldap=mod \
--enable-meta=mod \
- --enable-monitor=yes \
+ --enable-monitor=mod \
--enable-perl=mod \
+ --enable-sock=mod \
--enable-sql=mod \
- --enable-mdb=yes \
+ --enable-mdb=mod \
+ --enable-relay=mod \
--enable-slp \
--enable-overlays=mod \
- --enable-syncprov=yes \
- --enable-ppolicy=yes \
+ --enable-syncprov=mod \
+ --enable-ppolicy=mod \
%else
--disable-slapd \
%endif
--enable-lmpasswd \
- --with-yielding-select
+ --with-yielding-select \
+ || cat config.log
make depend
make %{?_smp_mflags}
+%if "%{name}" == "openldap2"
+# Build selected contrib overlays
+for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
+do
+ make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
+done
+# One more level up needed because of passwd/sha2
+# slapo-smbk5pwd only for Samba password hashes
+make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""
+%endif
%check
%if %run_test_suite
@@ -252,50 +306,67 @@
%endif
%install
-mkdir -p $RPM_BUILD_ROOT/usr/lib/openldap/
-mkdir -p $RPM_BUILD_ROOT/usr/sbin
-mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
-make STRIP="" DESTDIR=$RPM_BUILD_ROOT install
-install -m 755 start $RPM_BUILD_ROOT/usr/lib/openldap/start
-install -m 644 slapd.service $RPM_BUILD_ROOT/%{_unitdir}
-mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
-mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2
-install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
-install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap
-chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so*
-chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so*
-chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so*
-install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/usr/sbin/schema2ldif
+mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}/openldap
+mkdir -p ${RPM_BUILD_ROOT}/usr/lib/openldap
+mkdir -p ${RPM_BUILD_ROOT}/usr/sbin
+mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir}
+make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
+# Additional symbolic link to slapd executable in /usr/sbin/
+%if "%{name}" == "openldap2"
+ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd
+%endif
+%if "%{name}" == "openldap2"
+# Install selected contrib overlays
+for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
+do
+ make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
+done
+# slapo-smbk5pwd only for Samba password hashes
+make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
+%endif
+install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start
+install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir}
+mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d
+mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2
+install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2/slapd.conf
+install -m 755 -d ${RPM_BUILD_ROOT}/var/lib/ldap
+chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so*
+chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so*
+chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so*
+install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif
%if "%{name}" == "openldap2"
%define DOCDIR %{_defaultdocdir}/%{name}
-mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
-install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap
-install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema
-install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG
-install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example
-install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/
-install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap
+mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates
+install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap
+install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
+install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
+install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
+install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
+install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG
+install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example
+install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/
+install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap
rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d`
rm -rf doc/guide/release
-install -d $RPM_BUILD_ROOT/%{DOCDIR}/adminguide \
- $RPM_BUILD_ROOT/%{DOCDIR}/images \
- $RPM_BUILD_ROOT/%{DOCDIR}/drafts
-install -m 644 doc/guide/admin/* $RPM_BUILD_ROOT/%{DOCDIR}/adminguide
-install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images
-install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts
+install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \
+ ${RPM_BUILD_ROOT}/%{DOCDIR}/images \
+ ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
+install -m 644 doc/guide/admin/* ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide
+install -m 644 doc/guide/images/*.gif ${RPM_BUILD_ROOT}/%{DOCDIR}/images
+install -m 644 doc/drafts/* ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
install -m 644 ANNOUNCEMENT \
COPYRIGHT \
LICENSE \
README \
CHANGES \
%{SOURCE5} \
- $RPM_BUILD_ROOT/%{DOCDIR}
+ ${RPM_BUILD_ROOT}/%{DOCDIR}
install -m 644 servers/slapd/slapd.ldif \
- $RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default
-rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example
-rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README
-rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif*
-rm -f $RPM_BUILD_ROOT%{_rundir}/slapd/openldap-data/DB_CONFIG.example
+ ${RPM_BUILD_ROOT}/%{DOCDIR}/slapd.ldif.default
+rm -f ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example
+rm -f ${RPM_BUILD_ROOT}/etc/openldap/schema/README
+rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif*
+rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example
mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
# Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO
# /usr/sbin/service exists only since openSUSE 12.3:
@@ -305,16 +376,15 @@
ln -s /sbin/service %{buildroot}%{_sbindir}/rcslapd
%endif
%endif
-rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5
+rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-null.5
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-passwd.5
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-shell.5
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5
# Remove *.la files, libtool does not handle this correct
-rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
+rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la
#put filelists into files
cat >openldap2.filelist < openldap2-back-perl.filelist < openldap2-back-sock.filelist < openldap2-back-meta.filelist < openldap2-back-sql.filelist < openldap2-contrib.filelist <openldap2-doc.filelist <&1 | grep -q on; then
- touch /var/run/enable_slapd_service
+ touch %{_rundir}/enable_slapd_service
fi
%service_add_pre slapd.service
@@ -467,7 +563,7 @@
%{fillup_only -n openldap ldap}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%service_add_post slapd.service
-if [ -f /var/run/enable_slapd_service ]; then
+if [ -f %{_rundir}/enable_slapd_service ]; then
/usr/bin/systemctl --quiet enable slapd
fi
@@ -483,6 +579,9 @@
%files -n openldap2-back-perl -f openldap2-back-perl.filelist
%defattr(-,root,root)
+%files -n openldap2-back-sock -f openldap2-back-sock.filelist
+%defattr(-,root,root)
+
%files -n openldap2-back-meta -f openldap2-back-meta.filelist
%defattr(-,root,root)
@@ -492,6 +591,9 @@
%files -n openldap2-doc -f openldap2-doc.filelist
%defattr(-,root,root)
+%files -n openldap2-contrib -f openldap2-contrib.filelist
+%defattr(-,root,root)
+
%else
%post -n libldap-2_4-2 -p /sbin/ldconfig
++++++ openldap2.spec ++++++
--- /var/tmp/diff_new_pack.UGwmDj/_old 2016-01-30 11:30:55.000000000 +0100
+++ /var/tmp/diff_new_pack.UGwmDj/_new 2016-01-30 11:30:55.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openldap2
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,52 +17,59 @@
%define run_test_suite 0
-%define version_main 2.4.42
+%define version_main 2.4.43
-%if ! %{defined _rundir}
-%define _rundir %{_localstatedir}/run
+%if %{suse_version} >= 1310 && %{suse_version} != 1315
+%define _rundir /run/slapd
+%else
+%define _rundir /var/run/slapd
%endif
Name: openldap2
Summary: The OpenLDAP Server
License: OLDAP-2.8
Group: Productivity/Networking/LDAP/Clients
-Version: 2.4.42
+Version: %{version_main}
Release: 0
Url: http://www.openldap.org
Source: openldap-%{version_main}.tgz
-Source1: openldap-rc.tgz
-Source2: addonschema.tar.gz
Source3: DB_CONFIG
Source4: sasl-slapd.conf
-Source5: README.dynamic-overlays
+Source5: README.module-loading
Source6: schema2ldif
Source7: baselibs.conf
-Patch1: 0001-build-adjustments.dif
+Source9: ldapns.schema
+Source10: rfc2307bis.schema
+Source11: yast.schema
+Source12: slapd.conf.example
+Source13: start
+Source14: slapd.service
+Source15: SuSEfirewall2.openldap
+Source16: sysconfig.openldap
Patch2: 0002-slapd.conf.dif
Patch3: 0003-LDAPI-socket-location.dif
-Patch4: 0004-libldap-use-gethostbyname_r.dif
Patch5: 0005-pie-compile.dif
Patch6: 0006-No-Build-date-and-time-in-binaries.dif
Patch7: 0007-Recover-on-DB-version-change.dif
Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
-Patch10: 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch
-Patch11: 0011-Enforce-minimum-DH-size-of-1024.patch
+Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
+Patch11: 0011-openldap-re24-its7796.patch
+Patch12: 0012-openldap-re24-its8336.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: cyrus-sasl-devel
BuildRequires: groff
BuildRequires: libopenssl-devel
BuildRequires: libtool
+Requires: libldap-2_4-2 = %{version_main}
+Recommends: cyrus-sasl
%if "%{name}" == "openldap2"
BuildRequires: db-devel
BuildRequires: openslp-devel
-BuildRequires: tcpd-devel
BuildRequires: unixODBC-devel
Conflicts: openldap
-Requires: libldap-2_4-2 = %{version_main}
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
-%if 0%{?suse_version} >= 1140
+%if %{suse_version} >= 1310 && %{suse_version} != 1315
# avoid cycle with krb5
BuildRequires: krb5-mini
BuildRequires: pkgconfig(systemd)
@@ -70,7 +77,6 @@
%endif
%else
Conflicts: openldap-client
-Requires: libldap-2_4-2 = %{version_main}
%endif
# For /usr/bin/strings
Requires(pre): binutils
@@ -78,10 +84,10 @@
%if "%{name}" == "openldap2"
%description
-The Lightweight Directory Access Protocol (LDAP) is used to access
-online directory services. It runs directly over TCP and can be used to
-access a stand-alone LDAP directory service or to access a directory
-service that has an X.500 back-end.
