diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2020-05-15 07:28:15 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2020-05-15 17:59:53 +0200 |
commit | eba2e5b781702a60ac9f9613c9b8456c1594215c (patch) | |
tree | e413ac11d0b244de7238614f3f0fc5e391ca4998 /source/n/openldap | |
parent | 5864796142dd047453e8517d6ff9ce9ad66ebdc4 (diff) | |
download | current-eba2e5b781702a60ac9f9613c9b8456c1594215c.tar.gz current-eba2e5b781702a60ac9f9613c9b8456c1594215c.tar.xz |
Fri May 15 07:28:15 UTC 202020200515072815
Hey folks, just a heads-up that PAM is about to be merged into the main tree.
We can't have it blocking other upgrades any longer. The config files could be
improved (adding support for pam_krb5 and pam_ldap, for example), but they'll
do for now. Have a good weekend, and enjoy these updates! :-)
a/aaa_elflibs-15.0-x86_64-23.txz: Rebuilt.
Upgraded: libcap.so.2.34, libelf-0.179.so, liblzma.so.5.2.5,
libglib-2.0.so.0.6400.2, libgmodule-2.0.so.0.6400.2,
libgobject-2.0.so.0.6400.2, libgthread-2.0.so.0.6400.2,
liblber-2.4.so.2.10.13, libldap-2.4.so.2.10.13, libpcre2-8.so.0.10.0.
Added temporarily in preparation for upgrading icu4c: libicudata.so.65.1,
libicui18n.so.65.1, libicuio.so.65.1, libicutest.so.65.1, libicutu.so.65.1,
libicuuc.so.65.1.
a/etc-15.0-x86_64-11.txz: Rebuilt.
/etc/passwd: Added ldap (UID 330).
/etc/group: Added ldap (GID 330).
a/kernel-generic-5.4.41-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.41-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.41-x86_64-1.txz: Upgraded.
a/pkgtools-15.0-noarch-33.txz: Rebuilt.
setup.services: added support for rc.openldap and rc.openvpn.
ap/hplip-3.20.5-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.41-x86-1.txz: Upgraded.
d/python-setuptools-46.3.0-x86_64-1.txz: Upgraded.
d/python3-3.8.3-x86_64-1.txz: Upgraded.
k/kernel-source-5.4.41-noarch-1.txz: Upgraded.
n/openldap-2.4.50-x86_64-1.txz: Added.
This is a complete OpenLDAP package with both client and server support.
Thanks to Giuseppe Di Terlizzi for help with the server parts.
n/openldap-client-2.4.50-x86_64-1.txz: Removed.
x/mesa-20.0.7-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/PAM/hplip-3.20.5-x86_64-1_pam.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/n/openldap')
-rw-r--r-- | source/n/openldap/doinst.sh | 39 | ||||
-rwxr-xr-x | source/n/openldap/openldap.SlackBuild | 270 | ||||
-rw-r--r-- | source/n/openldap/openldap.url | 1 | ||||
-rw-r--r-- | source/n/openldap/rc.openldap | 69 | ||||
-rw-r--r-- | source/n/openldap/slack-desc | 19 | ||||
-rw-r--r-- | source/n/openldap/slapd | 16 |
6 files changed, 414 insertions, 0 deletions
diff --git a/source/n/openldap/doinst.sh b/source/n/openldap/doinst.sh new file mode 100644 index 000000000..f0ee4e6aa --- /dev/null +++ b/source/n/openldap/doinst.sh @@ -0,0 +1,39 @@ +#!/bin/sh +config() { + NEW="$1" + OLD="`dirname $NEW`/`basename $NEW .new`" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +if ! grep -q "^ldap:" etc/passwd ; then + echo "ldap:x:330:330:OpenLDAP server:/var/lib/openldap:/bin/false" >> etc/passwd +fi +if ! grep -q "^ldap:" etc/group ; then + echo "ldap:x:330:" >> etc/group +fi +if ! grep -q "^ldap:" etc/shadow ; then + echo "ldap:*:9797:0:::::" >> etc/shadow +fi + +preserve_perms etc/rc.d/rc.openldap.new +config etc/default/slapd.new +config etc/openldap/ldap.conf.new +config etc/openldap/slapd.conf.new +config etc/openldap/slapd.ldif.new diff --git a/source/n/openldap/openldap.SlackBuild b/source/n/openldap/openldap.SlackBuild new file mode 100755 index 000000000..3b6171c6f --- /dev/null +++ b/source/n/openldap/openldap.SlackBuild @@ -0,0 +1,270 @@ +#!