diff --git a/README.md b/README.md index 2d0ace3..08534b3 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,4 @@ # openldap +OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol. + diff --git a/openldap-2.2.15-conf b/openldap-2.2.15-conf new file mode 100644 index 0000000..c9f5b5a --- /dev/null +++ b/openldap-2.2.15-conf @@ -0,0 +1,89 @@ +# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $ +# +# See slapd.conf(5) for details on configuration options. +# This file should NOT be world readable. +# +include %SYSCONFDIR%/schema/core.schema +include %SYSCONFDIR%/schema/cosine.schema +include %SYSCONFDIR%/schema/inetorgperson.schema +include %SYSCONFDIR%/schema/corba.schema +include %SYSCONFDIR%/schema/java.schema +include %SYSCONFDIR%/schema/nis.schema +include %SYSCONFDIR%/schema/openldap.schema + +# Define global ACLs to disable default read access. + +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +#referral ldap://root.openldap.org + +pidfile /run/ldap/slapd.pid +argsfile /run/ldap/slapd.args + +# Load dynamic backend modules: +# modulepath %MODULEDIR% +# moduleload back_bdb.la +# moduleload back_ldap.la +# moduleload back_ldbm.la +# moduleload back_passwd.la +# moduleload back_shell.la + +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 63-bit encryption for simple bind +# security ssf=1 update_ssf=112 simple_bind=64 + +# Sample access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# Directives needed to implement policy: +# access to dn.base="" by * read +# access to dn.base="cn=Subschema" by * read +# access to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy is: +# Allow read by all +# +# rootdn can always write! + +####################################################################### +# ldbm database definitions +####################################################################### + +database bdb +suffix "dc=my-domain,dc=com" +rootdn "cn=Manager,dc=my-domain,dc=com" +# Cleartext passwords, especially for the rootdn, should +# be avoid. See slappasswd(8) and slapd.conf(5) for details. +# Use of strong authentication encouraged. +rootpw secret +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +directory %LOCALSTATEDIR%/lib/ldap/openldap-data +# Indices to maintain +index objectClass eq +# +# Allow users to change own password +# - Manager can change any password +# - Any users who have valid username+password may login +# +access to attr=userPassword + by self write + by dn="cn=Manager,$DND" write + by * auth +access to * + by dn="cn=Manager,$DND" write + by * read +# +# Hash password by default +# +password-hash {SSHA} diff --git a/openldap-2.4.24-default_config.patch b/openldap-2.4.24-default_config.patch new file mode 100644 index 0000000..14d9d04 --- /dev/null +++ b/openldap-2.4.24-default_config.patch @@ -0,0 +1,22 @@ +diff -Nru openldap-2.4.24.orig//servers/slapd/slapd.conf openldap-2.4.24/servers/slapd/slapd.conf +--- openldap-2.4.24.orig//servers/slapd/slapd.conf 2007-02-13 21:22:22.000000000 +0100 ++++ openldap-2.4.24/servers/slapd/slapd.conf 2011-03-09 20:38:55.822787816 +0100 +@@ -10,8 +10,8 @@ + # service AND an understanding of referrals. + #referral ldap://root.openldap.org + +-pidfile %LOCALSTATEDIR%/run/slapd.pid +-argsfile %LOCALSTATEDIR%/run/slapd.args ++pidfile %LOCALSTATEDIR%/run/openldap/slapd.pid ++argsfile %LOCALSTATEDIR%/run/openldap/slapd.args + + # Load dynamic backend modules: + # modulepath %MODULEDIR% +@@ -60,6 +60,6 @@ + # The database directory MUST exist prior to running slapd AND + # should only be accessible by the slapd and slap tools. + # Mode 700 recommended. +-directory %LOCALSTATEDIR%/openldap-data ++directory %LOCALSTATEDIR%/lib/openldap-data + # Indices to maintain + index objectClass eq diff --git a/openldap-2.4.6-evolution-ntlm.patch b/openldap-2.4.6-evolution-ntlm.patch new file mode 100644 index 0000000..33ff29e --- /dev/null +++ b/openldap-2.4.6-evolution-ntlm.patch @@ -0,0 +1,192 @@ +diff -up evo-openldap-2.4.14/include/ldap.h.evolution-ntlm evo-openldap-2.4.14/include/ldap.h +--- evo-openldap-2.4.14/include/ldap.h.