+OpenLDAP is a client and server reference implementation of the
+Lightweight Directory Access Protocol v3 (LDAPv3).
+
+The server provides several database backends and overlays.
%package -n openldap2-back-perl
Summary: OpenLDAP Perl Back-End
@@ -93,6 +99,16 @@
The OpenLDAP Perl back-end allows you to execute Perl code specific to
different LDAP operations.
+%package -n openldap2-back-sock
+Summary: OpenLDAP Socket Back-End
+Group: Productivity/Networking/LDAP/Servers
+Requires: openldap2 = %{version_main}
+Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz
+
+%description -n openldap2-back-sock
+The OpenLDAP socket back-end allows you to handle LDAP requests and
+results with an external process listening on a Unix domain socket.
+
%package -n openldap2-back-meta
Summary: OpenLDAP Meta Back-End
Group: Productivity/Networking/LDAP/Servers
@@ -115,6 +131,25 @@
stored in a Relational (SQL) Database as an LDAP subtree without the need
to do any programming.
+%package -n openldap2-contrib
+Summary: OpenLDAP Contrib Modules
+Group: Productivity/Networking/LDAP/Servers
+Requires: openldap2 = %{version_main}
+
+%description -n openldap2-contrib
+Various overlays found in contrib/:
+allop
+allowed Generates attributes indicating access rights
+autogroup
+cloak
+denyop
+lastbind writes last bind timestamp to entry
+noopsrch handles no-op search control
+nops
+pw-sha2 generates/validates SHA-2 password hashes
+pw-pbkdf2 generates/validates PBKDF2 password hashes
+smbk5pwd generates Samba3 password hashes (heimdal krb disabled)
+
%package -n openldap2-doc
Summary: OpenLDAP Documentation
Group: Documentation/Other
@@ -126,6 +161,7 @@
%description -n openldap2-doc
The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
+
Authors:
--------
The OpenLDAP Project
@@ -145,6 +181,7 @@
#
Conflicts: openldap-devel
Requires: libldap-2_4-2 = %{version_main}
+Recommends: cyrus-sasl-devel
%description -n openldap2-devel
This package provides the OpenLDAP libraries, header files, and
@@ -171,11 +208,10 @@
%endif
%prep
-%setup -q -n openldap-%{version_main} -a1 -a2
-%patch1 -p1
+%setup -q -n openldap-%{version_main}
%patch2 -p1
%patch3 -p1
-%patch4 -p1
+#%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
@@ -183,49 +219,65 @@
%patch9 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
cp %{SOURCE5} .
%build
-%{?suse_update_config:%{suse_update_config -f build}}
-libtoolize --force
-autoreconf
-export CFLAGS="$RPM_OPT_FLAGS -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS -DSLAP_CONFIG_DELETE"
+# %{?suse_update_config:%{suse_update_config -f build}}
+#libtoolize --force
+#autoreconf
+# export CFLAGS="${RPM_OPT_FLAGS} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
+export CFLAGS="-Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES"
export STRIP=""
-%configure \
- --localstatedir=%{_rundir}/slapd \
- --libexecdir=/usr/lib/openldap \
- --enable-wrappers \
+./configure \
+ --prefix=/usr \
+ --sysconfdir=%{_sysconfdir} \
+ --libdir=%{_libdir} \
+ --libexecdir=%{_libdir} \
+ --localstatedir=%{_rundir} \
+ --enable-wrappers=no \
--enable-spasswd \
--enable-modules \
--enable-shared \
--enable-dynamic \
- --with-tls \
+ --with-tls=openssl \
--with-cyrus-sasl \
--enable-crypt \
--enable-ipv6=yes \
%if "%{name}" == "openldap2"
--enable-aci \
- --enable-bdb \
- --enable-hdb \
+ --enable-bdb=mod \
+ --enable-hdb=mod \
--enable-rewrite \
- --enable-ldap=yes \
+ --enable-ldap=mod \
--enable-meta=mod \
- --enable-monitor=yes \
+ --enable-monitor=mod \
--enable-perl=mod \
+ --enable-sock=mod \
--enable-sql=mod \
- --enable-mdb=yes \
+ --enable-mdb=mod \
+ --enable-relay=mod \
--enable-slp \
--enable-overlays=mod \
- --enable-syncprov=yes \
- --enable-ppolicy=yes \
+ --enable-syncprov=mod \
+ --enable-ppolicy=mod \
%else
--disable-slapd \
%endif
--enable-lmpasswd \
- --with-yielding-select
+ --with-yielding-select \
+ || cat config.log
make depend
make %{?_smp_mflags}
%if "%{name}" == "openldap2"
+# Build selected contrib overlays
+for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
+do
+ make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
+done
+# One more level up needed because of passwd/sha2
+# slapo-smbk5pwd only for Samba password hashes
+make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""
%endif
%check
@@ -254,50 +306,67 @@
%endif
%install
-mkdir -p $RPM_BUILD_ROOT/usr/lib/openldap/
-mkdir -p $RPM_BUILD_ROOT/usr/sbin
-mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
-make STRIP="" DESTDIR=$RPM_BUILD_ROOT install
-install -m 755 start $RPM_BUILD_ROOT/usr/lib/openldap/start
-install -m 644 slapd.service $RPM_BUILD_ROOT/%{_unitdir}
-mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
-mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2
-install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
-install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap
-chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so*
-chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so*
-chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so*
-install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/usr/sbin/schema2ldif
+mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}/openldap
+mkdir -p ${RPM_BUILD_ROOT}/usr/lib/openldap
+mkdir -p ${RPM_BUILD_ROOT}/usr/sbin
+mkdir -p ${RPM_BUILD_ROOT}/%{_unitdir}
+make STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
+# Additional symbolic link to slapd executable in /usr/sbin/
+%if "%{name}" == "openldap2"
+ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd
+%endif
+%if "%{name}" == "openldap2"
+# Install selected contrib overlays
+for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2
+do
+ make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
+done
+# slapo-smbk5pwd only for Samba password hashes
+make -C contrib/slapd-modules/smbk5pwd STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
+%endif
+install -m 755 %{SOURCE13} ${RPM_BUILD_ROOT}/usr/lib/openldap/start
+install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}/%{_unitdir}
+mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/slapd.d
+mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2
+install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_sysconfdir}/sasl2/slapd.conf
+install -m 755 -d ${RPM_BUILD_ROOT}/var/lib/ldap
+chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so*
+chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so*
+chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so*
+install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif
%if "%{name}" == "openldap2"
%define DOCDIR %{_defaultdocdir}/%{name}
-mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
-install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap
-install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema
-install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG
-install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example
-install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/
-install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap
+mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates
+install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap
+install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
+install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
+install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema
+install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap
+install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG
+install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example
+install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/
+install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap
rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d`
rm -rf doc/guide/release
-install -d $RPM_BUILD_ROOT/%{DOCDIR}/adminguide \
- $RPM_BUILD_ROOT/%{DOCDIR}/images \
- $RPM_BUILD_ROOT/%{DOCDIR}/drafts
-install -m 644 doc/guide/admin/* $RPM_BUILD_ROOT/%{DOCDIR}/adminguide
-install -m 644 doc/guide/images/*.gif $RPM_BUILD_ROOT/%{DOCDIR}/images
-install -m 644 doc/drafts/* $RPM_BUILD_ROOT/%{DOCDIR}/drafts
+install -d ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide \
+ ${RPM_BUILD_ROOT}/%{DOCDIR}/images \
+ ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
+install -m 644 doc/guide/admin/* ${RPM_BUILD_ROOT}/%{DOCDIR}/adminguide
+install -m 644 doc/guide/images/*.gif ${RPM_BUILD_ROOT}/%{DOCDIR}/images
+install -m 644 doc/drafts/* ${RPM_BUILD_ROOT}/%{DOCDIR}/drafts
install -m 644 ANNOUNCEMENT \
COPYRIGHT \
LICENSE \
README \
CHANGES \
%{SOURCE5} \
- $RPM_BUILD_ROOT/%{DOCDIR}
+ ${RPM_BUILD_ROOT}/%{DOCDIR}
install -m 644 servers/slapd/slapd.ldif \
- $RPM_BUILD_ROOT/%{DOCDIR}/slapd.ldif.default
-rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example
-rm -f $RPM_BUILD_ROOT/etc/openldap/schema/README
-rm -f $RPM_BUILD_ROOT/etc/openldap/slapd.ldif*
-rm -f $RPM_BUILD_ROOT%{_rundir}/slapd/openldap-data/DB_CONFIG.example
+ ${RPM_BUILD_ROOT}/%{DOCDIR}/slapd.ldif.default
+rm -f ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example
+rm -f ${RPM_BUILD_ROOT}/etc/openldap/schema/README
+rm -f ${RPM_BUILD_ROOT}/etc/openldap/slapd.ldif*
+rm -f ${RPM_BUILD_ROOT}/%{_rundir}/openldap-data/DB_CONFIG.example
mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
# Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO
# /usr/sbin/service exists only since openSUSE 12.3:
@@ -307,16 +376,15 @@
ln -s /sbin/service %{buildroot}%{_sbindir}/rcslapd
%endif
%endif
-rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-ndb.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sock.5
-rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5
+rm -f ${RPM_BUILD_ROOT}/%{_libdir}/openldap/*.a
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-dnssrv.5
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-ndb.5
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-null.5
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-passwd.5
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-shell.5
+rm -f ${RPM_BUILD_ROOT}/usr/share/man/man5/slapd-tcl.5
# Remove *.la files, libtool does not handle this correct
-rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
+rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la
#put filelists into files
cat >openldap2.filelist <>openldap2.filelist < openldap2-client.filelist < openldap2-back-perl.filelist < openldap2-back-sock.filelist < openldap2-back-meta.filelist < openldap2-back-sql.filelist < openldap2-contrib.filelist <openldap2-doc.filelist <&1 > /dev/null;
-then
- # create a backup of the schema shipped with 2.3
- # at least core.schema changed between 2.3 and 2.4
- TEMPDIR=`mktemp -d /etc/openldap/schema.backup.XXXXXX`
- echo "Schema backup created in $TEMPDIR"
- cp -p --remove-destination /etc/openldap/schema/* $TEMPDIR
- echo $TEMPDIR > /etc/openldap/UPDATE_NEEDED ;
-fi
+/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || :
if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then
- touch /var/run/enable_slapd_service
+ touch %{_rundir}/enable_slapd_service
fi
%service_add_pre slapd.service
@@ -486,7 +563,7 @@
%{fillup_only -n openldap ldap}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%service_add_post slapd.service
-if [ -f /var/run/enable_slapd_service ]; then
+if [ -f %{_rundir}/enable_slapd_service ]; then
/usr/bin/systemctl --quiet enable slapd
fi
@@ -502,6 +579,9 @@
%files -n openldap2-back-perl -f openldap2-back-perl.filelist
%defattr(-,root,root)
+%files -n openldap2-back-sock -f openldap2-back-sock.filelist
+%defattr(-,root,root)
+
%files -n openldap2-back-meta -f openldap2-back-meta.filelist
%defattr(-,root,root)
@@ -511,6 +591,9 @@
%files -n openldap2-doc -f openldap2-doc.filelist
%defattr(-,root,root)
+%files -n openldap2-contrib -f openldap2-contrib.filelist
+%defattr(-,root,root)