/bin/bash + +# Copyright 2008, 2009, 2010, 2018, 2019, 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2015-2017 Giuseppe Di Terlizzi <giuseppe.diterlizzi@gmail.com> +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=openldap +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$(uname -m)" in + i?86) ARCH=i586 ;; + arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) ARCH=$(uname -m) ;; + esac + export ARCH +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "armv7hl" ]; then + SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" + LIBDIRSUFFIX="" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# Ensure user:group exists before building: +if ! grep -q "^ldap:" /etc/passwd ; then + echo "ldap:x:330:330:OpenLDAP server:/var/lib/openldap:/bin/false" >> /etc/passwd +fi +if ! grep -q "^ldap:" /etc/group ; then + echo "ldap:x:330:" >> /etc/group +fi +if ! grep -q "^ldap:" /etc/shadow ; then + echo "ldap:*:9797:0:::::" >> /etc/shadow +fi + +# Change the location of run directory into /var/run/openldap: +sed -i -e 's|%LOCALSTATEDIR%/run/|/var/run/openldap/|' \ + servers/slapd/slapd.* + +# Change the location of ldapi socket into /var/run/openldap: +sed -i -e 's|\(#define LDAPI_SOCK\).*|\1 "/var/run/openldap/ldapi"|' \ + include/ldap_defaults.h + +# Change the default OpenLDAP database directory: +sed -i -e 's|openldap-data|lib/openldap|' \ + servers/slapd/slapd.* include/ldap_defaults.h servers/slapd/Makefile.in + +# Fix man pages: +sed -i "s/openldap\\\-data/lib\/openldap/g" doc/man/man5/slapd-config.5 doc/man/man5/slapd-bdb.5 doc/man/man5/slapd-mdb.5 doc/man/man5/slapd.conf.5 + +# Configure, build, and install: +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --exec-prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/man \ + --localstatedir=/var \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + \ + --enable-debug \ + --enable-dynamic \ + --enable-syslog \ + --enable-proctitle \ + --enable-ipv6 \ + --enable-local \ + \ + --enable-slapd \ + --enable-dynacl \ + --enable-aci \ + --enable-cleartext \ + --enable-crypt \ + --enable-lmpasswd \ + --enable-spasswd \ + --enable-modules \ + --enable-rewrite \ + --enable-rlookups \ + --enable-slapi \ + --disable-slp \ + --enable-wrappers \ + \ + --enable-backends=mod \ + --enable-bdb=yes \ + --enable-hdb=yes \ + --enable-mdb=yes \ + --enable-monitor=yes \ + --enable-perl=yes \ + --disable-ndb \ + \ + --enable-overlays=mod \ + \ + --disable-static \ + --enable-shared \ + \ + --with-cyrus-sasl \ + --without-fetch \ + --with-threads \ + --with-pic \ + --with-tls \ + \ + --build=$ARCH-slackware-linux || exit 1 +make depend +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +# Don't package this directory: +rmdir $PKG/var/run + +# Fix permissions on shared libraries: +chmod 755 $PKG/usr/lib${LIBDIRSUFFIX}/*.so.* + +# Restrict access to database: +chmod 700 $PKG/var/lib/openldap + +# Fix ownership: +chown -R ldap:ldap $PKG/var/lib/openldap +chown -R ldap:ldap $PKG/etc/openldap + +# Get rid of .default config files: +rm -f $PKG/etc/openldap/*.default + +# Move ldap.conf to ldap.conf.new and add an additional option: +mv $PKG/etc/openldap/ldap.conf $PKG/etc/openldap/ldap.conf.new +cat << EOF >> $PKG/etc/openldap/ldap.conf.new + +# In order to avoid problems with self-signed certificates using TLS: +# "TLS certificate verification: Error, self signed certificate" +# See also 'man ldap.conf' or http://www.openldap.org/doc/admin/tls.html +TLS_REQCERT allow + +EOF +# Move other config files to .new: +mv $PKG/etc/openldap/slapd.conf $PKG/etc/openldap/slapd.conf.new +mv $PKG/etc/openldap/slapd.ldif $PKG/etc/openldap/slapd.ldif.new + +# Create a symlink for slapd in /usr/sbin: +if [ ! -x $PKG/usr/sbin/slapd ]; then + ( cd $PKG/usr/sbin ; ln -sf ../libexec/slapd slapd ) +fi + +# Create OpenLDAP certificates directory: +mkdir -p $PKG/etc/openldap/certs + +# Copy rc.openldap: +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.openldap > $PKG/etc/rc.d/rc.openldap.new + +# Copy slapd default file: +mkdir -p $PKG/etc/default +cat $CWD/slapd > $PKG/etc/default/slapd.new + +# Strip binaries: +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +# Compress manual pages: +find $PKG/usr/man -type f -exec gzip -9 {} \+ +for i in $( find $PKG/usr/man -type l ) ; do + ln -s $( readlink $i ).gz $i.gz + rm $i +done + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a \ + ANNOUNCEMENT* CHANGES COPYRIGHT* INSTALL* LICENSE* README* \ + $PKG/usr/doc/${PKGNAM}-$VERSION + +# If there's a CHANGES file, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r CHANGES ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat CHANGES | head -n 1000 > $DOCSDIR/CHANGES + touch -r CHANGES $DOCSDIR/CHANGES +fi + +# Include monitor backend README +cp -a \ + servers/slapd/back-monitor/README \ + $PKG/usr/doc/$PKGNAM-$VERSION/README.back-monitor + +# Include Perl backend README +cp -a \ + servers/slapd/back-perl/README \ + $PKG/usr/doc/$PKGNAM-$VERSION/README.back-perl + +# Include Perl backend sample file +cp -a \ + servers/slapd/back-perl/SampleLDAP.pm \ + $PKG/usr/doc/$PKGNAM-$VERSION + +# Include OpenLDAP documentation +cp -a \ + doc/guide/admin/*.png \ + doc/guide/admin/*.html \ + $PKG/usr/doc/$PKGNAM-$VERSION + +mkdir -p $PKG/install +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz diff --git a/source/n/openldap/openldap.url b/source/n/openldap/openldap.url new file mode 100644 index 000000000..5ffa99122 --- /dev/null +++ b/source/n/openldap/openldap.url @@ -0,0 +1 @@ +ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release diff --git a/source/n/openldap/rc.openldap b/source/n/openldap/rc.openldap new file mode 100644 index 000000000..d659d27a7 --- /dev/null +++ b/source/n/openldap/rc.openldap @@ -0,0 +1,69 @@ +#!/bin/sh +# Start/stop/restart the OpenLDAP server (slapd). + +# Source default settings: +if [ -r /etc/default/slapd ]; then + . /etc/default/slapd +fi + +# If needed, create run directory: +if [ ! -d /var/run/openldap ]; then + mkdir -p /var/run/openldap + chown ldap:ldap /var/run/openldap +fi + +slapd_start() { + if [ -e /var/run/openldap/slapd.pid ]; then + echo "ERROR: Not starting OpenLDAP server because /var/run/openldap/slapd.pid exists." + elif [ -x /usr/sbin/slapd ]; then + echo "Starting OpenLDAP server: /usr/sbin/slapd -u ldap -h "$SLAPD_URLS" $SLAPD_OPTIONS" + /usr/sbin/slapd -u ldap -h "$SLAPD_URLS" $SLAPD_OPTIONS 1> /dev/null 2> /dev/null + fi +} + +slapd_stop() { + if [ -e /var/run/openldap/slapd.pid ]; then + echo "Stopping OpenLDAP server." + kill -INT $(cat /var/run/openldap/slapd.pid) + else + echo "ERROR: Not stopping OpenLDAP server because /var/run/openldap/slapd.pid does not exist." + fi + rm -f /var/run/openldap/slapd.pid +} + +slapd_restart() { + slapd_stop + sleep 1 + slapd_start +} + +slapd_status() { + if [ -e /var/run/openldap/slapd.pid ]; then + if ps axc | grep slapd >/dev/null 2>&1; then + echo "OpenLDAP is running." + return 0 + fi + echo "OpenLDAP PID file exists but the service is down." + return 1 + else + echo "OpenLDAP is stopped." + return 0 + fi +} + +case "$1" in + 'start') + slapd_start + ;; + 'stop') + slapd_stop + ;; + 'restart') + slapd_restart + ;; + 'status') + slapd_status + ;; + *) + echo "usage $0 start|stop|restart" +esac diff --git a/source/n/openldap/slack-desc b/source/n/openldap/slack-desc new file mode 100644 index 000000000..65552e5de --- /dev/null +++ b/source/n/openldap/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, +# and the '|'on the right side marks the last column you can put a +# character in. You must make exactly 11 lines for the formatting to be +# correct. It's also customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +openldap: openldap (Lightweight Directory Access Protocol) +openldap: +openldap: OpenLDAP is an open source implementation of the Lightweight Directory +openldap: Access Protocol. LDAP is a alternative to the X.500 Directory Access +openldap: Protocol (DAP). It uses the TCP/IP stack versus the overly complex OSI +openldap: stack. +openldap: +openldap: LDAP is often used to provide authentication (such as for email). +openldap: +openldap: Homepage: https://www.openldap.org/ +openldap: diff --git a/source/n/openldap/slapd b/source/n/openldap/slapd new file mode 100644 index 000000000..afbbfb55f --- /dev/null +++ b/source/n/openldap/slapd @@ -0,0 +1,16 @@ +# OpenLDAP server configuration +# see 'man slapd' for additional information + +# Where the server will run (-h option) +# - ldapi:/// is required for on-the-fly configuration using client tools +# (use SASL with EXTERNAL mechanism for authentication) +# - default: ldapi:/// ldap:/// +# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:/// +SLAPD_URLS="ldapi:/// ldap:///" + +# Any custom options +#SLAPD_OPTIONS="" + +# Keytab location for GSSAPI Kerberos authentication +#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab" + |