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100 ++++ evo-openldap-2.4.14/include/ldap.h 2009-02-17 10:10:00.000000000 +0100 +@@ -2461,5 +2461,26 @@ ldap_parse_deref_control LDAP_P(( + LDAPControl **ctrls, + LDAPDerefRes **drp )); + ++/* ++ * hacks for NTLM ++ */ ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) ++LDAP_F( int ) ++ldap_ntlm_bind LDAP_P(( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp )); ++LDAP_F( int ) ++ldap_parse_ntlm_bind_result LDAP_P(( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge)); ++ ++ + LDAP_END_DECL + #endif /* _LDAP_H */ +diff -up evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm evo-openldap-2.4.14/libraries/libldap/Makefile.in +--- evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100 ++++ evo-openldap-2.4.14/libraries/libldap/Makefile.in 2009-02-17 10:10:00.000000000 +0100 +@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur + SRCS = bind.c open.c result.c error.c compare.c search.c \ + controls.c messages.c references.c extended.c cyrus.c \ + modify.c add.c modrdn.c delete.c abandon.c \ +- sasl.c gssapi.c sbind.c unbind.c cancel.c \ ++ sasl.c ntlm.c gssapi.c sbind.c unbind.c cancel.c \ + filter.c free.c sort.c passwd.c whoami.c \ + getdn.c getentry.c getattr.c getvalues.c addentry.c \ + request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \ +@@ -33,7 +33,7 @@ SRCS = bind.c open.c result.c error.c co + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ + controls.lo messages.lo references.lo extended.lo cyrus.lo \ + modify.lo add.lo modrdn.lo delete.lo abandon.lo \ +- sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \ ++ sasl.lo ntlm.lo gssapi.lo sbind.lo unbind.lo cancel.lo \ + filter.lo free.lo sort.lo passwd.lo whoami.lo \ + getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ + request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \ +diff -up /dev/null evo-openldap-2.4.14/libraries/libldap/ntlm.c +--- /dev/null 2009-02-17 09:19:52.829004420 +0100 ++++ evo-openldap-2.4.14/libraries/libldap/ntlm.c 2009-02-17 10:10:00.000000000 +0100 +@@ -0,0 +1,137 @@ ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ ++/* ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file ++ */ ++ ++/* Mostly copied from sasl.c */ ++ ++#include "portable.h" ++ ++#include ++#include ++ ++#include ++#include ++#include ++#include ++ ++#include "ldap-int.h" ++ ++int ++ldap_ntlm_bind( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp ) ++{ ++ BerElement *ber; ++ int rc; ++ ber_int_t id; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( msgidp != NULL ); ++ ++ if( msgidp == NULL ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ /* create a message to send */ ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ assert( LBER_VALID( ber ) ); ++ ++ LDAP_NEXT_MSGID( ld, id ); ++ rc = ber_printf( ber, "{it{istON}" /*}*/, ++ id, LDAP_REQ_BIND, ++ ld->ld_version, dn, tag, ++ cred ); ++ ++ /* Put Server Controls */ ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ++ ld->ld_errno = LDAP_ENCODING_ERROR; ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ /* send the message */ ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); ++ ++ if(*msgidp < 0) ++ return ld->ld_errno; ++ ++ return LDAP_SUCCESS; ++} ++ ++int ++ldap_parse_ntlm_bind_result( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge) ++{ ++ ber_int_t errcode; ++ ber_tag_t tag; ++ BerElement *ber; ++ ber_len_t len; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( res != NULL ); ++ ++ if ( ld == NULL || res == NULL ) { ++ return LDAP_PARAM_ERROR; ++ } ++ ++ if( res->lm_msgtype != LDAP_RES_BIND ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ if ( ld->ld_error ) { ++ LDAP_FREE( ld->ld_error ); ++ ld->ld_error = NULL; ++ } ++ if ( ld->ld_matched ) { ++ LDAP_FREE( ld->ld_matched ); ++ ld->ld_matched = NULL; ++ } ++ ++ /* parse results */ ++ ++ ber = ber_dup( res->lm_ber ); ++ ++ if( ber == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ tag = ber_scanf( ber, "{ioa" /*}*/, ++ &errcode, challenge, &ld->ld_error ); ++ ber_free( ber, 0 ); ++ ++ if( tag == LBER_ERROR ) { ++ ld->ld_errno = LDAP_DECODING_ERROR; ++ return ld->ld_errno; ++ } ++ ++ ld->ld_errno = errcode; ++ ++ return( ld->ld_errno ); ++} diff --git a/openldap-initscript b/openldap-initscript new file mode 100644 index 0000000..5d999d3 --- /dev/null +++ b/openldap-initscript @@ -0,0 +1,83 @@ +#!/bin/bash +# +# ldap This shell script takes care of starting and stopping ldap server (slapd). +# +# chkconfig: 2345 35 65 +# description: LDAP stands for Lightweight Directory Access Protocol, used \ +# for implementing the industry standard directory services. +# processname: slapd +# config: /etc/openldap/slapd.conf +# pidfile: /var/run/slapd.pid + +# source function library +. /etc/init.d/functions + +[ -x /usr/bin/db_recover-51 ] && DB_RECOVER=db_recover-51 || DB_RECOVER=db_recover + +# source an auxiliary options file if we have one, and pick up OPTIONS, +# SLAPD_OPTIONS, and SLURPD_OPTIONS +[ -r /etc/sysconfig/ldap ] && . /etc/sysconfig/ldap + +slapd=/usr/sbin/slapd +[ -x ${slapd} ] || exit 0 + +RETVAL=0 + +function start() { + # fix bdb errors + [ -e "/var/lib/ldap/openldap-data/__db.001" ] && \ + $DB_RECOVER -h /var/lib/ldap/openldap-data + # start daemons + prog=`basename ${slapd}` + echo -n $"Starting $prog: " + if grep -q ^TLS /etc/openldap/slapd.conf; then + ${slapd} -u ldap -h "ldaps:/// ldap:///" $OPTIONS $SLAPD_OPTIONS + else + ${slapd} -u ldap $OPTIONS $SLAPD_OPTIONS + fi + evaluate_retval + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap + return $RETVAL +} + +function stop() { + # stop daemons + prog=`basename ${slapd}` + echo -n $"Stopping $prog: " + killproc ${slapd} + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && + rm -f /var/lock/subsys/ldap /var/run/ldap/slapd.args + return $RETVAL +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status ${slapd} + ;; + restart) + stop + start + ;; + condrestart) + if [ -f /var/lock/subsys/ldap ]; then + stop + start + fi + ;; + *) + echo $"Usage: $0 {start|stop|restart|status|condrestart}" + RETVAL=1 +esac + +exit $RETVAL + diff --git a/openldap-logrotate b/openldap-logrotate new file mode 100644 index 0000000..bccb0c9 --- /dev/null +++ b/openldap-logrotate @@ -0,0 +1,8 @@ +/var/log/ldap.log { + weekly + rotate 5 + copytruncate + compress + notifempty + missingok +} diff --git a/openldap.service b/openldap.service new file mode 100644 index 0000000..ebc49af --- /dev/null +++ b/openldap.service @@ -0,0 +1,14 @@ +[Unit] +Description=OpenLDAP Server Daemon +After=syslog.target network.target + +[Service] +Type=forking +PIDFile=/run/openldap/slapd.pid +Environment="SLAPD_URLS=ldap:/// ldapi:///" "SLAPD_OPTIONS=" +EnvironmentFile=/etc/sysconfig/ldap +#ExecStartPre=/usr/libexec/slapd/check-config.sh +ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/openldap.spec b/openldap.spec new file mode 100644 index 0000000..e04a6f7 --- /dev/null +++ b/openldap.spec @@ -0,0 +1,494 @@ +Name: openldap +Version: 2.4.39 +Release: 1mamba +Group: System/Servers +Summary: An