+
%else
%post -n libldap-2_4-2 -p /sbin/ldconfig
++++++ 0002-slapd.conf.dif ++++++
--- /var/tmp/diff_new_pack.UGwmDj/_old 2016-01-30 11:30:55.000000000 +0100
+++ /var/tmp/diff_new_pack.UGwmDj/_new 2016-01-30 11:30:55.000000000 +0100
@@ -1,35 +1,38 @@
-From a8be17d4a1db1c6ee24b328f3f34e21ccb02ca3f Mon Sep 17 00:00:00 2001
-From: Ralf Haferkamp
-Date: Wed, 16 Jun 2010 14:05:49 +0200
-Subject: slapd.conf
-
-
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
-index 4938b85..9caf292 100644
+index 4938b85..b9bec75 100644
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
-@@ -3,6 +3,10 @@
+@@ -2,7 +2,11 @@
+ # See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
- include %SYSCONFDIR%/schema/core.schema
-+include %SYSCONFDIR%/schema/cosine.schema
-+include %SYSCONFDIR%/schema/inetorgperson.schema
-+include %SYSCONFDIR%/schema/rfc2307bis.schema
-+include %SYSCONFDIR%/schema/yast.schema
+-include %SYSCONFDIR%/schema/core.schema
++include /etc/openldap/schema/core.schema
++include /etc/openldap/schema/cosine.schema
++include /etc/openldap/schema/inetorgperson.schema
++include /etc/openldap/schema/rfc2307bis.schema
++include /etc/openldap/schema/yast.schema
# Define global ACLs to disable default read access.
-@@ -10,8 +14,8 @@ include %SYSCONFDIR%/schema/core.schema
+@@ -10,13 +14,13 @@ include %SYSCONFDIR%/schema/core.schema
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
-pidfile %LOCALSTATEDIR%/run/slapd.pid
-argsfile %LOCALSTATEDIR%/run/slapd.args
-+pidfile %LOCALSTATEDIR%/slapd.pid
-+argsfile %LOCALSTATEDIR%/slapd.args
++pidfile /run/slapd/slapd.pid
++argsfile /run/slapd/slapd.args
# Load dynamic backend modules:
- # modulepath %MODULEDIR%
+-# modulepath %MODULEDIR%
++# modulepath /usr/lib/openldap
+ # moduleload back_bdb.la
+-# moduleload back_hdb.la
++moduleload back_hdb.la
+ # moduleload back_ldap.la
+
+ # Sample security restrictions
@@ -26,20 +30,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
# security ssf=1 update_ssf=112 simple_bind=64
@@ -75,9 +78,12 @@
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
-@@ -52,6 +66,8 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
+@@ -50,8 +64,10 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
+ # BDB database definitions
+ #######################################################################
- database bdb
+-database bdb
++database hdb
suffix "dc=my-domain,dc=com"
+checkpoint 1024 5
+cachesize 10000
@@ -92,6 +98,3 @@
+directory /var/lib/ldap
# Indices to maintain
index objectClass eq
---
-1.7.10.4
-
++++++ 0011-Enforce-minimum-DH-size-of-1024.patch -> 0010-Enforce-minimum-DH-size-of-1024.patch ++++++
++++++ 0011-openldap-re24-its7796.patch ++++++
diff --git a/servers/slapd/back-bdb/filterindex.c b/servers/slapd/back-bdb/filterindex.c
index 71e3ea4..bafef72 100644
--- a/servers/slapd/back-bdb/filterindex.c
+++ b/servers/slapd/back-bdb/filterindex.c
@@ -741,7 +741,7 @@ equality_candidates(
&db, &mask, &prefix );
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
- Debug( LDAP_DEBUG_ANY,
+ Debug( LDAP_DEBUG_TRACE,
"<= bdb_equality_candidates: (%s) not indexed\n",
ava->aa_desc->ad_cname.bv_val, 0, 0 );
return 0;
@@ -858,7 +858,7 @@ approx_candidates(
&db, &mask, &prefix );
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
- Debug( LDAP_DEBUG_ANY,
+ Debug( LDAP_DEBUG_TRACE,
"<= bdb_approx_candidates: (%s) not indexed\n",
ava->aa_desc->ad_cname.bv_val, 0, 0 );
return 0;
@@ -978,7 +978,7 @@ substring_candidates(
&db, &mask, &prefix );
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
- Debug( LDAP_DEBUG_ANY,
+ Debug( LDAP_DEBUG_TRACE,
"<= bdb_substring_candidates: (%s) not indexed\n",
sub->sa_desc->ad_cname.bv_val, 0, 0 );
return 0;
@@ -1095,7 +1095,7 @@ inequality_candidates(
&db, &mask, &prefix );
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
- Debug( LDAP_DEBUG_ANY,
+ Debug( LDAP_DEBUG_TRACE,
"<= bdb_inequality_candidates: (%s) not indexed\n",
ava->aa_desc->ad_cname.bv_val, 0, 0 );
return 0;
diff --git a/servers/slapd/back-mdb/filterindex.c b/servers/slapd/back-mdb/filterindex.c
index 58c1cc8..20c58b7 100644
--- a/servers/slapd/back-mdb/filterindex.c
+++ b/servers/slapd/back-mdb/filterindex.c
@@ -709,7 +709,7 @@ equality_candidates(
&dbi, &mask, &prefix );
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
- Debug( LDAP_DEBUG_ANY,
+ Debug( LDAP_DEBUG_TRACE,
"<= mdb_equality_candidates: (%s) not indexed\n",
ava->aa_desc->ad_cname.bv_val, 0, 0 );
return 0;
@@ -825,7 +825,7 @@ approx_candidates(
&dbi, &mask, &prefix );
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
- Debug( LDAP_DEBUG_ANY,
+ Debug( LDAP_DEBUG_TRACE,
"<= mdb_approx_candidates: (%s) not indexed\n",
ava->aa_desc->ad_cname.bv_val, 0, 0 );
return 0;
@@ -944,7 +944,7 @@ substring_candidates(
&dbi, &mask, &prefix );
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
- Debug( LDAP_DEBUG_ANY,
+ Debug( LDAP_DEBUG_TRACE,
"<= mdb_substring_candidates: (%s) not indexed\n",
sub->sa_desc->ad_cname.bv_val, 0, 0 );
return 0;
@@ -1060,7 +1060,7 @@ inequality_candidates(
&dbi, &mask, &prefix );
if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
- Debug( LDAP_DEBUG_ANY,
+ Debug( LDAP_DEBUG_TRACE,
"<= mdb_inequality_candidates: (%s) not indexed\n",
ava->aa_desc->ad_cname.bv_val, 0, 0 );
return 0;
++++++ 0012-openldap-re24-its8336.patch ++++++
From fd7bfbc0df0ade534bea84914d385ecf2a73f678 Mon Sep 17 00:00:00 2001
From: Howard Chu
Date: Tue, 8 Dec 2015 18:17:24 +0000
Subject: ITS#8336 fix page_search_root assert on FreeDB
Let "illegal" branch pages thru on the FreeDB - the condition
is only temporary and will be fixed by the time rebalance finishes.
diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
index fa0c9e5..a624cba 100644
--- a/libraries/liblmdb/mdb.c
+++ b/libraries/liblmdb/mdb.c
@@ -5279,7 +5279,11 @@ mdb_page_search_root(MDB_cursor *mc, MDB_val *key, int flags)
indx_t i;
DPRINTF(("branch page %"Z"u has %u keys", mp->mp_pgno, NUMKEYS(mp)));
- mdb_cassert(mc, NUMKEYS(mp) > 1);
+ /* Don't assert on branch pages in the FreeDB. We can get here
+ * while in the process of rebalancing a FreeDB branch page; we must
+ * let that proceed. ITS#8336
+ */
+ mdb_cassert(mc, !mc->mc_dbi || NUMKEYS(mp) > 1);
DPRINTF(("found index 0 to page %"Z"u", NODEPGNO(NODEPTR(mp, 0))));
if (flags & (MDB_PS_FIRST|MDB_PS_LAST)) {
++++++ README.module-loading ++++++
All of the OpenLDAP backends (except back-config) and overlays are now
compiled as dynamic modules in our packages. If you want to use any of
these in your setup make sure to put the correct "olcModuleLoad" or
"moduleload" statements in your configuration.
For details please see the slapd-config(5) and slapd.conf(5) manpages
(depending on which config mechanism you use).
For a list of the included dynamic modules list all modules files:
ls /usr/lib*/openldap/*.so
Or just the backend files:
ls /usr/lib*/openldap/back_*.so
Documentations for the overlays can be found in the respective man pages or
the OpenLDAP Administration Guide which is part of the "openldap2-doc"
package.
Backend man-pages:
man 5 slapo-
Overlays man-pages:
man 5 slapo-<name>
++++++ SuSEfirewall2.openldap ++++++
## Name: OpenLDAP Server
## Description: Opens ports for the OpenLDAP Server (slapd).
# space separated list of allowed TCP ports
TCP="ldap ldaps"
# space separated list of allowed UDP ports
UDP="ldap"
# space separated list of allowed RPC services
RPC=""
# space separated list of allowed IP protocols
IP=""
# space separated list of allowed UDP broadcast ports
BROADCAST=""
++++++ ldapns.schema ++++++
# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $
# LDAP Name Service Additional Schema
# http://www.iana.org/assignments/gssapi-service-names
attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
DESC 'IANA GSS-API authorized service name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
DESC 'Auxiliary object class for adding authorizedService attribute'
SUP top
AUXILIARY
MAY authorizedService )
objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject'
DESC 'Auxiliary object class for adding host attribute'
SUP top
AUXILIARY
MAY host )
++++++ openldap-2.4.42.tgz -> openldap-2.4.43.tgz ++++++
++++ 6915 lines of diff (skipped)
++++++ rfc2307bis.schema ++++++
# builtin
#
#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
# DESC 'An integer uniquely identifying a user in an administrative domain'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
# SINGLE-VALUE )
# builtin
#
#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
# DESC 'An integer uniquely identifying a group in an
# administrative domain'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
# SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
DESC 'The GECOS field; the common name'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
DESC 'The absolute path to the home directory'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
DESC 'The path to the login shell'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
DESC 'Netgroup triple'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
DESC 'Service port number'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
DESC 'Service protocol name'
SUP name )
attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
DESC 'IP protocol number'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
DESC 'ONC RPC number'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
DESC 'IPv4 addresses as a dotted decimal omitting leading
zeros or IPv6 addresses as defined in RFC2373'
SUP name )
attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
DESC 'IP network as a dotted decimal, eg. 192.168,
omitting leading zeros'
SUP name
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0,
omitting leading zeros'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
DESC 'MAC address in maximal, colon separated hex
notation, eg. 00:00:92:90:ee:e2'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
DESC 'rpc.bootparamd parameter'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
DESC 'Boot image name'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
DESC 'Name of a A generic NIS map'
SUP name )
attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
DESC 'A generic NIS entry'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
DESC 'NIS public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
DESC 'NIS secret key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.30 NAME 'nisDomain'
DESC 'NIS domain'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName'
DESC 'automount Map Name'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey'
DESC 'Automount Key value'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation'
DESC 'Automount information'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
DESC 'Abstraction of an account with POSIX attributes'
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
MAY ( userPassword $ loginShell $ gecos $
description ) )
objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
DESC 'Additional attributes for shadow passwords'
MUST uid
MAY ( userPassword $ description $
shadowLastChange $ shadowMin $ shadowMax $
shadowWarning $ shadowInactive $
shadowExpire $ shadowFlag ) )
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
DESC 'Abstraction of a group of accounts'
MUST gidNumber
MAY ( userPassword $ memberUid $
description ) )
objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL
DESC 'Abstraction an Internet Protocol service.