open source implementation of the Lightweight Directory Access Protocol +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://www.openldap.org +Source0: ftp://ftp.openldap.org/pub/OpenLDAP/%{name}-release/%{name}-%{version}.tgz +Source1: %{name}-initscript +Source2: %{name}-logrotate +Source3: %{name}-2.2.15-conf +Source4: openldap.service +Source5: openldap.tmpfiles +# patch from Novell developers (evolution-exchange-2.4.0/docs/openldap-ntlm.diff) +Patch0: %{name}-2.4.6-evolution-ntlm.patch +Patch2: %{name}-2.4.24-default_config.patch +License: OpenLDAP Public License +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libdb51-devel +BuildRequires: libicu-devel +BuildRequires: libopenssl-devel +BuildRequires: libsasl-devel +## AUTOBUILDREQ-END +BuildRequires: libsasl-devel >= 2.1.25 +BuildRequires: libltdl-devel +BuildRequires: libreadline-devel >= 4.3 +BuildRequires: systemd-devel +Requires: libopenldap = %{version}-%{release} +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol. + +%package -n lib%{name} +Summary: OpenLDAP libraries +Group: System/Libraries +# requires latest SASL libraries +Requires: libsasl >= 2.1.25 +Provides: liblber.so.2 +Provides: libldap.so.2 +Provides: libldap_r.so.2 + +%description -n lib%{name} +OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol. +This package contains the OpenLDAP libraries. + +%package -n lib%{name}-devel +Summary: OpenLDAP development files +Group: Development/Libraries +Requires: libopenldap = %{version}-%{release} + +%description -n lib%{name}-devel +OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol. +This package contains static libraries and header files need for development. + +%package clients +Summary: OpenLDAP clients +Group: System/Libraries +Requires: libopenldap = %{version}-%{release} + +%description clients +OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol. +This package contains the OpenLDAP clients and related files. + +%package server +Summary: OpenLDAP server +Group: System/Libraries +Requires: libopenldap = %{version}-%{release} +Provides: openldap-servers +Obsoletes: openldap-servers + +%description server +OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol. +This package contains the OpenLDAP server and related files. + +%prep +%setup -q +#cp %{SOURCE3} servers/slapd/slapd.conf +%patch0 -p1 -b .ntlm +%patch2 -p1 + +%build +%configure \ + --libexecdir=%{_sbindir} \ + --localstatedir=%{_localstatedir} \ + --with-cyrus-sasl \ + --enable-slapd \ + --enable-crypt \ + --enable-lmpasswd \ + --enable-spasswd \ + --enable-passwd \ + --enable-modules \ + --enable-rewrite \ + --enable-dynamic + +# --enable-rlookups \ + +%make CC=%{_host}-gcc + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +%makeinstall + +install -d %{buildroot}/var/lib/%{name}-data +install -d %{buildroot}/var/run/openldap/ + +install -D -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/%{name} +install -D -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +install -D -m 644 %{SOURCE4} %{buildroot}/lib/systemd/system/openldap.service +install -D -m 644 %{SOURCE5} %{buildroot}%_tmpfilesdir/openldap.conf + +rm -f %{buildroot}%{_sysconfdir}/%{name}/*.default +rm -f %{buildroot}%{_sysconfdir}/%{name}/schema/*.default + +# allow client requests without client certificate +echo "TLS_REQCERT allow" >> \ + %{buildroot}%{_sysconfdir}/openldap/ldap.conf + +#ln -s liblber.so %{buildroot}%{_libdir}/liblber.so.2 +#ln -s libldap.so %{buildroot}%{_libdir}/libldap.so.2 +#ln -s libldap_r.so %{buildroot}%{_libdir}/libldap_r.so.2 +#chmod 755 %{buildroot}%{_libdir}/*.so.