Maps an IP port and protocol (such as tcp or udp)
to one or more names; the distinguished value of
the cn attribute denotes the services canonical
name'
MUST ( cn $ ipServicePort $ ipServiceProtocol )
MAY description )
objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
DESC 'Abstraction of an IP protocol. Maps a protocol number
to one or more names. The distinguished value of the cn
attribute denotes the protocols canonical name'
MUST ( cn $ ipProtocolNumber )
MAY description )
objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL
DESC 'Abstraction of an Open Network Computing (ONC)
[RFC1057] Remote Procedure Call (RPC) binding.
This class maps an ONC RPC number to a name.
The distinguished value of the cn attribute denotes
the RPC services canonical name'
MUST ( cn $ oncRpcNumber )
MAY description )
objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY
DESC 'Abstraction of a host, an IP device. The distinguished
value of the cn attribute denotes the hosts canonical
name. Device SHOULD be used as a structural class'
MUST ( cn $ ipHostNumber )
MAY ( userPassword $ l $ description $ manager ) )
objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
DESC 'Abstraction of a network. The distinguished value of
the cn attribute denotes the networks canonical name'
MUST ipNetworkNumber
MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )
objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
DESC 'Abstraction of a netgroup. May refer to other netgroups'
MUST cn
MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
DESC 'A generic abstraction of a NIS map'
MUST nisMapName
MAY description )
objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
DESC 'An entry in a NIS map'
MUST ( cn $ nisMapEntry $ nisMapName )
MAY description )
objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY
DESC 'A device with a MAC address; device SHOULD be
used as a structural class'
MAY macAddress )
objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY
DESC 'A device with boot parameters; device SHOULD be
used as a structural class'
MAY ( bootFile $ bootParameter ) )
objectclass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
DESC 'An object with a public and secret key'
MUST ( cn $ nisPublicKey $ nisSecretKey )
MAY ( uidNumber $ description ) )
objectclass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
DESC 'Associates a NIS domain with a naming context'
MUST nisDomain )
objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
MUST ( automountMapName )
MAY description )
objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
DESC 'Automount information'
MUST ( automountKey $ automountInformation )
MAY description )
## namedObject is needed for groups without members
objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top
STRUCTURAL MAY cn )
++++++ slapd.conf.example ++++++
############################################################################
# See slapd.conf(5) for details on configuration options.
# This file SHOULD NOT be world readable.
#
# Important note:
# You surely have to adjust some settings to meet your (security)
# requirements.
# At least you should replace suffix "dc=example,dc=com" by
# something meaningful for your setup.
# If you plan to use OpenLDAP server as backend for Samba and/or Kerberos
# KDC then you MUST add decent ACLs for protecting user credentials!
#
# Read the man pages before changing something!
#
# You can debug the config by running (as root while slapd stopped):
# /usr/sbin/slapd -f /etc/openldap/slapd.conf -u ldap -g ldap -h "ldapi:/// ldap://127.0.0.1" -d 65535
############################################################################
#---------------------------------------------------------------------------
# slapd global parameters
#---------------------------------------------------------------------------
# serverID must be unique across all provider replicas
# for using multi-master replication (MMR)
serverID 99
# only alter this when you know what you're doing
#threads 4
# Run-time files
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# for more debugging set:
#loglevel config stats stats2
loglevel stats
#---------------------------------------------------------------------------
# Load runtime loadable modules
#---------------------------------------------------------------------------
# Load additional backend modules installed by package 'openldap2'
# The following backends are statically built-in and therefore don't have
# to be loaded here:
# config, ldif, monitor, bdb, hdb, ldap, mdb, relay
#moduleload back_
#moduleload back_
#moduleload back_mdb
#moduleload back_meta
#moduleload back_sock
# Load additional overlay modules installed by package 'openldap2'
# The following overlay are statically built-in and therefore don't have
# to be loaded here:
# ppolicy, syncprov
#moduleload accesslog
#moduleload constraint
#moduleload dds
#moduleload deref
#moduleload dynlist
#moduleload memberof
moduleload refint
#moduleload sssvlv
#moduleload translucent
moduleload unique
#moduleload valsort
# Load additional overlay modules installed by package 'openldap2-contrib'
#moduleload allowed
#moduleload lastbind
#moduleload noopsrch
#moduleload pw-pbkdf2
#moduleload pw-sha2
#moduleload smbk5pwd
#---------------------------------------------------------------------------
# Include schema files
#---------------------------------------------------------------------------
# Schema files installed by package 'openldap2'
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/ppolicy.schema
#include /etc/openldap/schema/yast.schema
# Schema file installed by package 'dhcp-server'
#include /etc/openldap/schema/dhcp.schema
# Schema file installed by package 'samba'
#include /etc/openldap/schema/samba3.schema
# Schema file installed by package 'krb5-plugin-kdb-ldap'
#include /usr/share/doc/packages/krb5/kerberos.schema
#---------------------------------------------------------------------------
# Transport Layer Security (TLS) configuration
#---------------------------------------------------------------------------
# require at least TLS 1.0 and highly secure ciphers
#TLSProtocolMin 3.1
#TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH
# TLS certificate and key files
#TLSCACertificateFile /etc/ssl/ca-bundle.pem
#TLSCertificateFile /etc/openldap/ssl.crt/server.crt
#TLSCertificateKeyFile /etc/openldap/ssl.key/server.key
# For enabling Perfect Forward Secrecy (PFS), see dhparam(1)
#TLSDHParamFile /etc/openldap/ssl.key/dhparam
#---------------------------------------------------------------------------
# Password hashing
#---------------------------------------------------------------------------
#password-hash {CRYPT}
# Parameters for {CRYPT} scheme: SHA-512, 72 bits) of salt, 5000 iterations
#password-crypt-salt-format "$6$%.12s"
#---------------------------------------------------------------------------
# Security requirements
#---------------------------------------------------------------------------
#disallow bind_anon
#require bind LDAPv3 strong
# SSF value for ldapi://
localSSF 256
# minimum required SSF value (security strength factor)
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
#security ssf=128 update_ssf=256 simple_bind=128
security ssf=0
#---------------------------------------------------------------------------
# Global access control (ACLs)
#---------------------------------------------------------------------------
# Root DSE: allow anyone to read it
access to
dn.base=""
by * read
# Sub schema sub entry: allow anyone to read it
access to
dn.base="cn=Subschema"
by * read
#---------------------------------------------------------------------------
# Authz-DN mappings
#---------------------------------------------------------------------------
# If connected via IPC socket (ldapi:///) and SASL/EXTERNAL was used
# System user root is mapped to the rootdn in database dc=example,dc=com
# which has also read access on config and monitor databases
authz-regexp
"gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
"cn=root,dc=example,dc=com"
# Map local system user to LDAP entry
# if connected via IPC socket (ldapi:///) and SASL/EXTERNAL was used
authz-regexp
"gidnumber=([0-9]+)\\+uidnumber=([0-9]+),cn=peercred,cn=external,cn=auth"
"ldap:///dc=example,dc=com??sub?(&(objectClass=posixAccount)(uidNumber=$2)(gidNumber=$1))"
# this maps the attribute uid to a LDAP entry
# if one of the typical password-based SASL mechs was used
authz-regexp
"uid=([a-zA-Z0-9_-]+),cn=(DIGEST-MD5|CRAM-MD5|NTLM|PLAIN|LOGIN|SCRAM-SHA-1),cn=auth"
"ldap:///dc=example,dc=com??sub?(uid=$1)"