* + +cat > %{buildroot}/var/lib/openldap-data/DB_CONFIG << _EOF +set_cachesize 0 150000000 1 +set_lg_regionmax 262144 +set_lg_bsize 2097152 +#set_lg_dir /var/log/bdb +set_flags DB_LOG_AUTOREMOVE +_EOF + +rm -f %{buildroot}/var/openldap-data/DB_CONFIG.example + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%post -n lib%{name} -p /sbin/ldconfig +%postun -n lib%{name} -p /sbin/ldconfig + +%pre -n %{name}-server +if [ $1 -eq 2 ]; then +# upgrade + # make a backup of the existing tree + ldapadd -VV 2>&1 | grep "ldapmodify 2.1" >/dev/null + if [ $? -eq 0 ]; then + echo "Backing up current ldap tree" + [ -e /run/openldap/slapd.pid ] && service openldap stop + slapcat > /var/lib/ldap/openldap-data/ldap-backup.rpm_update + fi +fi +if [ $1 -eq 1 ]; then +# new install + groupadd ldap 2>/dev/null || true + useradd -g ldap -c "LDAP user" -d /var/lib/ldap \ + -s /bin/false ldap 2>/dev/null || true +fi +exit 0 + +%post -n %{name}-server +# new install +if [ $1 -eq 1 ]; then + if [ -e /etc/sysconfig/hostname ]; then + HOSTNAME=`cat /etc/sysconfig/hostname` + else + . %{_sysconfdir}/sysconfig/network + fi + ldap_hostname=${HOSTNAME/.*} + ldap_domain=${HOSTNAME/*.} + if [ "$ldap_hostname" ]; then + [ "$ldap_domain" ] || ldap_domain=local + suffix="dc=${ldap_hostname},dc=${ldap_domain}" + rootdn="cn=Manager,${suffix}" + sed -i "s|cn=Manager,dc=my-domain,dc=com|${rootdn}| + s|dc=my-domain,dc=com|${suffix}|" \ + %{_sysconfdir}/openldap/slapd.conf + fi + chkconfig --add openldap + systemctl enable openldap.service -q +fi +if [ $1 -gt 1 ]; then +# update + sed -i "s|/var/run/openldap|/run/openldap|" %{_sysconfdir}/openldap/slapd.conf + if [ -f /var/lib/ldap/openldap-data/ldap-backup.rpm_update ]; then + # update from previous LDAP version (rebuild database) + echo "Backing up current ldap bdb files into /var/lib/ldap/openldap-data/backup-2.1" + mkdir -p /var/lib/ldap/openldap-data/backup-2.1 + mv /var/lib/ldap/openldap-data/*.bdb /var/lib/ldap/openldap-data/backup-2.1 + mv /var/lib/ldap/openldap-data/log* /var/lib/ldap/openldap-data/backup-2.1 + mv /var/lib/ldap/openldap-data/__db.* /var/lib/ldap/openldap-data/backup-2.1 + echo "Restoring ldap information into new ldap server" + slapadd < /var/lib/ldap/openldap-data/ldap-backup.rpm_update + chown ldap.ldap /var/lib/ldap/openldap-data/* + mv /var/lib/ldap/openldap-data/ldap-backup.rpm_update /var/lib/ldap/openldap-data/backup-2.1 + fi +fi +if [ $1 -ge 1 ]; then + systemctl daemon-reload -q +fi +exit 0 + +%preun -n %{name}-server +#erase +if [ $1 -eq 0 ]; then + service openldap stop + chkconfig --del openldap + systemctl disable openldap.service -q + systemctl daemon-reload -q +fi +exit 0 + +fi +exit 0 + +%postun -n %{name}-server +#update +if [ $1 -eq 1 ]; then + service openldap condrestart +fi +exit 0 + +%files -n lib%{name} +%defattr(-,root,root) +%config(noreplace) %{_sysconfdir}/openldap/ldap.conf +%{_bindir}/ldapurl +%{_libdir}/*.so.* +%doc COPYRIGHT LICENSE + +%files -n lib%{name}-devel +%defattr(-,root,root) +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/*.a +%{_libdir}/*.la +%doc doc/devel/* doc/drafts/draft*.txt doc/rfc/rfc*.txt +%doc ANNOUNCEMENT CHANGES README + +%files clients +%defattr(-,root,root) +%{_bindir}/ldapexop +%{_bindir}/ldapadd +%{_bindir}/ldapdelete +%{_bindir}/ldapmodify +%{_bindir}/ldapmodrdn +%{_bindir}/ldappasswd +%{_bindir}/ldapsearch +#%{_bindir}/saucer +#%{_bindir}/ud +%{_mandir}/man1/* +%{_mandir}/man5/* + +%files server +%defattr(-,root,root) +%dir %{_sysconfdir}/openldap +%{_sysconfdir}/openldap/DB_CONFIG.example +%{_sysconfdir}/openldap/slapd.ldif +%config(noreplace) %attr(640,root,ldap) %{_sysconfdir}/openldap/slapd.conf +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/logrotate.d/openldap +%dir %{_sysconfdir}/openldap/schema +%{_sysconfdir}/openldap/schema/* +%{_initrddir}/openldap +%{_bindir}/ldapcompare +%{_bindir}/ldapwhoami +%{_sbindir}/slapacl +%{_sbindir}/slapadd +%{_sbindir}/slapauth +%{_sbindir}/slapcat +%{_sbindir}/slapd +%{_sbindir}/slapdn +%{_sbindir}/slapindex +%{_sbindir}/slappasswd +%{_sbindir}/slapschema +%{_sbindir}/slaptest +#%{_sbindir}/slurpd +/lib/systemd/system/openldap.service +%_tmpfilesdir/openldap.conf +#%{_datadir}/openldap/ucdata/* +%dir %attr(700,ldap,ldap) /var/lib/openldap-data +#%dir %attr(700,ldap,ldap) /var/run/openldap +%config(noreplace) /var/lib/openldap-data/DB_CONFIG +%{_mandir}/man3/* +%{_mandir}/man8/* + +%changelog +* Tue Jan 28 2014 Automatic Build System 2.4.39-1mamba +- automatic version update by autodist + +* Mon Nov 18 2013 Automatic Build System 2.4.38-1mamba +- automatic version update by autodist + +* Mon Oct 28 2013 Automatic Build System 2.4.37-1mamba +- automatic version update by autodist + +* Mon Aug 19 2013 Automatic Build System 2.4.36-1mamba +- automatic version update by autodist + +* Sat Apr 27 2013 Silvan Calarco 2.4.35-3mamba +- move pid to /run, remove timeout in service file, add tmpfiles.d file for /run/openldap + +* Fri Apr 12 2013 Silvan Calarco 2.4.35-2mamba +- added systemd service file + +* Mon Apr 01 2013 Automatic Build System 2.4.35-1mamba +- automatic version update by autodist + +* Thu Mar 07 2013 Automatic Build System 2.4.34-1mamba +- automatic version update by autodist + +* Wed Oct 10 2012 Automatic Build System 2.4.33-1mamba +- automatic version update by autodist + +* Wed Aug 01 2012 Automatic Build System 2.4.32-1mamba +- automatic version update by autodist + +* Wed May 02 2012 Silvan Calarco 2.4.31-2mamba +- rebuilt with libsasl 2.1.25 + +* Tue Apr 24 2012 Automatic Build System 2.4.31-1mamba +- automatic version update by autodist + +* Mon Mar 12 2012 Automatic Build System 2.4.30-1mamba +- automatic version update by autodist + +* Mon Jul 25 2011 Automatic Build System 2.4.26-1mamba +- automatic version update by autodist + +* Sun Jun 19 2011 Automatic Build System 2.4.25-1mamba +- automatic update by autodist + +* Wed Mar 09 2011 Silvan Calarco 2.4.24-1mamba +- update to 2.4.24 +- remove slurpd support in initscript +- restore upstream slapd.conf + +* Mon Jul 19 2010 Automatic Build System 2.4.23-1mamba +- automatic update to 2.4.23 by autodist + +* Tue Jun 29 2010 Automatic Build System 2.4.22-2mamba +- automatic rebuild by autodist + +* Mon Jun 21 2010 Automatic Build System 2.4.22-1mamba +- automatic update by autodist + +* Tue Feb 09 2010 Automatic Build System 2.4.21-1mamba +- automatic update by autodist + +* Fri Nov 06 2009 Silvan Calarco 2.4.19-2mamba +- rebuilt with evolution patch for ntlm support + +* Fri Oct 23 2009 Automatic Build System 2.4.19-1mamba +- automatic update by autodist + +* Thu Oct 01 2009 Automatic Build System 2.4.18-1mamba +- automatic update by autodist + +* Wed Jul 29 2009 Automatic Build System 2.4.17-1mamba +- automatic update by autodist + +* Sun Apr 12 2009 Silvan Calarco 2.4.16-1mamba +- automatic update to 2.4.16 by autodist + +* Mon Mar 02 2009 Silvan Calarco 2.4.15-1mamba +- automatic update by autodist + +* Tue Dec 30 2008 Silvan Calarco 2.4.13-1mamba +- automatic update by autodist + +* Sun Sep 07 2008 Silvan Calarco 2.4.11-1mamba +- automatic update to 2.4.11 by autodist + +* Tue Jun 17 2008 Silvan Calarco 2.4.10-1mamba +- update to 2.4.10 +- libopenldap: removed strict requirement for libsasl with version + +* Fri Feb 15 2008 Silvan Calarco 2.4.7-2mamba +- remove libopenldap dependency on initscripts + +* Mon Jan 21 2008 Silvan Calarco 2.4.7-1mamba +- update to 2.4.7 +- /etc/ldap.conf moved from server to library package + +* Wed May 24 2006 Davide Madrisan 2.2.30-2qilnx +- fixed a stack-based buffer overflow