# this maps the attribute uid to a LDAP entry
# if one of the Kerberos based SASL mechs was used
#authz-regexp
# "uid=([a-zA-Z0-9_-]+),cn=(GSSAPI|GS2-KRB5|GS2-IAKERB),cn=auth"
# "ldap:///dc=example,dc=com??sub?(|(krbPrincipalName=$1)(krbPrincipalAlias=$1))"
# Map client cert subject DN to LDAP entry if SASL/EXTERNAL was used
#authz-regexp
# "(.+)"
# "ldap:///dc=example,dc=com??sub?(&(objectClass=pkiUser)(seeAlso=$1))"
#===========================================================================
# Database specific configuration sections below
# Required order of databases:
# config (first), ...others..., monitor (last)
#===========================================================================
#---------------------------------------------------------------------------
# cn=config // Configuration database (always first!)
# see slapd-config(5)
#---------------------------------------------------------------------------
database config
# Cleartext passwords, especially for the rootdn, should
# be avoid! See slappasswd(8) and slapd.conf(5) for details.
# Best thing is not to set rootpw at all!
# For local config access by root use LDAPI with SASL/EXTERNAL instead
# (see above).
#rootpw secret
access to
dn.subtree="cn=config"
by dn.exact="cn=root,dc=example,dc=com" manage
by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" read
by * none
#---------------------------------------------------------------------------
# dc=example,dc=com // Example MDB database to be used by normal clients
# see slapd-mdb(5)
#---------------------------------------------------------------------------
database mdb
suffix "dc=example,dc=com"
# rootdn has to be set for overlays' internal operations
rootdn "cn=root,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid! See slappasswd(8) and slapd.conf(5) for details.
# Best thing is not to set rootpw at all!
rootpw secret
# The database directory MUST exist prior to running slapd and
# SHOULD only be accessible by the slapd user 'ldap'.
# mkdir /var/lib/ldap/example-db && chown ldap:ldap /var/lib/ldap/example-db && chmod 0700 /var/lib/ldap/example-db
directory /var/lib/ldap/example-db
# Permissions of database files created
mode 0600
# extra information to be available in cn=monitor for this database
monitoring on
# Perform ACL checks on the content of a new entry being added
add_content_acl on
# backend-specific database parameters
checkpoint 1024 5
# 100 MB (you can raise the limit later)
maxsize 104857600
# Indices to maintain
#
# Whenever you change indexing configuration you have to re-run slapindex
# while slapd being stopped!
# Don't forget to fix ownership/permissions of newly generated index files
# afterwards!
# set always!
index objectClass eq
# for typical address book use
index cn,sn,givenName,mail eq,sub
# for user management
index uid,uidNumber,gidNumber eq
# for authz-regexp mapping of Kerberos principal name
#index krbPrincipalName,krbPrincipalAlias eq
# for authz-regexp mapping of client cert subject DNs
#index seeAlso eq
# for syncrepl
index entryUUID,entryCSN eq
# access control lists (ACLs) for dc=example,dc=com
# see slapd.access(5) for details on access control lists (ACLs)
# full read access also to 'userPassword' for group of replicas
# and control is forwarded to subsequent ACLs
access to
dn.subtree=dc=example,dc=com
by group.base="cn=slapd replicas,ou=groups,dc=example,dc=com" read
by * break
# write-only access to 'userPassword' for user, auth access else
access to
attrs=userPassword
by self =w
by * auth
# 'userPKCS' must only be accessible by self
access to
attrs=userPKCS12
by self write
by * none
# No access to history of passwords
#access to
# attrs=pwdHistory
# by * none
# Catch-all ACL for the rest
access to
dn.subtree=dc=example,dc=com
by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" manage
by self read
by users read
by * auth
# see slapo-ppolicy(5)
overlay ppolicy
# Default password policy entry
#ppolicy_default cn=ppolicy-default,ou=policies,dc=example,dc=com
# Hash clear-text userPassword values sent in with add/modify operations
#ppolicy_hash_cleartext
# Return AccountLocked error code to client
#ppolicy_use_lockout
# see slapo-refint(5)
overlay refint
refint_attributes member seeAlso
refint_nothing cn=dummy
# Check sub-tree wide uniqueness of certain attributes
# see slapo-unique(5)
# you have to add eq-index for efficient uniqueness check!
# Note that filter part is currently ignored because of OpenLDAP ITS#6825
overlay unique
unique_uri "ldap:///dc=example,dc=com?uid,uidNumber,homeDirectory?sub"
unique_uri "ldap:///ou=groups,dc=example,dc=com?cn,gidNumber?sub?(|(objectClass=groupOfNames)(objectClass=posixGroup))"
#unique_uri "ldap:///dc=example,dc=com?krbPrincipalName,krbPrincipalAlias?sub"
#unique_uri "ldap:///dc=example,dc=com?ipHostNumber?sub"
#unique_uri "ldap:///dc=example,dc=com?employeeNumber?sub"
#unique_uri "ldap:///dc=example,dc=com?uniqueIdentifier?sub"
#overlay syncprov
#mirrormode on
#---------------------------------------------------------------------------
# cn=monitor // Monitoring database (always last!)
# see slapd-monitor(5)
#---------------------------------------------------------------------------
database monitor
access to
dn.subtree="cn=monitor"
by dn.exact="cn=root,dc=example,dc=com" write
by group.base="cn=slapd admins,ou=groups,dc=example,dc=com" write
by users read
++++++ slapd.service ++++++
[Unit]
Description=OpenLDAP Server Daemon
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/usr/lib/openldap/start
[Install]
WantedBy=multi-user.target
++++++ start ++++++
#! /bin/sh
# Copyright (c) 1997-2000 SuSE GmbH Nuernberg, Germany.
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# Author: Carsten Hoeger
# Ralf Haferkamp
#
# /etc/init.d/ldap
#
### BEGIN INIT INFO
# Provides: ldap
# Required-Start: $network $remote_fs
# Required-Stop: $network $remote_fs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: OpenLDAP Server (slapd)
# Description: Start and Stop the OpenLDAP Server (slapd) to
# provide LDAP directory services.
### END INIT INFO
# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}
test -f /etc/sysconfig/openldap && . /etc/sysconfig/openldap
SLAPD_BIN=/usr/sbin/slapd
LDAP_URLS=""
LDAPS_URLS=""
LDAPI_URLS=""
SLAPD_CONFIG_ARG="-F /etc/openldap/slapd.d"
SLAPD_PID_DIR="/var/run/slapd/"
test -x $SLAPD_BIN || exit 5
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v ditto but be verbose in local rc status
# rc_status -v -r ditto and clear the local rc status
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num><num>
# rc_reset clear local rc status (overall remains)
# rc_exit exit appropriate to overall rc status
. /etc/rc.status
# First reset status of this service
rc_reset
function init_ldap_listener_urls(){
case "$OPENLDAP_START_LDAP" in
[Yy][Ee][Ss])
if [ -n "$OPENLDAP_LDAP_INTERFACES" ]
then
for iface in $OPENLDAP_LDAP_INTERFACES ;do
LDAP_URLS="$LDAP_URLS ldap://$iface"
done
else
LDAP_URLS="ldap:///"
fi
;;
esac
}
function init_ldapi_listener_urls(){
case "$OPENLDAP_START_LDAPI" in
[Yy][Ee][Ss])
if [ -n "$OPENLDAP_LDAPI_INTERFACES" ]
then
for iface in $OPENLDAP_LDAPI_INTERFACES ;do
esc_iface=`echo "$iface" | sed -e s'/\\//\\%2f/'g`
LDAPI_URLS="$LDAPI_URLS ldapi://$esc_iface"
done
else
LDAPI_URLS="ldapi:///"
fi
;;
esac
}
function init_ldaps_listener_urls(){
case "$OPENLDAP_START_LDAPS" in
[Yy][Ee][Ss])
if [ -n "$OPENLDAP_LDAPS_INTERFACES" ]
then
for iface in $OPENLDAP_LDAPS_INTERFACES ;do
LDAPS_URLS="$LDAPS_URLS ldaps://$iface"
done
else
LDAPS_URLS="ldaps:///"
fi
;;
esac
}
function check_connection(){
SLAPD_TIMEOUT=10
START=$( date +%s)
while [ $(( $( date +%s) - ${START} )) -lt ${SLAPD_TIMEOUT} ]; do
ldapsearch -x -H "$LDAP_URLS $LDAPI_URLS $LDAPS_URLS" -b "" -s base &>/dev/null
LDAPSEARCH_RC=$?
if [ ${LDAPSEARCH_RC} -ge 0 ] && [ ${LDAPSEARCH_RC} -le 80 ] ; then break
else sleep 1
fi
done
}
depth=0;
function chown_database_dirs_bconfig() {
ldapdir=$(find $1 -type f -name "olcDatabase*" | xargs grep -i olcdbdirectory | awk '{print $2}')
for dir in $ldapdir; do
[ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
chown -R $OPENLDAP_USER $dir 2>/dev/null
[ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null
done
}
function chown_database_dirs() {
ldapdir=`grep ^directory $1 | awk '{print $2}'`
for dir in $ldapdir; do
[ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
chown -R $OPENLDAP_USER $dir 2>/dev/null
[ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null
done
includes=`grep ^include $1 | awk '{print $2}'`
if [ $depth -le 50 ]; then
depth=$(( $depth + 1 ));
for i in $includes; do
chown_database_dirs "$i" ;
done
fi
}
USER_CMD=""
GROUP_CMD=""
[ ! "x$OPENLDAP_USER" = "x" ] && USER_CMD="-u $OPENLDAP_USER"
[ ! "x$OPENLDAP_GROUP" = "x" ] && GROUP_CMD="-g $OPENLDAP_GROUP"
[ ! "x$OPENLDAP_CONFIG_BACKEND" = "xldap" ] && SLAPD_CONFIG_ARG="-f /etc/openldap/slapd.conf"
if [ -f /etc/openldap/UPDATE_NEEDED ]; then
rc_failed 6
echo " The configuration of your LDAP server needs to be updated."
echo " Please see /usr/share/doc/packages/openldap2/README.update"
echo " for details."
echo " After the update please remove the file:"
echo " /etc/openldap/UPDATE_NEEDED"
rc_status -v
exit
fi
# chown backend directories if OPENLDAP_CHOWN_DIRS ist set
if [ "$(echo "$OPENLDAP_CHOWN_DIRS" | tr 'A-Z' 'a-z')" = "yes" ]; then
if [ -n "$OPENLDAP_USER" -o -n "$OPENLDAP_GROUP" ]; then
if [ -n "$OPENLDAP_CONFIG_BACKEND" -a "$OPENLDAP_CONFIG_BACKEND" = "ldap" ]; then
chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
chown_database_dirs_bconfig "/etc/openldap/slapd.d"
# assume back-config usage if slapd.conf is not present but slapd.d is
elif [ ! -f /etc/openldap/slapd.conf -a /etc/openldap/slapd.d ]; then
chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
chown_database_dirs_bconfig "/etc/openldap/slapd.d"
else
chown_database_dirs "/etc/openldap/slapd.conf"
chgrp $OPENLDAP_GROUP /etc/openldap/slapd.conf 2>/dev/null
fi
if test -f /etc/sasl2/slapd.conf ; then
chgrp $OPENLDAP_GROUP /etc/sasl2/slapd.conf 2>/dev/null
chmod 640 /etc/sasl2/slapd.conf 2>/dev/null
fi
if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
keytabfile=${OPENLDAP_KRB5_KEYTAB/#FILE:/}
if test -f $keytabfile ; then
chgrp $OPENLDAP_GROUP $keytabfile 2>/dev/null
chmod g+r $keytabfile 2>/dev/null
fi
fi
fi
fi
if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
export KRB5_KTNAME=$OPENLDAP_KRB5_KEYTAB
fi
case "$OPENLDAP_REGISTER_SLP" in
[Yy][Ee][Ss])
SLAPD_SLP_REG="-o slp=on"
;;
*)
SLAPD_SLP_REG="-o slp=off"
;;
esac
init_ldap_listener_urls
init_ldapi_listener_urls
init_ldaps_listener_urls
if [ ! -d $SLAPD_PID_DIR ]; then
mkdir -p $SLAPD_PID_DIR
chown ldap:ldap $SLAPD_PID_DIR
fi
echo -n "Starting ldap-server"
exec $SLAPD_BIN -h "$LDAP_URLS $LDAPS_URLS $LDAPI_URLS" \
$SLAPD_CONFIG_ARG $USER_CMD $GROUP_CMD \
$OPENLDAP_SLAPD_PARAMS $SLAPD_SLP_REG
++++++ sysconfig.openldap ++++++
## Path: Network/LDAP
## Description: Basic Configuration of the OpenLDAP Directory Server
## Type: yesno
## Default: yes
## ServiceRestart: ldap
#
# If set to "no" the LDAP server will not accept any "normal" LDAP connections
# but just connections over "ldaps" or "ldapi". Setting this to "no" does only
# make sense when either OPENLDAP_START_LDAPS or OPENLDAP_START_LDAPI is set
# "yes".
#
OPENLDAP_START_LDAP="yes"
## Type: yesno
## Default: no
## ServiceRestart: ldap
#
# If set to "yes" the "ldap over ssl" feature of slapd will be enabled. Don't
# forget to add the "TLSCertificateFile" and "TLSCertificateKeyFile" options
# to the /etc/openldap/slapd.conf (man slapd.conf).
# Note: Don't confuse this with "START_TLS", the preferred method for
# making encrypted LDAP connections, which is enabled as soon as You
# specify "TLSCertificateFile" and "TLSCertificateKeyFile" in your config
# file
#
OPENLDAP_START_LDAPS="no"
## Type: yesno
## Default: no
## ServiceRestart: ldap
#
# If set to "yes", "ldap over IPC" feature of slapd will be enabled.
# The ldap server creates a Unix domain socket as /var/run/slapd/ldapi.
# Default: no
#
OPENLDAP_START_LDAPI="yes"
## Type: string
## Default: ""
## ServiceRestart: ldap
#
# If not empty, additional parameters for slapd daemon.
# Default: ""
#
OPENLDAP_SLAPD_PARAMS=""
## Type: string
## Default: ldap
## ServiceRestart: ldap
#
# specifies a user, as which the openldap server should be executed
# Default: ldap
#
OPENLDAP_USER="ldap"
## Type: string
## Default: ldap
## ServiceRestart: ldap
#
# specifies a group, as which the openldap server should be executed
# Default: ldap
#
OPENLDAP_GROUP="ldap"
## Type: yesno
## Default: yes
## ServiceRestart: ldap
#
# If set to "yes" the init scripts will change the owner/group of the
# different backend database directories (e.g. /var/lib/ldap) to the
# user/group specified above
#
OPENLDAP_CHOWN_DIRS="yes"
## Type: string
## Default: ""
## ServiceRestart: ldap
#
# Use this to specify the interfaces that the server such accept
# LDAP connections from. The values are specified in the format
# <address>:<port>, where address is an IP address and port is the
# portnumber, the daemon should listen to (defaulting to 389). If this
# parameter is empty the server will attach to all interfaces. This
# parameter is only evaluated if "OPENLDAP_START_LDAP" is set to
# "yes"
# Default: ""
#
OPENLDAP_LDAP_INTERFACES=""
## Type: string
## Default: ""
## ServiceRestart: ldap
#
# Use this to specify the interfaces that the server such accept
# LDAPS connections from. The values are specified in the format
# <address>:<port>, where address is an IP address and port is the
# portnumber, the daemon should listen to (defaulting to 636). If this
# parameter is empty the server will attach to all interfaces. This
# parameter is only evaluated if "OPENLDAP_START_LDAPS" is set to
# "yes"
# Default: ""
#
OPENLDAP_LDAPS_INTERFACES=""