discovered by Secunia (qibug#175) + +* Wed Dec 21 2005 Silvan Calarco 2.2.30-1qilnx +- update to version 2.2.30 by autospec + +* Mon Nov 07 2005 Stefano Cotta Ramusino 2.2.29-1qilnx +- update to version 2.2.29 by autospec + +* Fri Sep 16 2005 Davide Madrisan 2.2.27-3qilnx +- patch for NTLM support + +* Thu Sep 15 2005 Davide Madrisan 2.2.27-2qilnx +- rebuilt to fix: libldap_r.so: undefined reference to `pthread_kill' + +* Wed Jun 15 2005 Silvan Calarco 2.2.27-1qilnx +- update to version 2.2.27 by autospec + +* Tue Jan 11 2005 Silvan Calarco 2.2.20-1qilnx +- update to version 2.2.20 by autospec + +* Thu Dec 09 2004 Silvan Calarco 2.2.19-3qilnx +- don't start service on install +- use condrestart instead of restart on update + +* Mon Dec 06 2004 Silvan Calarco 2.2.19-2qilnx +- test build for upgrade + +* Mon Dec 06 2004 Silvan Calarco 2.2.19-1qilnx +- new version build + +* Thu Oct 28 2004 Silvan Calarco 2.2.18-2qilnx +- added ldap update scripts for update from version 2.1 to 2.2 (=libdb4 to libdb42) + +* Thu Oct 28 2004 Silvan Calarco 2.2.18-1qilnx +- new version build + +* Fri Jul 09 2004 Silvan Calarco 2.1.30-2qilnx +- require user authentication to read passwords + +* Thu Apr 22 2004 Davide Madrisan 2.1.30-1qilnx +- new version rebuild + +* Mon Apr 05 2004 Davide Madrisan 2.1.29-1qilnx +- new version rebuild + +* Sat Mar 20 2004 Silvan Calarco 2.1.27-1qilnx +- new version build +- logrotate added + +* Wed Feb 11 2004 Silvan Calarco 2.1.26-2qilnx +- added initscript code to execute db_recover before ldap server + +* Tue Feb 03 2004 Silvan Calarco 2.1.26-1qilnx +- new version rebuild +- added initscript code to remove bdb cache files on service startup + +* Wed Jan 21 2004 Silvan Calarco 2.1.25-1qilnx +- new version rebuild + +* Mon Nov 24 2003 Silvan Calarco 2.1.23-3qilnx +- changed default password scheme to SSHA (was cleartext) +- removed initscript reload (not supported by slapd) + +* Fri Nov 21 2003 Davide Madrisan 2.1.23-2qilnx +- added missing 'Requires'; specfile updates; added documentation and + OpenLDAP license files + +* Thu Nov 13 2003 Silvan Calarco 2.1.23-1qilnx +- new version rebuild +- added compilation flags for features including sasl + +* Mon Sep 29 2003 Silvan Calarco 2.1.22-4qilnx +- added configure and make C_INCLUDE_PATH to support db4 includes +- removed ldap log dir waiting for a way that doesn't use syslog but its own directory + +* Mon Sep 15 2003 Silvan Calarco 2.1.22-3qilnx +- added support for crypt password + +* Fri Jul 25 2003 Silvan Calarco 2.1.22-2qilnx +- modified ldap.conf and initscript to correctly support TLS connections + +* Thu Jul 24 2003 Silvan Calarco 2.1.22-1qilnx +- first build for 2.1.22 + +* Fri Jun 27 2003 Silvan Calarco 2.1.17-8qilnx +- deactivated misc.schema from default configuration + +* Wed Jun 25 2003 Silvan Calarco 2.1.17-7qilnx +- added "new-style" %%post and %%pre scripts + +* Wed Jun 11 2003 Silvan Calarco 2.1.17-6qilnx +- fixed initscript chkconfig configuration + +* Tue Jun 06 2003 Silvan Calarco 2.1.17-5qilnx +- added schema includes in slapd.conf +- removed .orig config files + +* Tue May 27 2003 Silvan Calarco 2.1.17-4qilnx +- added ldap user creation + +* Tue May 27 2003 Silvan Calarco 2.1.17-3qilnx +- added configuration file patch to support pid dir and lib dir (logdir + doesn't work yet!) + +* Tue May 06 2003 Silvan Calarco 2.1.17-2qilnx +- added build requirements +- fixed sysconfdir location + +* Tue Apr 22 2003 Luca Tinelli +- first build diff --git a/openldap.tmpfiles b/openldap.tmpfiles new file mode 100644 index 0000000..634cea1 --- /dev/null +++ b/openldap.tmpfiles @@ -0,0 +1,2 @@ +# openldap runtime directory for slapd.arg and slapd.pid +d /run/openldap 0755 ldap ldap -