## Type: string
## Default: ""
## ServiceRestart: ldap
#
# Use this to specify the paths of the Unix Domain Sockets that
# the server should create an accept incoming LDAPI connections
# on. This parameter is only evaluated if "OPENLDAP_START_LDAPI"
# is set to "yes".
# Default: ""
#
OPENLDAP_LDAPI_INTERFACES=""
## Type: yesno
## Default: "yes"
## ServiceRestart: ldap
#
# If set to "no" the LDAP server will not try itself at a running SLP
# daemon.
# Default: "yes"
#
OPENLDAP_REGISTER_SLP="no"
## Type: string
## Default: ""
## ServiceRestart: ldap
#
# Set this to the name of the keytab, if you want to use a non-default
# Kerberos Keytab. If OPENLDAP_CHOWN_DIRS is set to "yes" the permissions of
# this file will be changed so that the group OPENLDAP_GROUP has read
# access to the file.
# Example: OPENLDAP_KRB5_KEYTAB="FILE:/etc/openldap/krb5.keytab
# Default: ""
#
OPENLDAP_KRB5_KEYTAB=""
## Type: string
## Default: "files"
## ServiceRestart: ldap
#
# Here you can configure which of the configuration backends you want to
# use. Possible values are "files" for slapd.conf(5) styleconfiguration or
# "ldap" for the slapd-config(5) LDAP based configuration backend.
#
OPENLDAP_CONFIG_BACKEND=""
## Type: yesno
## Default: "yes"
## ServiceRestart: ldap
#
# Here you can configure if the slapd shall start with or without memory limit.
#
OPENLDAP_MEMORY_LIMIT="yes"
++++++ yast.schema ++++++
## Some macros
objectidentifier SUSE 1.3.6.1.4.1.7057
objectidentifier SUSE.YaST SUSE:10.1
objectidentifier SUSE.YaST.ModuleConfig SUSE:10.1.2
objectidentifier SUSE.YaST.ModuleConfig.OC SUSE.YaST.ModuleConfig:1
objectidentifier SUSE.YaST.ModuleConfig.Attr SUSE.YaST.ModuleConfig:2
# Attributes
# deprecated
#
#attributetype ( SUSE.YaST.ModuleConfig.Attr:1 NAME ( 'userConfigDn' )
# DESC 'Where is the configuration for user management stored'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( SUSE.YaST.ModuleConfig.Attr:2 NAME ( 'suseDefaultBase' )
DESC 'Base DN where new Objects should be created by default'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:3 NAME ( 'suseNextUniqueId' )
DESC 'Next unused unique ID, can be used to generate directory wide uniqe IDs'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:4 NAME ( 'suseMinUniqueId' )
DESC 'lower Border for Unique IDs'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:5 NAME ( 'suseMaxUniqueId' )
DESC 'upper Border for Unique IDs'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:6 NAME ( 'suseDefaultTemplate' )
DESC 'The DN of a template that should be used by default'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:7 NAME ( 'suseSearchFilter' )
DESC 'Search filter to localize Objects'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# deprecated
#
#attributetype ( SUSE.YaST.ModuleConfig.Attr:8 NAME ( 'DefaultObjectClass' )
# DESC 'ObjectClass that new Objects should use'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#
#attributetype ( SUSE.YaST.ModuleConfig.Attr:9 NAME ( 'suseRequiredAttribute' )
# DESC ''
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#
#attributetype ( SUSE.YaST.ModuleConfig.Attr:10 NAME ( 'allowedAttribute' )
# DESC ''
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( SUSE.YaST.ModuleConfig.Attr:11 NAME ( 'suseDefaultValue' )
DESC 'an Attribute-Value-Assertions to define defaults for specific Attributes'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( SUSE.YaST.ModuleConfig.Attr:12 NAME ( 'suseNamingAttribute' )
DESC 'AttributeType that should be used as the RDN'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:15 NAME ( 'suseSecondaryGroup' )
DESC 'seconday group DN'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( SUSE.YaST.ModuleConfig.Attr:16 NAME ( 'suseMinPasswordLength' )
DESC 'minimum Password length for new users'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:17 NAME ( 'suseMaxPasswordLength' )
DESC 'maximum Password length for new users'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:18 NAME ( 'susePasswordHash' )
DESC 'Hash method to use for new users'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:19 NAME ( 'suseSkelDir' )
DESC ''
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( SUSE.YaST.ModuleConfig.Attr:20 NAME ( 'susePlugin' )
DESC 'plugin to use upon user/ group creation'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( SUSE.YaST.ModuleConfig.Attr:21 NAME ( 'suseMapAttribute' )
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( SUSE.YaST.ModuleConfig.Attr:22 NAME ( 'suseImapServer' )
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:23 NAME ( 'suseImapAdmin' )
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:24 NAME ( 'suseImapDefaultQuota' )
DESC ''
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( SUSE.YaST.ModuleConfig.Attr:25 NAME ( 'suseImapUseSsl' )
DESC ''
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# ObjectClasses
objectClass ( SUSE.YaST.ModuleConfig.OC:2 NAME 'suseModuleConfiguration'
SUP top STRUCTURAL
DESC 'Contains configuration of Management Modules'
MUST ( cn )
MAY ( suseDefaultBase ))
objectClass ( SUSE.YaST.ModuleConfig.OC:3 NAME 'suseUserConfiguration'
SUP suseModuleConfiguration STRUCTURAL
DESC 'Configuration of user management tools'
MAY ( suseMinPasswordLength $ suseMaxPasswordLength $
susePasswordHash $ suseSkelDir $ suseNextUniqueId $ suseMinUniqueId $
suseMaxUniqueId $ suseDefaultTemplate $ suseSearchFilter $
suseMapAttribute ))
objectClass ( SUSE.YaST.ModuleConfig.OC:4 NAME 'suseObjectTemplate'
SUP top STRUCTURAL
DESC 'Base Class for Object-Templates'
MUST ( cn )
MAY ( susePlugin $ suseDefaultValue $ suseNamingAttribute ))
objectClass ( SUSE.YaST.ModuleConfig.OC:5 NAME 'suseUserTemplate'
SUP suseObjectTemplate STRUCTURAL
DESC 'User object template'
MUST ( cn )
MAY ( suseSecondaryGroup ))
objectClass ( SUSE.YaST.ModuleConfig.OC:6 NAME 'suseGroupTemplate'
SUP suseObjectTemplate STRUCTURAL
DESC 'Group object template'
MUST ( cn ))
objectClass ( SUSE.YaST.ModuleConfig.OC:7 NAME 'suseGroupConfiguration'
SUP suseModuleConfiguration STRUCTURAL
DESC 'Configuration of user management tools'
MAY ( suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $
suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute ))
objectClass ( SUSE.YaST.ModuleConfig.OC:8 NAME 'suseCaConfiguration'
SUP suseModuleConfiguration STRUCTURAL
DESC 'Configuration of CA management tools')
objectClass ( SUSE.YaST.ModuleConfig.OC:9 NAME 'suseDnsConfiguration'
SUP suseModuleConfiguration STRUCTURAL
DESC 'Configuration of mail server management tools')
objectClass ( SUSE.YaST.ModuleConfig.OC:10 NAME 'suseDhcpConfiguration'
SUP suseModuleConfiguration STRUCTURAL
DESC 'Configuration of DHCP server management tools')
objectClass ( SUSE.YaST.ModuleConfig.OC:11 NAME 'suseMailConfiguration'
SUP suseModuleConfiguration STRUCTURAL
DESC 'Configuration of IMAP user management tools'
MUST ( suseImapServer $ suseImapAdmin $ suseImapDefaultQuota $
suseImapUseSsl ))